Thanks for the information.
I still don't understand how to interpret the vulnerability information from Canonical, for example how to use it to confirm that CVE-2013-2094 has been cleared for my Ubuntus (I check for updates every day).
Link 2 http://people.canonical.com/~ubuntu-...2013-2094.html in my original post has this at the top:
Clicking on http://www.ubuntu.com/usn/usn-1825-1 in the References section brings up:
The perf_swevent_init function in kernel/events/core.c in the Linux kernel
before 3.8.9 uses an incorrect integer data type, which allows local users
to gain privileges via a crafted perf_event_open system call.
Then finally clicking linux-image-3.2.0-43-generic brings up:
Ubuntu Security Notice USN-1825-1
15th May, 2013
Ubuntu 12.04 LTS
The problem can be corrected by updating your system to the
following package version:
Ubuntu 12.04 LTS:
“linux” package in Ubuntu
block-modules-3.8.0-19-generic-di: Block storage devices
crypto-modules-3.8.0-19-generic-di: crypto modules
linux-headers-3.8.0-19: Header files related to Linux kernel version 3.8.0
linux-headers-3.8.0-19-generic: Linux kernel headers for version 3.8.0 on ARM (hard float) SMP
linux-image-3.8.0-19-generic: Linux kernel image for version 3.8.0 on ARM (hard float) SMP
linux-image-extra-3.8.0-19-generic: Linux kernel image for version 3.8.0 on 32 bit x86 SMP
The Description says that Linux kernels before 3.8.9 have the cve-2013-2094 vulnerability.
Then the number (3.2.0-43) in the linux-image (shown in the References section) cannot be
the Linux kernel because it is before 3.8.9 and still in the vulnerable version range.
Q1. what does 3.2.0-43 refer to?
Then clicking on linux-image-3.2.0-43-generic shows a list of package parts each carrying the number
3.8.0-19, that certainly seems to be nearer 3.8.9.
Q2. what does 0-19 refer to? ...range 0 to 19? (then if it had been 3.8.9-19 I would have