Test ID:	1.3.6.1.4.1.25623.1.0.70912
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1193-1 (linux-image-2.6.38-11-generic)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to linux-image-2.6.38-11-generic announced via advisory USN-1193-1. Details: Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) Sami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: linux-image-2.6.38-11-generic 2.6.38-11.48 linux-image-2.6.38-11-generic-pae 2.6.38-11.48 linux-image-2.6.38-11-omap 2.6.38-11.48 linux-image-2.6.38-11-powerpc 2.6.38-11.48 linux-image-2.6.38-11-powerpc-smp 2.6.38-11.48 linux-image-2.6.38-11-powerpc64-smp 2.6.38-11.48 linux-image-2.6.38-11-server 2.6.38-11.48 linux-image-2.6.38-11-versatile 2.6.38-11.48 linux-image-2.6.38-11-virtual 2.6.38-11.48 http://www.securityspace.com/smysecure/catid.html?in=USN-1193-1 CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:NR/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1577 1025355 http://securitytracker.com/id?1025355 20110413 [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel http://www.securityfocus.com/archive/1/517477/100/0/threaded 47343 http://www.securityfocus.com/bid/47343 8238 http://securityreason.com/securityalert/8238 FEDORA-2011-7823 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html RHSA-2011:0833 http://rhn.redhat.com/errata/RHSA-2011-0833.html [mm-commits] 20110412 + fs-partitions-efic-corrupted-guid-partition-tables-can-cause-kernel-oops.patch added to -mm tree http://www.spinics.net/lists/mm-commits/msg83274.html [oss-security] 20110412 CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops http://openwall.com/lists/oss-security/2011/04/12/17 [oss-security] 20110413 Re: CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops http://openwall.com/lists/oss-security/2011/04/13/1 http://downloads.avaya.com/css/P8/documents/100145416 https://bugzilla.redhat.com/show_bug.cgi?id=695976 kernel-guid-dos(66773) https://exchange.xforce.ibmcloud.com/vulnerabilities/66773 Common Vulnerability Exposure (CVE) ID: CVE-2011-1581 1025558 http://securitytracker.com/id?1025558 [oss-security] 20110413 CVE request - kernel: bonding: Incorrect TX queue offset http://openwall.com/lists/oss-security/2011/04/13/4 [oss-security] 20110413 Re: CVE request - kernel: bonding: Incorrect TX queue offset http://openwall.com/lists/oss-security/2011/04/13/16 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd0e435b0fe85622f167b84432552885a4856ac8 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 https://bugzilla.redhat.com/show_bug.cgi?id=696029 Common Vulnerability Exposure (CVE) ID: CVE-2011-2484 48383 http://www.securityfocus.com/bid/48383 [linux-kernel] 20110616 [PATCH] taskstats: don't allow duplicate entries in listener mode http://lists.openwall.net/linux-kernel/2011/06/16/605 [oss-security] 20110622 CVE request: kernel: taskstats local DoS http://openwall.com/lists/oss-security/2011/06/22/1 [oss-security] 20110622 Re: CVE request: kernel: taskstats local DoS http://openwall.com/lists/oss-security/2011/06/22/2 https://bugzilla.redhat.com/show_bug.cgi?id=715436 kernel-taskstats-dos(68150) https://exchange.xforce.ibmcloud.com/vulnerabilities/68150 Common Vulnerability Exposure (CVE) ID: CVE-2011-2493 [oss-security] 20110624 Re: CVE request: kernel: ext4: init timer earlier to avoid a kernel panic in __save_error_info http://www.openwall.com/lists/oss-security/2011/06/24/4 http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0449641130f5652b344ef6fa39fa019d7e94660a https://github.com/torvalds/linux/commit/0449641130f5652b344ef6fa39fa019d7e94660a
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.