Linux kernel (EC2) vulnerabilities

2014-11-25T00:00:00
ID USN-2416-1
Type ubuntu
Reporter Ubuntu
Modified 2014-11-25T00:00:00

Description

Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (CVE-2014-4608)

Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). (CVE-2014-7975)