What is the severity of USN-1805-1?

USN-1805-1 is classified as a medium severity vulnerability due to the potential for local information disclosure.

How do I fix USN-1805-1?

To remediate USN-1805-1, users should upgrade to the linux-image packages version 2.6.32-46.108 or later for Ubuntu 10.04.

What systems are affected by USN-1805-1?

USN-1805-1 affects several linux-image packages on Ubuntu 10.04, including generic, virtual, and server versions.

Who discovered the vulnerability in USN-1805-1?

Mathias Krause discovered the information leak vulnerability described in USN-1805-1.

Is USN-1805-1 related to CVE-2012-6542?

Yes, USN-1805-1 addresses CVE-2012-6542, which involves an information leak in the getsockname implementation for Logical Link Layer sockets.

Vulnerability/
USN-1805-1

19/4/2013

USN-1805-1: Linux kernel vulnerabilities

First published: Fri Apr 19 2013(Updated: )

Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. (CVE-2012-6542) Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. (CVE-2012-6544) Mathias Krause discovered information leaks in the Linux kernel's Bluetooth RFCOMM protocol implementation. A local user could exploit these flaws to examine parts of kernel memory. (CVE-2012-6545) Mathias Krause discovered information leaks in the Linux kernel's Asynchronous Transfer Mode (ATM) networking stack. A local user could exploit these flaws to examine some parts of kernel memory. (CVE-2012-6546) Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6548) Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. (CVE-2013-0228) An information leak was discovered in the Linux kernel's Bluetooth stack when HIDP (Human Interface Device Protocol) support is enabled. A local unprivileged user could exploit this flaw to cause an information leak from the kernel. (CVE-2013-0349) A flaw was discovered in the Edgeort USB serial converter driver when the device is disconnected while it is in use. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1774) Andrew Honig discovered a flaw in guest OS time updates in the Linux kernel's KVM (Kernel-based Virtual Machine). A privileged guest user could exploit this flaw to cause a denial of service (crash host system) or potential escalate privilege to the host kernel level. (CVE-2013-1796)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-2.6.32-46-sparc64	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04
All of
ubuntu/linux-image-2.6.32-46-generic	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04
All of
ubuntu/linux-image-2.6.32-46-virtual	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04
All of
ubuntu/linux-image-2.6.32-46-powerpc	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04
All of
ubuntu/linux-image-2.6.32-46-generic-pae	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04
All of
ubuntu/linux-image-2.6.32-46-powerpc64-smp	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04
All of
ubuntu/linux-image-2.6.32-46-preempt	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04
All of
ubuntu/linux-image-2.6.32-46-server	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04
All of
ubuntu/linux-image-2.6.32-46-lpia	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04
All of
ubuntu/linux-image-2.6.32-46-ia64	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04
All of
ubuntu/linux-image-2.6.32-46-versatile	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04
All of
ubuntu/linux-image-2.6.32-46-powerpc-smp	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04
All of
ubuntu/linux-image-2.6.32-46-386	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04
All of
ubuntu/linux-image-2.6.32-46-sparc64-smp	<2.6.32-46.108	2.6.32-46.108
Ubuntu 22.04 LTS	=10.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-1805-1?
USN-1805-1 is classified as a medium severity vulnerability due to the potential for local information disclosure.
How do I fix USN-1805-1?
To remediate USN-1805-1, users should upgrade to the linux-image packages version 2.6.32-46.108 or later for Ubuntu 10.04.
What systems are affected by USN-1805-1?
USN-1805-1 affects several linux-image packages on Ubuntu 10.04, including generic, virtual, and server versions.
Who discovered the vulnerability in USN-1805-1?
Mathias Krause discovered the information leak vulnerability described in USN-1805-1.
Is USN-1805-1 related to CVE-2012-6542?
Yes, USN-1805-1 addresses CVE-2012-6542, which involves an information leak in the getsockname implementation for Logical Link Layer sockets.

agent/severity
agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
agent/title
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu 22.04 lts
version/ubuntu 22.04 lts/10.04