[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050315141228.GA26207@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-95-1] Linux kernel vulnerabilities
===========================================================
Ubuntu Security Notice USN-95-1 March 15, 2005
linux-source-2.6.8.1 vulnerabilities
CAN-2005-0209, CAN-2005-0210, CAN-2005-0384, CAN-2005-0529,
CAN-2005-0530, CAN-2005-0531, CAN-2005-0532, CAN-2005-0736
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-patch-debian-2.6.8.1
The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.12. You need to reboot the computer after doing a
standard system upgrade to effect the necessary changes.
Details follow:
A remote Denial of Service vulnerability was discovered in the
Netfilter IP packet handler. This allowed a remote attacker to crash
the machine by sending specially crafted IP packet fragments.
(CAN-2005-0209)
The Netfilter code also contained a memory leak. Certain locally
generated packet fragments are reassembled twice, which caused a
double allocation of a data structure. This could be locally exploited
to crash the machine due to kernel memory exhaustion. (CAN-2005-0210)
Ben Martel and Stephen Blackheath found a remote Denial of Service
vulnerability in the PPP driver. This allowed a malicious pppd client
to crash the server machine. (CAN-2005-0384)
Georgi Guninski discovered a buffer overflow in the ATM driver. The
atm_get_addr() function does not validate its arguments sufficiently,
which could allow a local attacker to overwrite large portions of
kernel memory by supplying a negative length argument. This could
eventually lead to arbitrary code execution. (CAN-2005-0531)
Georgi Guninski also discovered three other integer comparison
problems in the TTY layer, in the /proc interface and the ReiserFS
driver. However, the previous Ubuntu security update (kernel version
2.6.8.1-16.11) already contained a patch which checks the arguments to
these functions at a higher level and thus prevents these flaws from
being exploited. (CAN-2005-0529, CAN-2005-0530, CAN-2005-0532)
Georgi Guninski discovered an integer overflow in the sys_epoll_wait()
function which allowed local users to overwrite the first few kB of
physical memory. However, very few applications actually use this
space (dosemu is a notable exception), but potentially this could lead
to privilege escalation. (CAN-2005-0736)
Eric Anholt discovered a race condition in the Radeon DRI driver. In
some cases this allowed a local user with DRI privileges on a Radeon
card to execute arbitrary code with root privileges.
Finally this update fixes a regression in the NFS server driver
which was introduced in the previous security update (kernel version
2.6.8.1-16.11). We apologize for the inconvenience.
(https://bugzilla.ubuntulinux.org/show_bug.cgi?id=6749)
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.12.diff.gz
Size/MD5: 3138173 562c678c1db3839022a46fe6707b17a2
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.12.dsc
Size/MD5: 2121 ca9878e5a4300fb3d3ae973528826752
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.12_all.deb
Size/MD5: 6156398 8c909af9ca59a3ca9332e9b104550345
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.12_all.deb
Size/MD5: 1494402 7a0837f2bf959a81c654c739adbd46e9
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.12_all.deb
Size/MD5: 36720352 05befe6c04d9327f92b49f8141220449
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.12_all.deb
Size/MD5: 308034 147891a0041bcf9d210915a71914d6c0
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-generic_2.6.8.1-16.12_amd64.deb
Size/MD5: 247896 7dd57b2064006690e2cdcad73ee68d45
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.12_amd64.deb
Size/MD5: 243798 af368e29fd8253726f4d98fc61ae8e63
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-k8_2.6.8.1-16.12_amd64.deb
Size/MD5: 246918 2f15a30e62829856a793e1750d1627ec
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-xeon_2.6.8.1-16.12_amd64.deb
Size/MD5: 242064 095a0823406b09537441e3e57bc2ab6c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.12_amd64.deb
Size/MD5: 3178994 b3837998e2015412d6a23a1767ab1f11
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-generic_2.6.8.1-16.12_amd64.deb
Size/MD5: 14352688 c5be7b5e81a224bbe32c96f8abb4612e
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.12_amd64.deb
Size/MD5: 14828788 eb195f0cf157bfe5da0dc5b77b156c27
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-k8_2.6.8.1-16.12_amd64.deb
Size/MD5: 14861436 b43ddb164a0a2cc8808d1262b8d5750d
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-xeon_2.6.8.1-16.12_amd64.deb
Size/MD5: 14684670 3420b9272177aece4bde1a566e894cf2
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-386_2.6.8.1-16.12_i386.deb
Size/MD5: 276950 3d9f318befd4cabacf059a85c06324c0
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-686-smp_2.6.8.1-16.12_i386.deb
Size/MD5: 271656 09e1b2b404a079852f81b4d7b6eae7bb
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-686_2.6.8.1-16.12_i386.deb
Size/MD5: 274682 9f5ae2ee5d09e85f799eaf4ea3770615
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-k7-smp_2.6.8.1-16.12_i386.deb
Size/MD5: 272144 67499c9bafe38440ee8f3f2b09b667e8
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-k7_2.6.8.1-16.12_i386.deb
Size/MD5: 274840 754e3a4030ee75d3362466832849acbd
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.12_i386.deb
Size/MD5: 3219706 508896938223113ea1699aa4151b8766
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-386_2.6.8.1-16.12_i386.deb
Size/MD5: 15495248 38b990d93eaba078db891bd7404c01e7
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-686-smp_2.6.8.1-16.12_i386.deb
Size/MD5: 16344242 89cb33e659438f4e34b68ba3c32106cd
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-686_2.6.8.1-16.12_i386.deb
Size/MD5: 16512992 4147111c66724fa8691e4b16c356ce86
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-k7-smp_2.6.8.1-16.12_i386.deb
Size/MD5: 16447442 663241c045b232b8b46ff9c5d5b2f973
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-k7_2.6.8.1-16.12_i386.deb
Size/MD5: 16572538 8b8891f4526497e43eab0c173f179615
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power3-smp_2.6.8.1-16.12_powerpc.deb
Size/MD5: 212792 cb39e28e0814976f2831528e20bf8deb
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power3_2.6.8.1-16.12_powerpc.deb
Size/MD5: 213482 5b469307ceb0839a5ca73e170bd4b5a9
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power4-smp_2.6.8.1-16.12_powerpc.deb
Size/MD5: 212514 eec8a75e60edee4eb0784cc44b4c5991
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power4_2.6.8.1-16.12_powerpc.deb
Size/MD5: 213232 7dc2c5a6884dc3bb9e12cb15c2d86475
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-powerpc-smp_2.6.8.1-16.12_powerpc.deb
Size/MD5: 213112 71c2be933fe1cae5cf04a834af834b97
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-powerpc_2.6.8.1-16.12_powerpc.deb
Size/MD5: 214548 72904d0d50787c36b097c11f480329ba
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.12_powerpc.deb
Size/MD5: 3297040 15f7b67ca420635504ba90d020cd5990
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power3-smp_2.6.8.1-16.12_powerpc.deb
Size/MD5: 16366562 437904d293401104d04e879394be098e
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power3_2.6.8.1-16.12_powerpc.deb
Size/MD5: 15942190 1b71783b31ec56e29d09dfa8de844caa
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power4-smp_2.6.8.1-16.12_powerpc.deb
Size/MD5: 16353764 8aefa48d5f7461db9ede5fd05da3c57a
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power4_2.6.8.1-16.12_powerpc.deb
Size/MD5: 15924916 14f880d34cd8f1e232ec52a559f046af
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-powerpc-smp_2.6.8.1-16.12_powerpc.deb
Size/MD5: 16289024 1878256aaff9b8bbb003554590d359b3
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-powerpc_2.6.8.1-16.12_powerpc.deb
Size/MD5: 15975818 8ba319a47d693a063cfae316aaf965e8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050315/ea9e542a/attachment.bin
Powered by blists - more mailing lists