CVE-2011-2494 Kernel Vulnerability fixed in 3.0.0-13

The CVE-2011-2494 Kernel Vulnerability that affected kernel 3.0.0 (as used in Ubuntu 11.10) has been fixed in version 3.0.0-13 (which will now come through as an automatic update) … the bug allowed an attacker with “local” access (ie. sat at your PC’s keyboard) to gain access to private data through a vulnerability in taskstats.

Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy.

Mentioned here:


amongst many other places.

So if you’re running Ubuntu 11.10 (or any other distro with an earlier version 3 kernel) … run Update manager to get the latest updates :wink: