lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041216170830.GA15512@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-39-1] Linux amd64 kernel vulnerability

===========================================================
Ubuntu Security Notice USN-39-1		  December 16, 2004
linux-source-2.6.8.1 vulnerability
CAN-2004-1074, USN-30-1
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-4-amd64-generic
linux-image-2.6.8.1-4-amd64-k8
linux-image-2.6.8.1-4-amd64-k8-smp
linux-image-2.6.8.1-4-amd64-xeon

The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.4.  You need to reboot the computer after
performing a standard system upgrade to effect the necessary changes.

Details follow:

USN-30-1 fixed several flaws in the Linux ELF binary loader's handling
of setuid binaries. Unfortunately it was found that these patches were
not sufficient to prevent all possible attacks on 64-bit platforms, so
previous amd64 kernel images were still vulnerable to root privilege
escalation if setuid binaries were run under certain conditions.

This issue does not affect the i386 and powerpc platforms.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.4.diff.gz
      Size/MD5:  3121806 c4f5a87be93f43d1dff60b934c45e219
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.4.dsc
      Size/MD5:     2119 ff2c4eb0ccc7b31c9555cfb158e80791
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
      Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.4_all.deb
      Size/MD5:  6160106 eba84d08c642c1e77b81ff7f6ba59bce
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.4_all.deb
      Size/MD5:  1471212 53e389d5570151d8180c8f8fc2efb9a5
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.4_all.deb
      Size/MD5: 36718974 24f7a7dee3160e1acee15cda0af2c737
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.4_all.deb
      Size/MD5:   306716 d76608ed14aa0e8a92b105b6398a4ea4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-generic_2.6.8.1-16.4_amd64.deb
      Size/MD5:   247044 d57b5beebd227bb1fbb0e6f87ea4293a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.4_amd64.deb
      Size/MD5:   242524 82a5bfab29ef59f419ed154e51c02b84
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8_2.6.8.1-16.4_amd64.deb
      Size/MD5:   246154 3c1c764b4dcabb41736c905b45814e9f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-xeon_2.6.8.1-16.4_amd64.deb
      Size/MD5:   240860 41b94009e290c2f8f45faef07735dc87
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.4_amd64.deb
      Size/MD5:  3177582 5d58efcba744ad4af8e562cc3c75a118
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-generic_2.6.8.1-16.4_amd64.deb
      Size/MD5: 14352734 9aec3005d1be37fccf792046adc08e19
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.4_amd64.deb
      Size/MD5: 14827508 b0cc8adb3130d99a7afd58d12a495f6a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8_2.6.8.1-16.4_amd64.deb
      Size/MD5: 14860988 5d96d1182b9733c5069f767928cda214
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-xeon_2.6.8.1-16.4_amd64.deb
      Size/MD5: 14681920 25058037610cd49a79ab241338d2781f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-386_2.6.8.1-16.4_i386.deb
      Size/MD5:   275738 77840bf1a5d63454ba34657930c2e709
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686-smp_2.6.8.1-16.4_i386.deb
      Size/MD5:   270292 eba9db32ff1179b79ed1a8635639b711
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686_2.6.8.1-16.4_i386.deb
      Size/MD5:   273488 ef5ece125c45026ed288cb3975781811
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7-smp_2.6.8.1-16.4_i386.deb
      Size/MD5:   270552 4cb34f75ec28a1f6b34a881ff8fb51b6
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7_2.6.8.1-16.4_i386.deb
      Size/MD5:   273528 539b05ffce8bd8befe7eab1a20757c4f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.4_i386.deb
      Size/MD5:  3218272 90d463f676567aaa17739c2221622706
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-386_2.6.8.1-16.4_i386.deb
      Size/MD5: 15495778 102cc433e269a1468d19fe978259b027
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686-smp_2.6.8.1-16.4_i386.deb
      Size/MD5: 16344374 318bef20efd53ff699c64060f7e29336
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686_2.6.8.1-16.4_i386.deb
      Size/MD5: 16508688 4433e3fb446418d2aa30b553b0824827
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7-smp_2.6.8.1-16.4_i386.deb
      Size/MD5: 16446890 c8070012c44549c8427dca671ecd9ba7
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7_2.6.8.1-16.4_i386.deb
      Size/MD5: 16572264 965edb3b14d0690849b12ce27431b250

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3-smp_2.6.8.1-16.4_powerpc.deb
      Size/MD5:   211772 a958259d2ef2d6a587f197bf3e0c1870
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3_2.6.8.1-16.4_powerpc.deb
      Size/MD5:   212700 10dc9c5c348a107a175e8a9a6c417477
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4-smp_2.6.8.1-16.4_powerpc.deb
      Size/MD5:   211510 87252d9ba57836915084996e775a7314
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4_2.6.8.1-16.4_powerpc.deb
      Size/MD5:   212298 0893ca1cf6e701eaa2cbbb09d1739e98
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc-smp_2.6.8.1-16.4_powerpc.deb
      Size/MD5:   212266 4a8cbbe40426b1bcfca297f97baaac4b
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc_2.6.8.1-16.4_powerpc.deb
      Size/MD5:   213806 e9dd3c5d2a26a202dc5b0661192ab67a
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.4_powerpc.deb
      Size/MD5:  3295602 cbcc850991da1116f787c78922c4761f
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3-smp_2.6.8.1-16.4_powerpc.deb
      Size/MD5: 16365204 4da1ca6719a3a8567897ba1f1eda5c0e
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3_2.6.8.1-16.4_powerpc.deb
      Size/MD5: 15942836 3c0e20308d3cc2de1e8866cccbd084dc
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4-smp_2.6.8.1-16.4_powerpc.deb
      Size/MD5: 16351878 830c8d196d84b56829222d7876c20465
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4_2.6.8.1-16.4_powerpc.deb
      Size/MD5: 15922030 5dc6a15db1f37606a5d09bd598299c4c
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc-smp_2.6.8.1-16.4_powerpc.deb
      Size/MD5: 16288232 76d9b94da2c671f2d57a116ebba9e288
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc_2.6.8.1-16.4_powerpc.deb
      Size/MD5: 15977286 8de79bc4d289ea066777a94747a0291e
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041216/c754151d/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ