New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
Synopsis
The remote Ubuntu host is missing one or more security-related patches.
Description
Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. (CVE-2011-1927)
Vegard Nossum discovered a leak in the kernel's inotify_init() system call. A local, unprivileged user could exploit this to cause a denial of service. (CVE-2010-4250)
An error was discovered in the kernel's handling of CUSE (Character device in Userspace). A local attacker might exploit this flaw to escalate privilege, if access to /dev/cuse has been modified to allow non-root users. (CVE-2010-4650)
A flaw was found in the kernel's Integrity Measurement Architecture (IMA). Changes made by an attacker might not be discovered by IMA, if SELinux was disabled, and a new IMA rule was loaded. (CVE-2011-0006)
A flaw was found in the Linux Ethernet bridge's handling of IGMP (Internet Group Management Protocol) packets. An unprivileged local user could exploit this flaw to crash the system. (CVE-2011-0716)
Dan Rosenberg reported errors in the OSS (Open Sound System) MIDI interface. A local attacker on non-x86 systems might be able to cause a denial of service. (CVE-2011-1476)
Dan Rosenberg reported errors in the kernel's OSS (Open Sound System) driver for Yamaha FM synthesizer chips. A local user can exploit this to cause memory corruption, causing a denial of service or privilege escalation. (CVE-2011-1477)
Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. (CVE-2011-1759)
Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182)
A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system.
(CVE-2011-3619)
It was discovered that some import kernel threads can be blocked by a user level process. An unprivileged local user could exploit this flaw to cause a denial of service. (CVE-2011-4621)
A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038)
Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. (CVE-2012-0044)
Solution
Update the affected package(s).