Linux kernel flaws and Various security issues fixed in the most recent Ubuntu update
Some important security vulnerabilities were fixed recently in an Ubuntu update, which include a large number of Linux kernel flaws as well as a remotely exploitable font flaw. The font flaw allowed attackers to run arbitrary code on the target machine without problems, putting your system and data at risk.
According to a post that appeared on the Ubuntu Advisory, developers found that libXfont handled some malformed BDF fonts in a certain manner which allowed any hacker to execute arbitrary code for gaining privileges. Installing the latest updates should fix the problem. It was stated that the font vulnerability was encountered in five different Ubuntu versions, which include 10.04, 12.04, 12.10, 13.04 and 13.10. Users are encouraged to reset the compiler options to the default values, since this may reduce the vulnerability to a minimal damage.
Alongside the font vulnerability, others appeared, which, in this case, were locally/remotely exploitable. These were encountered in Ubuntu 10.4 and 12.04.
One of the flaws allows an unprivileged local user to exploit an error in the Linux kernel’s UFO by causing a denial of service or even gaining administrative privileges. Other flaw enabled local users with CAP_NET_ADMIN capabilities to cause the same damage as above. Additionally, there was even a flaw in the driver for Beceem WIMAX chipset devices that allowed hackers to gain access to sensitive information stored in the kernel memory.
Furthermore, other issue, encountered in the handling of different memory regions of the kernel virtual machine subsystem allowed unwanted access, which may have caused a denial of service. Another user reported a buffer overflow in the kernel radiotap which, used by a remote attacker, may have caused a denial of service, with the help of a custom crafted header.
On top of that, a flaw found in the kernel’s userspace IO driver provided a local user with the means of gaining privileges or causing a denial of service. One other flaw, this time encountered in the debugfs system allowed system admins to cause a denial of service on targeted systems.
10 different vulnerabilities were patched for 12.04, two of them being remotely exploitable, such as a buffer overflow in the kernel . According to the Ubuntu Advisory, the remote attacker could cause a denial of service, just by using a specially crafted header. As for the other remote exploit, it seems to be encountered in the kernel dm snapshot facility. In this case, the flaw allowed the attacker to access and corrupt sensitive data stored on a Ubuntu based computer.
All people using the Ubuntu versions stated above are urged to update to the latest versions. Additionally, if other issues are encountered, users are welcome to send relevant information to the Ubuntu developers, which will surely take care of them as fast as possible.