The update patches a security issue that affects the Linux kernel packages used in Ubuntu 12.04 LTS, linux-image-3.2.0, as well as any of its official or unofficial derivatives, such as Xubuntu, Kubuntu, Edubuntu, etc.
The kernel vulnerability has been discovered by Andrey Konovalov in the ALSA USB MIDI driver of the upstream Linux 3.2 kernel packages, which incorrectly performed a double-free.
A local attacker could have exploited the security issue if he had had physical access to the vulnerable machine running Ubuntu 12.04 LTS to crash the system by causing a denial of service (DoS) or execute code with root privileges.
Canonical urges all users of the Ubuntu 12.04 LTS (Precise Pangolin) operating system and its derivatives using the linux-image-3.2.0 kernel to update their systems to linux-image-3.2.0-101 (3.2.0-101.141) as soon as possible.
Source: http://linux.softpedia.com/blog/canonical-patches-alsa-usb-midi-linux-kernel-driver-issue-in-ubuntu-12-04-lts-501721.shtml
Submitted by: Arnfried Walbrecht
Comments are closed.