New Kernel Vulnerabilities Affect Four Ubuntu OSes

All Ubuntu users are urged to upgrade their systems immediately!

By on December 1st, 2012 00:10 GMT

Canonical announced a few hours ago, November 30, that a new Linux kernel update for its Ubuntu 12.10 (Quantal Quetzal), Ubuntu 12.04 LTS (Precise Pangolin), Ubuntu 11.10 (Oneiric Ocelot) and Ubuntu 10.04 LTS (Lucid Lynx) operating systems is now available, fixing two important security vulnerabilities discovered in the Linux kernel packages by various developers.

We’re talking about the CVE-2012-0957 and CVE-2012-4565 vulnerabilities, discovered by Brad Spengler and Rodrigo Freire.

The first one, CVE-2012-0957, is related to a flaw in the Linux kernel's uname system call, which could allow unprivileged users to exploit it and read kernel stack memory.

The second one, CVE-2012-4565, is related to a flaw in the Linux kernel's TCP illinois congestion control algorithm, which could allow local attacker to cause a DoS (Denial of Service) attack.

For more information you can click the vulnerabilities above, or go here, here, here and here for in-depth descriptions, as it affects other Linux operating systems as well.

The security flaws can be fixed if you upgrade your system(s) to the linux-image-3.5.0-27 (3.5.0-19.30) package(s) for Ubuntu 12.10, linux-image-3.2.0-34 (3.2.0-34.53) package(s) for Ubuntu 12.04 LTS, linux-image-3.0.0-28 (3.0.0-28.45) package(s) for Ubuntu 11.10 and linux-image-2.6.32-45 (2.6.32-45.100) package(s) for Ubuntu 10.04 LTS.

To apply the update, run the Update Manager application. Don't forget to reboot your computer after the upgrade!

ATTENTION: Due to an unavoidable ABI change, the kernel packages have a new version number, which will force you to reinstall and recompile all third-party kernel modules you might have installed. Moreover, if you use the linux-restricted-modules package, you have to update it as well to get modules which work with the new Linux kernel version.

Comments