Ubuntu update for linux-ec2

by Carol~ Moderator - 12/5/12 3:08 PM

In Reply to: VULNERABILITIES / FIXES - December 05, 2012 by Carol~ Moderator

Release Date: 2012-12-05

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System : Ubuntu Linux 10.10

Description:
Ubuntu has issued an update for linux-ec2. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The weakness is caused due to a divide-by-zero error within the "tcp_illinois_info()" function (net/ipv4/tcp_illinois.c) when reading TCP stats and can be exploited to cause a kernel oops.

Solution:
Apply updated packages.

Provided and/or discovered by:
The vendor credits Rodrigo Freire, Red Hat.

Original Advisory:
USN-1653-1:
http://www.ubuntu.com/usn/usn-1653-1/

http://thread.gmane.org/gmane.linux.network/247871

http://secunia.com/advisories/51470/