Ubuntu Update For Linux USN-2283-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. (CVE-2014-0131) Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (CVE-2014-4608)

Affected

linux on Ubuntu 12.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-July/002589.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0131, CVE-2014-4608, CVE-2014-4943
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for linux USN-2283-1

Take action and discover your vulnerabilities