Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1931-1)

Ubuntu Security Notice (C) 2013-2014 Canonical, Inc. / NASL script (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Chanam Park reported a NULL pointer flaw in the Linux kernel's Ceph
client. A remote attacker could exploit this flaw to cause a denial of
service (system crash). (CVE-2013-1059)

An information leak was discovered in the Linux kernel's fanotify
interface. A local user could exploit this flaw to obtain sensitive
information from kernel memory. (CVE-2013-2148)

Jonathan Salwan discovered an information leak in the Linux kernel's
cdrom driver. A local user can exploit this leak to obtain sensitive
information from kernel memory if the CD-ROM drive is malfunctioning.

Kees Cook discovered a format string vulnerability in the Linux
kernel's disk block layer. A local user with administrator privileges
could exploit this flaw to gain kernel privileges. (CVE-2013-2851).

Solution :

Update the affected linux-image-3.5.0-39-generic package.

Risk factor :

High / CVSS Base Score : 7.8

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 69416 ()

Bugtraq ID:

CVE ID: CVE-2013-1059