Ubuntu Update for Linux kernel vulnerabilities USN-1284-2

Please Install the Updated Packages.

USN-1284-1 fixed vulnerabilities in Update Manager. One of the fixes introduced a regression for Kubuntu users attempting to upgrade to a newer Ubuntu release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. (CVE-2011-3152) David Black discovered that Update Manager created a temporary directory in an insecure fashion. A local attacker could possibly use this flaw to read the XAUTHORITY file of the user performing the upgrade. (CVE-2011-3154) This update also adds a hotfix to Update Notifier to handle cases where the upgrade is being performed from CD media.

update-manager on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

• https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001592.html

---

Updated on 2015-03-25