==========================================================================
Ubuntu Security Notice USN-2108-1
February 18, 2014

linux-ec2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux-ec2: Linux kernel for EC2

Details:

A flaw was discovered in the Linux kernel’s compat ioctls for Adaptec
AACRAID scsi raid devices. An unprivileged local user could send
administrative commands to these devices potentially compromising the data
stored on the device. (CVE-2013-6383)

mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg
system calls in the Linux kernel. An unprivileged local user could exploit
this flaw to obtain sensitive information from kernel stack memory.
(CVE-2013-7263)

mpb reported an information leak in the Layer Two Tunneling Protocol (l2tp)
of the Linux kernel. A local user could exploit this flaw to obtain
sensitive information from kernel stack memory. (CVE-2013-7264)

mpb reported an information leak in the Phone Network protocol (phonet) in
the Linux kernel. A local user could exploit this flaw to obtain sensitive
information from kernel stack memory. (CVE-2013-7265)

mpb reported an information leak in the Low-Rate Wireless Personal Area
Networks support (IEEE 802.15.4) in the Linux kernel. A local user could
exploit this flaw to obtain sensitive information from kernel stack memory.
(CVE-2013-7281)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-361-ec2 2.6.32-361.74

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2108-1
CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265,
CVE-2013-7281

Package Information:
https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-361.74

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTA+zbAAoJEAUvNnAY1cPYu1YQAIXZQCJH9B/AE/AG7PE72zrB
s3hYQC7IOEeiAUDth5uskg+iP11KVaL0nxV7lhWcMiMnqpBwwix86/rejzoUL6Ot
lpW+1llpiU7UAmqzrXRPQJaIvtvfpLAsJoseurMlLsOMbWaimsI4I1mANzDKssAz
BxdANelrggwZYAuwPZx56WS3+ctn4LBT4+GJ58P19ntYQP972jRHAX8qPlTtAdCG
tzPC1jaAG0OXFr37WdB2d5gX7wypH+RndsAgDqUEQOr/PebeVsg1/SjGM/YFENd2
9JHmhvJHvLgpORg32ONs+DZaYKvtOIt4eF+SYkL8IvVqPJg9odhYGBeg/biosgXX
WIAxa0WEpBy4U1WrDvHHhrzmKmhuN1/qbGpccSiZxWwXpZ3QbxJ/WcoeiCZwKxJp
9BgNiBmLu1oMvz0RIkwP9HYzieRIjTa8AuBOoYiTvyfwRoyW4dDB3wSgd564BnsR
Y5bKZUP4MwfCyc1xM4AeUFYD9Xg/sM4mLy4a5bNk9NRoES6N80QhgoN3LcFw8vij
dyRBs9RjoeIcUPpEMyMpfSV0QuG5nbpz4WQ4xcvsJ5Aplk0iIazGbmqPIfdIfNaX
I3M5DyDL+8hbLVaY6FfFAb1mz/H6lChkEQguR6ZzwLTwi6MrdvNpR6OclvJwFB+E
L4GOan8CeJ77gYfO940A
=85Qw
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2107-1
February 18, 2014

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux: Linux kernel

Details:

A flaw was discovered in the Linux kernel’s compat ioctls for Adaptec
AACRAID scsi raid devices. An unprivileged local user could send
administrative commands to these devices potentially compromising the data
stored on the device. (CVE-2013-6383)

mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg
system calls in the Linux kernel. An unprivileged local user could exploit
this flaw to obtain sensitive information from kernel stack memory.
(CVE-2013-7263)

mpb reported an information leak in the Layer Two Tunneling Protocol (l2tp)
of the Linux kernel. A local user could exploit this flaw to obtain
sensitive information from kernel stack memory. (CVE-2013-7264)

mpb reported an information leak in the Phone Network protocol (phonet) in
the Linux kernel. A local user could exploit this flaw to obtain sensitive
information from kernel stack memory. (CVE-2013-7265)

mpb reported an information leak in the Low-Rate Wireless Personal Area
Networks support (IEEE 802.15.4) in the Linux kernel. A local user could
exploit this flaw to obtain sensitive information from kernel stack memory.
(CVE-2013-7281)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-56-386 2.6.32-56.118
linux-image-2.6.32-56-generic 2.6.32-56.118
linux-image-2.6.32-56-generic-pae 2.6.32-56.118
linux-image-2.6.32-56-ia64 2.6.32-56.118
linux-image-2.6.32-56-lpia 2.6.32-56.118
linux-image-2.6.32-56-powerpc 2.6.32-56.118
linux-image-2.6.32-56-powerpc-smp 2.6.32-56.118
linux-image-2.6.32-56-powerpc64-smp 2.6.32-56.118
linux-image-2.6.32-56-preempt 2.6.32-56.118
linux-image-2.6.32-56-server 2.6.32-56.118
linux-image-2.6.32-56-sparc64 2.6.32-56.118
linux-image-2.6.32-56-sparc64-smp 2.6.32-56.118
linux-image-2.6.32-56-versatile 2.6.32-56.118
linux-image-2.6.32-56-virtual 2.6.32-56.118

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2107-1
CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265,
CVE-2013-7281

Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.32-56.118

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTA+y/AAoJEAUvNnAY1cPY5ugP/2Kzsd2oMAhHDJGh52sybQDE
wmqVYwLgq6rTaL1fSct2FV8J/P4tck2MzBXM8IEpxVwmpn7F9hKFsWY/D1FInbR0
LX/zGLtbp8hNgs4hfJ4b8OJmgeke8QV2jILU3yQRcCuBHbW1UYURCIQUXYks54Hc
Maq9+SpYBhZerndaEA6AeigoFdtEQOqN3zbYwt09mesd9V4Uve+/9JDQAvU3Tj0/
QxdF2D14FTZP/M8FuQqT9pLPFUOvpE7fmagyd0MV62icQyEv4DQPb3jOKycwIsp3
ppALoZUxbJulr7zFL6tPXA42gHl0lnqQK+2O3s2fe4g4Qa3Di2IPDxrx37BdgFKE
SuVPOzjJujhnsHf4gXCmO/ASaTH9mZHP7agVsiceKb5hZ4Z25oWLRXADi7RmGCfm
EQ9A/qa74v74a60PhuvmDEuGZm6rGHVVakeXoFsqIhte/K7y4fdjhoCRYYh7mA51
hWm6v3ihDlTFPVnu9tZwqKa4EPonrcJt1qOFQqxzWeTKxJnW0I2vx5mThLfdzXS9
fLRTJedwUQD/e4EvL1XlPZTFVK0zPUkUjz0niKZviPMHNEg1rrft1Sm8LKm+fBoA
/qsbaXs25HAz3uZR/EYoEGkRQ9qoFCftaSkgACQy4UcLRg1jvxjBPS8612nM9R+z
pYE+5zJiVANVeNmQeS+z
=dBXG
—–END PGP SIGNATURE—–
—