Ubuntu Update For Linux USN-2356-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Jack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. (CVE-2014-3601) Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). (CVE-2014-5471) Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). (CVE-2014-5472)

Affected

linux on Ubuntu 12.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-September/002670.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3601, CVE-2014-5471, CVE-2014-5472
CVSS Base Score: 4.3
AV:A/AC:H/Au:S/C:N/I:N/A:C

Related Vulnerabilities

Ubuntu Update for linux USN-2356-1

Take action and discover your vulnerabilities