View Full Version : USN-662-2: Ubuntu kernel modules vulnerability

November 7th, 2008, 02:40 AM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-662-2 November 06, 2008 linux-ubuntu-modules-2.6.22/24 vulnerability CVE-2008-4395 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: linux-ubuntu-modules-2.6.22-15-386 2.6.22-15.40 linux-ubuntu-modules-2.6.22-15-generic 2.6.22-15.40 linux-ubuntu-modules-2.6.22-15-rt 2.6.22-15.40 linux-ubuntu-modules-2.6.22-15-server 2.6.22-15.40 Ubuntu 8.04 LTS: linux-ubuntu-modules-2.6.24-21-386 2.6.24-21.33 linux-ubuntu-modules-2.6.24-21-generic 2.6.24-21.33 linux-ubuntu-modules-2.6.24-21-rt 2.6.24-21.33 linux-ubuntu-modules-2.6.24-21-server 2.6.24-21.33 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: USN-662-1 fixed vulnerabilities in ndiswrapper in Ubuntu 8.10. This update provides the corresponding updates for Ubuntu 8.04 and 7.10. Original advisory details: Anders Kaseorg discovered that ndiswrapper did not correctly handle long ESSIDs. For a system using ndiswrapper, a physically near-by attacker could generate specially crafted wireless network traffic and execute arbitrary code with root privileges. (CVE-2008-4395)

More... (http://www.ubuntu.com/usn/usn-662-2)