USN-1054-1

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-28-386 2.6.32-28.55
linux-image-2.6.32-28-generic 2.6.32-28.55
linux-image-2.6.32-28-generic-pae 2.6.32-28.55
linux-image-2.6.32-28-ia64 2.6.32-28.55
linux-image-2.6.32-28-lpia 2.6.32-28.55
linux-image-2.6.32-28-powerpc 2.6.32-28.55
linux-image-2.6.32-28-powerpc-smp 2.6.32-28.55
linux-image-2.6.32-28-powerpc64-smp 2.6.32-28.55
linux-image-2.6.32-28-preempt 2.6.32-28.55
linux-image-2.6.32-28-server 2.6.32-28.55
linux-image-2.6.32-28-sparc64 2.6.32-28.55
linux-image-2.6.32-28-sparc64-smp 2.6.32-28.55
linux-image-2.6.32-28-versatile 2.6.32-28.55
linux-image-2.6.32-28-virtual 2.6.32-28.55
linux-image-2.6.32-312-ec2 2.6.32-312.24

Ubuntu 10.10:
linux-image-2.6.35-25-generic 2.6.35-25.44
linux-image-2.6.35-25-generic-pae 2.6.35-25.44
linux-image-2.6.35-25-omap 2.6.35-25.44
linux-image-2.6.35-25-powerpc 2.6.35-25.44
linux-image-2.6.35-25-powerpc-smp 2.6.35-25.44
linux-image-2.6.35-25-powerpc64-smp 2.6.35-25.44
linux-image-2.6.35-25-server 2.6.35-25.44
linux-image-2.6.35-25-versatile 2.6.35-25.44
linux-image-2.6.35-25-virtual 2.6.35-25.44

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

Details follow:

Gleb Napatov discovered that KVM did not correctly check certain
privileged operations. A local attacker with access to a guest kernel
could exploit this to crash the host system, leading to a denial of
service. (CVE-2010-0435)

Steve Chen discovered that setsockopt did not correctly check MSS values.
A local attacker could make a specially crafted socket call to crash
the system, leading to a denial of service. (CVE-2010-4165)

Dave Jones discovered that the mprotect system call did not correctly
handle merged VMAs. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4169)

Vegard Nossum discovered that memory garbage collection was not
handled correctly for active sockets. A local attacker could exploit
this to allocate all available kernel memory, leading to a denial of
service. (CVE-2010-4249)