Ubuntu Update For Linux USN-2282-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) A flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). (CVE-2014-3917) Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (CVE-2014-4608)

Affected

linux on Ubuntu 10.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-July/002588.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3917, CVE-2014-4608, CVE-2014-4943
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for linux USN-2282-1

Take action and discover your vulnerabilities