- Vulnerability/
- USN-1090-1
USN-1090-1: Linux kernel vulnerabilities
First published: Fri Mar 18 2011(Updated: )
Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4075) Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2010-4163, CVE-2010-4668)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-2.6.35-28-server | <2.6.35-28.49 | 2.6.35-28.49 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.10 | |
| All of | ||
| ubuntu/linux-image-2.6.35-28-versatile | <2.6.35-28.49 | 2.6.35-28.49 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.10 | |
| All of | ||
| ubuntu/linux-image-2.6.35-28-powerpc-smp | <2.6.35-28.49 | 2.6.35-28.49 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.10 | |
| All of | ||
| ubuntu/linux-image-2.6.35-28-virtual | <2.6.35-28.49 | 2.6.35-28.49 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.10 | |
| All of | ||
| ubuntu/linux-image-2.6.35-28-powerpc64-smp | <2.6.35-28.49 | 2.6.35-28.49 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.10 | |
| All of | ||
| ubuntu/linux-image-2.6.35-28-powerpc | <2.6.35-28.49 | 2.6.35-28.49 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.10 | |
| All of | ||
| ubuntu/linux-image-2.6.35-28-generic-pae | <2.6.35-28.49 | 2.6.35-28.49 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.10 | |
| All of | ||
| ubuntu/linux-image-2.6.35-28-omap | <2.6.35-28.49 | 2.6.35-28.49 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.10 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-generic | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-powerpc-smp | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-ia64 | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-lpia | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-preempt | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-sparc64-smp | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-sparc64 | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-generic-pae | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-virtual | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-server | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-powerpc | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-386 | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-powerpc64-smp | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-30-versatile | <2.6.32-30.59 | 2.6.32-30.59 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2010-4075
- https://ubuntu.com/security/CVE-2010-4163
- https://ubuntu.com/security/CVE-2010-4668
- https://ubuntu.com/security/notices/USN-1092-1
- https://ubuntu.com/security/notices/USN-1089-1
- https://ubuntu.com/security/notices/USN-1202-1
- https://ubuntu.com/security/notices/USN-1105-1
- https://ubuntu.com/security/notices/USN-1204-1
- https://ubuntu.com/security/notices/USN-1187-1
- https://ubuntu.com/security/notices/USN-1086-1
- https://ubuntu.com/security/notices/USN-1093-1
- https://launchpad.net/ubuntu/+source/linux/2.6.35-28.49
- https://launchpad.net/ubuntu/+source/linux/2.6.32-30.59
- https://ubuntu.com/security/notices/USN-1090-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-1090-1?
The severity of USN-1090-1 is categorized as high due to potential unauthorized access to sensitive kernel memory.
How do I fix USN-1090-1?
To fix USN-1090-1, update to the patched kernel version 2.6.35-28.49 or its equivalent for your system.
What systems are affected by USN-1090-1?
USN-1090-1 affects Ubuntu 10.10 systems running specific versions of the linux-image package.
What kind of attack can exploit the vulnerability in USN-1090-1?
An attacker with local access could exploit USN-1090-1 to read sensitive information from the kernel stack.
Is there a known workaround for USN-1090-1?
There are no known workarounds for USN-1090-1 other than applying the security updates.
- agent/references
- agent/severity
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/event
- agent/description
- agent/title
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu gir1.2-packagekitglib-1.0
- version/ubuntu gir1.2-packagekitglib-1.0/10.10
- version/ubuntu gir1.2-packagekitglib-1.0/10.04