============================================================================ Ubuntu Security Notice USN-1774-1 March 21, 2013 linux-ti-omap4 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 Summary: Several security issues were fixed in the kernel. Software Description: - linux-ti-omap4: Linux kernel for OMAP4 Details: Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. (CVE-2013-0190) A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. (CVE-2013-0216) A memory leak was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS could trigger this flaw to cause a denial of service on the system. (CVE-2013-0217) A flaw was discovered in the Linux kernel Xen PCI backend driver. If a PCI device is assigned to the guest OS, the guest OS could exploit this flaw to cause a denial of service on the host. (CVE-2013-0231) Tommi Rantala discovered a flaw in the a flaw the Linux kernels handling of datagrams packets when the MSG_PEEK flag is specified. An unprivileged local user could exploit this flaw to cause a denial of service (system hang). (CVE-2013-0290) A flaw was discovered in the Linux kernel's vhost driver used to accelerate guest networking in KVM based virtual machines. A privileged guest user could exploit this flaw to crash the host system. (CVE-2013-0311) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: linux-image-3.5.0-221-omap4 3.5.0-221.31 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1774-1 CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0231, CVE-2013-0290, CVE-2013-0311 Package Information: https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.5.0-221.31