USN-1829-1: Linux kernel (EC2) vulnerabilities
First published: Thu May 16 2013(Updated: )
Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6549) Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local attacker with NET_ADMIN capability could potentially exploit this flaw to escalate privileges. (CVE-2013-1826) A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2013-1860) An information leak was discovered in the Linux kernel's /dev/dvb device. A local user could exploit this flaw to obtain sensitive information from the kernel's stack memory. (CVE-2013-1928) An information leak in the Linux kernel's dcb netlink interface was discovered. A local user could obtain sensitive information by examining kernel stack memory. (CVE-2013-2634)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-2.6.32-352-ec2 | <2.6.32-352.65 | 2.6.32-352.65 |
| Ubuntu gir1.2-packagekitglib-1.0 | =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2012-6549
- https://ubuntu.com/security/CVE-2013-1826
- https://ubuntu.com/security/CVE-2013-1860
- https://ubuntu.com/security/CVE-2013-1928
- https://ubuntu.com/security/CVE-2013-2634
- https://ubuntu.com/security/notices/USN-1812-1
- https://ubuntu.com/security/notices/USN-1809-1
- https://ubuntu.com/security/notices/USN-1813-1
- https://ubuntu.com/security/notices/USN-1814-1
- https://ubuntu.com/security/notices/USN-1824-1
- https://ubuntu.com/security/notices/USN-1811-1
- https://ubuntu.com/security/notices/USN-1648-1
- https://ubuntu.com/security/notices/USN-1644-1
- https://ubuntu.com/security/notices/USN-1649-1
- https://ubuntu.com/security/notices/USN-1645-1
- https://ubuntu.com/security/notices/USN-1646-1
- https://ubuntu.com/security/notices/USN-1647-1
- https://ubuntu.com/security/notices/USN-1652-1
- https://ubuntu.com/security/notices/USN-1704-1
- https://ubuntu.com/security/notices/USN-1673-1
- https://ubuntu.com/security/notices/USN-1671-1
- https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-352.65
- https://ubuntu.com/security/notices/USN-1829-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-1829-1?
The severity of USN-1829-1 is classified as a medium risk due to the potential for local users to exploit the information leak.
How do I fix USN-1829-1?
To fix USN-1829-1, you should update your system to the patched version of the linux-image package, specifically 2.6.32-352.65 or higher.
What systems are affected by USN-1829-1?
USN-1829-1 affects Ubuntu 10.04 systems running the linux-image-2.6.32-352-ec2 package.
What CVEs are associated with USN-1829-1?
USN-1829-1 addresses multiple CVEs, including CVE-2012-6549, CVE-2013-1826, and CVE-2013-1860.
Who discovered the vulnerabilities in USN-1829-1?
The vulnerabilities in USN-1829-1 were discovered by researcher Mathias Krause.
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu gir1.2-packagekitglib-1.0
- version/ubuntu gir1.2-packagekitglib-1.0/10.04