[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050215092150.GA28241@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-82-1] Linux kernel vulnerabilities
===========================================================
Ubuntu Security Notice USN-82-1 February 15, 2005
linux-source-2.6.8.1 vulnerabilities
CAN-2005-0176, CAN-2005-0177, CAN-2005-0178
http://oss.sgi.com/archives/netdev/2005-01/msg01036.html
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-source-2.6.8.1
The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.11. You need to reboot the computer after doing a
standard system upgrade to effect the necessary changes.
ATTENTION: Due to an unavoidable ABI change this kernel got a new
version number, which requires to recompile and reinstall all third
party kernel modules you might have installed. If you use
linux-restricted-modules, you have to update that package as well to
get modules which work with the new kernel version.
Details follow:
CAN-2004-0176:
Michael Kerrisk noticed an insufficient permission checking in the
shmctl() function. Any process was permitted to lock/unlock any
System V shared memory segment that fell within the the
RLIMIT_MEMLOCK limit (that is the maximum size of shared memory that
unprivileged users can acquire). This allowed am unprivileged user
process to unlock locked memory of other processes, thereby allowing
them to be swapped out. Usually locked shared memory is used to
store passphrases and other sensitive content which must not be
written to the swap space (where it could be read out even after a
reboot).
CAN-2005-0177:
OGAWA Hirofumi noticed that the table sizes in nls_ascii.c were
incorrectly set to 128 instead of 256. This caused a buffer overflow
in some cases which could be exploited to crash the kernel.
CAN-2005-0178:
A race condition was found in the terminal handling of the
"setsid()" function, which is used to start new process sessions.
http://oss.sgi.com/archives/netdev/2005-01/msg01036.html:
David Coulson noticed a design flaw in the netfilter/iptables module.
By sending specially crafted packets, a remote attacker could exploit
this to crash the kernel or to bypass firewall rules.
Fixing this vulnerability required a change in the Application
Binary Interface (ABI) of the kernel. This means that third party
user installed modules might not work any more with the new kernel,
so this fixed kernel has a new ABI version number. You have to
recompile and reinstall all third party modules.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.11.diff.gz
Size/MD5: 3131336 018744464a81b26a56e8ebad017a6b92
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.11.dsc
Size/MD5: 2121 1f9b1a2154269330778491713342f356
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.11_all.deb
Size/MD5: 6157384 1f8e5c04af6b4747b22a955234793868
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.11_all.deb
Size/MD5: 1487356 84c8210589ecce35d6cc4927947206cf
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.11_all.deb
Size/MD5: 36721850 700dab7df43c5fdac9d8fa20e5fc463d
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.11_all.deb
Size/MD5: 307628 13c78081dbf5937951016cd11aa0c3d9
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-generic_2.6.8.1-16.11_amd64.deb
Size/MD5: 247484 32e97a0231fe15be3e401b54d17287b6
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.11_amd64.deb
Size/MD5: 243346 3ebff9280b5ad3149d31b1e104ac234d
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-k8_2.6.8.1-16.11_amd64.deb
Size/MD5: 246658 aefe96c821df4eab05865481d9a9b492
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-xeon_2.6.8.1-16.11_amd64.deb
Size/MD5: 241658 3cdb542a8697652f26c3d4da698caa2c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.11_amd64.deb
Size/MD5: 3178600 8a3beb8ab0f2405524d6f25d5c991e4a
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-generic_2.6.8.1-16.11_amd64.deb
Size/MD5: 14353492 d5d99134c044eeb6db3705a371846129
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.11_amd64.deb
Size/MD5: 14829272 fe97d55924252a32e7a5998fcb7f219d
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-k8_2.6.8.1-16.11_amd64.deb
Size/MD5: 14862020 4e6fd1ec472e2d71be18e14373cc96a0
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-xeon_2.6.8.1-16.11_amd64.deb
Size/MD5: 14685336 4dde3f2e54ac2c782ebdb548919c8fa0
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-386_2.6.8.1-16.11_i386.deb
Size/MD5: 276618 e7515bca01afee669aa8c7d911c91ec9
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-686-smp_2.6.8.1-16.11_i386.deb
Size/MD5: 271306 1dd684c2fcc4b51e90755d379169da7a
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-686_2.6.8.1-16.11_i386.deb
Size/MD5: 274344 bf6865cc48586f2106d7fe0a4cedabb6
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-k7-smp_2.6.8.1-16.11_i386.deb
Size/MD5: 271496 d00c94e11d37b9f9a8559871059a8e8e
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-k7_2.6.8.1-16.11_i386.deb
Size/MD5: 274504 c5b8d5d81399cf85f696dbab9cc63f56
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.11_i386.deb
Size/MD5: 3219282 3715432204a5a3bc041a107c3fab36d6
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-386_2.6.8.1-16.11_i386.deb
Size/MD5: 15495868 83b6105ee396f209626708fdace4b6b0
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-686-smp_2.6.8.1-16.11_i386.deb
Size/MD5: 16345520 a95573b78fa75c7804717bdae413ae09
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-686_2.6.8.1-16.11_i386.deb
Size/MD5: 16513502 1fd8522debd671daba5d13426ddfe527
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-k7-smp_2.6.8.1-16.11_i386.deb
Size/MD5: 16448364 19e0461812d1c04b147cd7417ab37f4a
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-k7_2.6.8.1-16.11_i386.deb
Size/MD5: 16573500 e90a1d65c27a6b4d32c30cafc10d5297
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power3-smp_2.6.8.1-16.11_powerpc.deb
Size/MD5: 212458 fcd0297e7895434f7c1b8a44be00826c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power3_2.6.8.1-16.11_powerpc.deb
Size/MD5: 213210 1318790324114b43286969e7d1772f61
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power4-smp_2.6.8.1-16.11_powerpc.deb
Size/MD5: 212278 6f211474930ebcabf50ce8e486b748c4
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power4_2.6.8.1-16.11_powerpc.deb
Size/MD5: 212992 dc9c578a1fc49f29a344fc35c62f8dde
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-powerpc-smp_2.6.8.1-16.11_powerpc.deb
Size/MD5: 212934 49c3817461c65f51c98fec71d7a2171a
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-powerpc_2.6.8.1-16.11_powerpc.deb
Size/MD5: 214312 2fcedb0aa0bf9ed2e260943eb3b5d03f
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.11_powerpc.deb
Size/MD5: 3296508 9b9dc2b9adc886bb5608e9ec1e8a61b6
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power3-smp_2.6.8.1-16.11_powerpc.deb
Size/MD5: 16367592 d68479b96cb67d53266a596df49274b1
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power3_2.6.8.1-16.11_powerpc.deb
Size/MD5: 15942424 fc5c150813918c651d574facc3cc1e28
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power4-smp_2.6.8.1-16.11_powerpc.deb
Size/MD5: 16354802 ba375b1b58c7d2f66da79f4f5b9143a8
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power4_2.6.8.1-16.11_powerpc.deb
Size/MD5: 15926092 3023e8dfcc225a5a05d3cfd4ff8f0e81
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-powerpc-smp_2.6.8.1-16.11_powerpc.deb
Size/MD5: 16289236 ce61fec3ae189560596423ebe8beddd4
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-powerpc_2.6.8.1-16.11_powerpc.deb
Size/MD5: 15976204 3ca936e410bdb73e3c79490efd155928
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050215/171c62df/attachment.bin
Powered by blists - more mailing lists