=========================================================== Ubuntu Security Notice USN-1086-1 March 08, 2011 linux-ec2 vulnerabilities CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4163, CVE-2010-4175 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.32-314-ec2 2.6.32-314.27 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. Details follow: Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4076, CVE-2010-4077) Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4158) Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2010-4163) Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4175) Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32-314.27.diff.gz Size/MD5: 9075603 3b5ed62eef9ba6d5e63ca59a308035c8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32-314.27.dsc Size/MD5: 2104 71e44d7e3a2422e18abc0039f50f5002 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32.orig.tar.gz Size/MD5: 81900940 4b1f6f6fac43a23e783079db589fc7e2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-doc_2.6.32-314.27_all.deb Size/MD5: 6434392 09281aaccdce3fe2c4d70a0913ec5e49 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-source-2.6.32_2.6.32-314.27_all.deb Size/MD5: 68171196 7048f33fb28bc4a5f7634b12499b492d http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-314_2.6.32-314.27_all.deb Size/MD5: 10046624 a385860922eb209c56960edbd4874134 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-314-ec2_2.6.32-314.27_amd64.deb Size/MD5: 693912 7528587b27dbfe734761131cb0efb493 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.32-314-ec2_2.6.32-314.27_amd64.deb Size/MD5: 20035640 bcc35c559c339452498c0b90a5e240bc i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-314-ec2_2.6.32-314.27_i386.deb Size/MD5: 659440 a75036c9ba32e477f202074a0b02f606 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.32-314-ec2_2.6.32-314.27_i386.deb Size/MD5: 19234330 cd15dca40624901035313331878edf98