=========================================================== Ubuntu Security Notice USN-1080-2 March 02, 2011 linux-ec2 vulnerabilities CVE-2010-3865, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4248, CVE-2010-4343, CVE-2010-4346, CVE-2010-4526, CVE-2010-4527, CVE-2010-4649, CVE-2011-1044 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.32-313-ec2 2.6.32-313.26 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. Details follow: USN-1080-1 fixed vulnerabilities in the Linux kernel. This update provides the corresponding updates for the Linux kernel for use with EC2. Original advisory details: Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2010-3865) Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875) Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3876) Vasiliy Kulikov discovered that the TIPC interface did not correctly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3877) Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. (CVE-2010-3880) It was discovered that multithreaded exec did not handle CPU timers correctly. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4248) Krishna Gudipati discovered that the bfa adapter driver did not correctly initialize certain structures. A local attacker could read files in /sys to crash the system, leading to a denial of service. (CVE-2010-4343) Tavis Ormandy discovered that the install_special_mapping function could bypass the mmap_min_addr restriction. A local attacker could exploit this to mmap 4096 bytes below the mmap_min_addr area, possibly improving the chances of performing NULL pointer dereference attacks. (CVE-2010-4346) It was discovered that the ICMP stack did not correctly handle certain unreachable messages. If a remote attacker were able to acquire a socket lock, they could send specially crafted traffic that would crash the system, leading to a denial of service. (CVE-2010-4526) Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. A local attacker could exploit this crash the system or gain root privileges. (CVE-2010-4527) Dan Carpenter discovered that the Infiniband driver did not correctly handle certain requests. A local user could exploit this to crash the system or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044) Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32-313.26.diff.gz Size/MD5: 9006451 8cdaceb98706fe4a05ae00a5da39b42d http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32-313.26.dsc Size/MD5: 2104 552a2f768dd9ebb658ffa7290d78618f http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32.orig.tar.gz Size/MD5: 81900940 4b1f6f6fac43a23e783079db589fc7e2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-doc_2.6.32-313.26_all.deb Size/MD5: 6430856 1f1387d40cfc16fbd07b6fbb2ff911ab http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-source-2.6.32_2.6.32-313.26_all.deb Size/MD5: 68190678 ce725a131a4a4450795d6b7b2ca9b17c http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-313_2.6.32-313.26_all.deb Size/MD5: 10042660 0b79b03ef63f936c4ec70afe1fb9f175 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-313-ec2_2.6.32-313.26_amd64.deb Size/MD5: 691132 4cd99928f8a74ce1860b42d8f092fbd3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.32-313-ec2_2.6.32-313.26_amd64.deb Size/MD5: 20005422 10cba12c56655afb94862979b703c0b0 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-313-ec2_2.6.32-313.26_i386.deb Size/MD5: 656470 c34756e6bff43f09d721b0dbe63cc0a4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.32-313-ec2_2.6.32-313.26_i386.deb Size/MD5: 19230428 7dd28c8c0238f99f31bcfab4f9fc8433