PDA

View Full Version : USN-578-1: Linux kernel vulnerabilities



rss-bot
February 14th, 2008, 07:20 AM
Referenced CVEs:
CVE-2006-6058, CVE-2006-7229, CVE-2007-4133, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6417, CVE-2008-0001


Description:
================================================== ========= Ubuntu Security Notice USN-578-1 February 14, 2008 linux-source-2.6.15 vulnerabilities CVE-2006-6058, CVE-2006-7229, CVE-2007-4133, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6417, CVE-2008-0001 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-51-386 2.6.15-51.66 linux-image-2.6.15-51-686 2.6.15-51.66 linux-image-2.6.15-51-amd64-generic 2.6.15-51.66 linux-image-2.6.15-51-amd64-k8 2.6.15-51.66 linux-image-2.6.15-51-amd64-server 2.6.15-51.66 linux-image-2.6.15-51-amd64-xeon 2.6.15-51.66 linux-image-2.6.15-51-hppa32 2.6.15-51.66 linux-image-2.6.15-51-hppa32-smp 2.6.15-51.66 linux-image-2.6.15-51-hppa64 2.6.15-51.66 linux-image-2.6.15-51-hppa64-smp 2.6.15-51.66 linux-image-2.6.15-51-itanium 2.6.15-51.66 linux-image-2.6.15-51-itanium-smp 2.6.15-51.66 linux-image-2.6.15-51-k7 2.6.15-51.66 linux-image-2.6.15-51-mckinley 2.6.15-51.66 linux-image-2.6.15-51-mckinley-smp 2.6.15-51.66 linux-image-2.6.15-51-powerpc 2.6.15-51.66 linux-image-2.6.15-51-powerpc-smp 2.6.15-51.66 linux-image-2.6.15-51-powerpc64-smp 2.6.15-51.66 linux-image-2.6.15-51-server 2.6.15-51.66 linux-image-2.6.15-51-server-bigiron 2.6.15-51.66 linux-image-2.6.15-51-sparc64 2.6.15-51.66 linux-image-2.6.15-51-sparc64-smp 2.6.15-51.66 After a standard system upgrade you need to reboot your computer to effect the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-386, linux-powerpc, linux-amd64-generic), a standard system upgrade will automatically perform this as well. Details follow: The minix filesystem did not properly validate certain filesystem values. If a local attacker could trick the system into attempting to mount a corrupted minix filesystem, the kernel could be made to hang for long periods of time, resulting in a denial of service. (CVE-2006-6058) Alexander Schulze discovered that the skge driver does not properly use the spin_lock and spin_unlock functions. Remote attackers could exploit this by sending a flood of network traffic and cause a denial of service (crash). (CVE-2006-7229) Hugh Dickins discovered that hugetlbfs performed certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE. A local user could exploit this and cause a denial of service via kernel panic. (CVE-2007-4133) Chris Evans discovered an issue with certain drivers that use the ieee80211_rx function. Remote attackers could send a crafted 802.11 frame and cause a denial of service via crash. (CVE-2007-4997) Alex Smith discovered an issue with the pwc driver for certain webcam devices. A local user with physical access to the system could remove the device while a userspace application had it open and cause the USB subsystem to block. (CVE-2007-5093) Scott James Remnant discovered a coding error in ptrace. Local users could exploit this and cause the kernel to enter an infinite loop. (CVE-2007-5500) Venustech AD-LAB discovered a buffer overflow in the isdn net subsystem. This issue is exploitable by local users via crafted input to the isdn_ioctl function. (CVE-2007-6063) It was discovered that the isdn subsystem did not properly check for NULL termination when performing ioctl handling. A local user could exploit this to cause a denial of service. (CVE-2007-6151) Blake Frantz discovered that when a root process overwrote an existing core file, the resulting core file retained the previous core file's ownership. Local users could exploit this to gain access to sensitive information. (CVE-2007-6206) Hugh Dickins discovered the when using the tmpfs filesystem, under rare circumstances, a kernel page may be improperly cleared. A local user may be able to exploit this and read sensitive kernel data or cause a denial of service via crash. (CVE-2007-6417) Bill Roman discovered that the VFS subsystem did not properly check access modes. A local user may be able to gain removal privileges on directories. (CVE-2008-0001)





More... (http://www.ubuntu.com/usn/usn-578-1)