[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050114143014.GA946@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-60-0] Linux kernel vulnerabilities
===========================================================
Ubuntu Security Notice USN-60-0 January 14, 2005
linux-source-2.6.8.1 vulnerabilities
CAN-2005-0001
http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
linux-image-2.6.8.1-4-386
linux-image-2.6.8.1-4-686
linux-image-2.6.8.1-4-686-smp
linux-image-2.6.8.1-4-amd64-generic
linux-image-2.6.8.1-4-amd64-k8
linux-image-2.6.8.1-4-amd64-k8-smp
linux-image-2.6.8.1-4-amd64-xeon
linux-image-2.6.8.1-4-k7
linux-image-2.6.8.1-4-k7-smp
linux-image-2.6.8.1-4-power3
linux-image-2.6.8.1-4-power3-smp
linux-image-2.6.8.1-4-power4
linux-image-2.6.8.1-4-power4-smp
linux-image-2.6.8.1-4-powerpc
linux-image-2.6.8.1-4-powerpc-smp
linux-patch-debian-2.6.8.1
The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.10. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
CAN-2005-0001:
Paul Starzetz discovered a race condition in the Linux page fault
handler code. This allowed an unprivileged user to gain root
privileges on multiprocessor machines under some circumstances.
This also affects the Hyper-Threading mode on Pentium 4 processors.
http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html:
Brad Spengler discovered that some device drivers used
copy_from_user() (a function to copy data from userspace tools into
kernel memory) with insufficient input validation. This potentially
allowed users and/or malicious hardware to overwrite kernel memory
which could result in a crash (Denial of Service) or even root
privilege escalation.
Additionally, this update corrects the SMB file system driver.
USN-30-1 fixed some vulnerabilities in this driver (see CAN-2004-0883,
CAN-2004-0949). However, it was found that these new validation checks
were too strict, which cause some valid operations to fail.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.10.diff.gz
Size/MD5: 3124783 7baba6f520b34239295eec86ceeadb57
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.10.dsc
Size/MD5: 2121 78646f13bd7c123b1e1e1aee212a19b0
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.10_all.deb
Size/MD5: 6157246 2557a8f542a6e9ccc5bbbe537a09f24d
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.10_all.deb
Size/MD5: 1480818 7095633ace504dd73613917c5e4d821b
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.10_all.deb
Size/MD5: 36717852 f5e6d31457d3d01b36d9c3d097a245bf
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.10_all.deb
Size/MD5: 307276 785cc9563aeb987ac56d04c5860c4583
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-generic_2.6.8.1-16.10_amd64.deb
Size/MD5: 247434 6588a9beca0665c21bce6e0c35ef5eef
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.10_amd64.deb
Size/MD5: 242972 ef0192b74166eda7c85faae0f961a2cb
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8_2.6.8.1-16.10_amd64.deb
Size/MD5: 246506 fa75cfaa15ba3ff9c5b11f4945a4c5ec
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-xeon_2.6.8.1-16.10_amd64.deb
Size/MD5: 241342 decfc1908a591a25b4e9e1be8f0e3649
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.10_amd64.deb
Size/MD5: 3178078 1251cdcd9878ff7bdce13488ad574d8f
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-generic_2.6.8.1-16.10_amd64.deb
Size/MD5: 14353334 8d4512da15329f410b45c67cbd42bf0b
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.10_amd64.deb
Size/MD5: 14828790 e3d54c2f7c767aebc1a063cc27af0811
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8_2.6.8.1-16.10_amd64.deb
Size/MD5: 14861886 6122cebafa9bff7fb91671970c556cfe
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-xeon_2.6.8.1-16.10_amd64.deb
Size/MD5: 14684698 3f5b386a6e40f80516f9e59db20c6692
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-386_2.6.8.1-16.10_i386.deb
Size/MD5: 276196 fe47ff520d0d798cbaa81dcc2b1f6e86
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686-smp_2.6.8.1-16.10_i386.deb
Size/MD5: 270874 cbe52b86d908e1255272d175f9f651d1
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686_2.6.8.1-16.10_i386.deb
Size/MD5: 274050 5a2535d1895d13f7adb5f919f07dcb8a
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7-smp_2.6.8.1-16.10_i386.deb
Size/MD5: 271178 faec7f6dca98fb4ddb29973f5171c64a
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7_2.6.8.1-16.10_i386.deb
Size/MD5: 274106 f8a767051d9d65afb6743930b393245b
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.10_i386.deb
Size/MD5: 3218786 f9647906a4382578efd19a510f2e9941
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-386_2.6.8.1-16.10_i386.deb
Size/MD5: 15495688 e7c081897718ab829beb87aa032e6f01
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686-smp_2.6.8.1-16.10_i386.deb
Size/MD5: 16344846 d47cd6269296488515904a9f4a644e78
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686_2.6.8.1-16.10_i386.deb
Size/MD5: 16511876 c2a701f2502e20973578a5a0f863c41c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7-smp_2.6.8.1-16.10_i386.deb
Size/MD5: 16446858 182c5641b7f9b3b4b2a4e78fb5a934d0
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7_2.6.8.1-16.10_i386.deb
Size/MD5: 16573412 e3f3c2326e434cc5137ccd324fd269a5
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3-smp_2.6.8.1-16.10_powerpc.deb
Size/MD5: 212200 e55327823c7403f3a51e232be3914a8d
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3_2.6.8.1-16.10_powerpc.deb
Size/MD5: 212922 0ad9bd97d8ac7a6f8241da8df3d5fcc6
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4-smp_2.6.8.1-16.10_powerpc.deb
Size/MD5: 211924 06b25a4fe260d751a0e5be41889a0995
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4_2.6.8.1-16.10_powerpc.deb
Size/MD5: 212686 fe70bb59a88058a20e8037fe534434a0
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc-smp_2.6.8.1-16.10_powerpc.deb
Size/MD5: 212592 59067dc10494c585f5d9020875fba9b2
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc_2.6.8.1-16.10_powerpc.deb
Size/MD5: 214104 363a3e0b5f3921c8b7af2c1afddeab29
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.10_powerpc.deb
Size/MD5: 3296108 aabb6a794c2a1af565627706373bc574
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3-smp_2.6.8.1-16.10_powerpc.deb
Size/MD5: 16366144 618e5fc502020f41e04e7bd892d8d275
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3_2.6.8.1-16.10_powerpc.deb
Size/MD5: 15943176 0a5197aa75406791e30c5106e60e03ba
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4-smp_2.6.8.1-16.10_powerpc.deb
Size/MD5: 16353386 36091d4d463c74a680b6124dd63a46bc
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4_2.6.8.1-16.10_powerpc.deb
Size/MD5: 15925318 96e7fa989818b59c8d567f014545901c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc-smp_2.6.8.1-16.10_powerpc.deb
Size/MD5: 16288048 b50e240bf758725c9fdebd1c2dce903c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc_2.6.8.1-16.10_powerpc.deb
Size/MD5: 15975940 c7b20be7720832a8714101336f20db3c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050114/b9c0214b/attachment.bin
Powered by blists - more mailing lists