Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Linux > Linux & Opensource Blog

February 19th, 2013, 10:59 GMT · By Silviu Stahie

BLOG

Linux Kernel Amazon EC2 Vulnerability Repaired by Canonical

SHARE:

Adjust text size:


Linux kernel logo Enlarge picture - Linux kernel logo
A security vulnerability that was discovered in the Linux kernel EC2 (Amazon EC2) affecting the Ubuntu 10.04 LTS (Lucid Lynx) operating system, was announced by Canonical.

This is the kernel vulnerability found in the Linux kernel packages: CVE-2013-0190. The system could be made to crash under certain conditions.

Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously.

The security flaws can be fixed if you upgrade your system(s) to the linux-image-2.6.32-350-ec2 (2.6.32-350.60).

Don't forget to reboot your computer after the upgrade!

ATTENTION: Due to an unavoidable ABI change, the kernel packages have a new version number, which will force you to reinstall and recompile all third-party kernel modules you might have installed. Moreover, if you use the linux-restricted-modules package, you have to update it as well to get modules that work with the new Linux kernel version.

TELL US WHAT YOU THINK:

907 hits · 2 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Debian Installer 0.7 RC1 Improves Resolution in UEFI Mode
Linux Kernel 3.8 "Presidents' Day Release" Edition Announced by Linus Torvalds
Firefox 19.0 Final for Linux Available for Download, Features Built-in PDF Viewer
DVDStyler 2.4.1 Receives New Templates
Transmission 2.77 Is Now Available for Download

READER COMMENTS:


Comment #1 by: Lewis on 20 Feb 2013, 13:27 UTC reply to this comment

have you any more detail than "could cause the system to crash? (In what way?)

Also, why would you run 32-bit on amazon (would it not be easier to port the legacy applications to cloud infrastructure, because EC2 is for apps to leverage the "cloud")

Also How and why would this cause a security issue (buffer overflow?)

Just very curious, about some of the "fixes" that go into the mainline kernel...

Comment #1.1 by: Silviu Stahie on 20 Feb 2013, 13:46 GMT

As you would imagine, the developers are not too keen on sharing the exact method that can be used to compromise a Linux kernel, hence the vague description of the problem.

The complete description would be this one: "The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption"

You can find more details about this issue here:

http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-0190.html

Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use