Page 1: News Post
An Ubuntu Security Notice from March 17, 2010 mentions some vulnerabilities in the kernels used by Ubuntu-based distributions from 8.04 to 9.10; the 6.06 release is affected, too. (Ubuntu 7.04 and 7.10 were not mentioned, but they are no longer supported anyway.)
They are all local attacks; none of the listed attacks can be invoked by a remote attacker. All of them can, however, lead to a denial of service condition if successfully exploited by a local attacker.
If you are using Ubuntu, but aren't sure which release you're using, you can run:
to find your installation's release information.
Also, you can run:to show the kernel currently in use by your system.
Source: USN-914-1
They are all local attacks; none of the listed attacks can be invoked by a remote attacker. All of them can, however, lead to a denial of service condition if successfully exploited by a local attacker.
If you are using Ubuntu, but aren't sure which release you're using, you can run:
Code
lsb_release -a
Also, you can run:
Code
uname -r
Quote
Details follow:
Mathias Krause discovered that the Linux kernel did not correctly handle missing ELF interpreters. A local attacker could exploit this to cause the system to crash, leading to a denial of service. (CVE-2010-0307)
Marcelo Tosatti discovered that the Linux kernel's hardware virtualization did not correctly handle reading the /dev/port special device. A local attacker in a guest operating system could issue a specific read that would cause the host system to crash, leading to a denial of service. (CVE-2010-0309)
Sebastian Krahmer discovered that the Linux kernel did not correctly handle netlink connector messages. A local attacker could exploit this to consume kernel memory, leading to a denial of service. (CVE-2010-0410)
Ramon de Carvalho Valle discovered that the Linux kernel did not correctly validate certain memory migration calls. A local attacker could exploit this to read arbitrary kernel memory or cause a system crash, leading to a denial of service. (CVE-2010-0415)
Jermome Marchand and Mikael Pettersson discovered that the Linux kernel did not correctly handle certain futex operations. A local attacker could exploit this to cause a system crash, leading to a denial of service. (CVE-2010-0622, CVE-2010-0623)
Source: USN-914-1