About Ubuntu

=========================================================== Ubuntu Security Notice USN-38-1 December 14, 2004 linux-source-2.6.8.1 vulnerabilities CAN-2004-0814, CAN-2004-1016, CAN-2004-1056, CAN-2004-1058, CAN-2004-1068, CAN-2004-1069, CAN-2004-1137, CAN-2004-1151 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: linux-image-2.6.8.1-4-386 linux-image-2.6.8.1-4-686 linux-image-2.6.8.1-4-686-smp linux-image-2.6.8.1-4-amd64-generic linux-image-2.6.8.1-4-amd64-k8 linux-image-2.6.8.1-4-amd64-k8-smp linux-image-2.6.8.1-4-amd64-xeon linux-image-2.6.8.1-4-k7 linux-image-2.6.8.1-4-k7-smp linux-image-2.6.8.1-4-power3 linux-image-2.6.8.1-4-power3-smp linux-image-2.6.8.1-4-power4 linux-image-2.6.8.1-4-power4-smp linux-image-2.6.8.1-4-powerpc linux-image-2.6.8.1-4-powerpc-smp The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.3. You need to reboot the computer after doing a standard system upgrade to effect the necessary changes. ATTENTION: Due to an unavoidable ABI change this kernel got a new version number, which requires to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Details follow: CAN-2004-0814: Vitaly V. Bursov discovered a Denial of Service vulnerability in the "serio" code; opening the same tty device twice and doing some particular operations on it caused a kernel panic and/or a system lockup. Fixing this vulnerability required a change in the Application Binary Interface (ABI) of the kernel. This means that third party user installed modules might not work any more with the new kernel, so this fixed kernel got a new ABI version number. You have to recompile and reinstall all third party modules. CAN-2004-1016: Paul Starzetz discovered a buffer overflow vulnerability in the "__scm_send" function which handles the sending of UDP network packets. A wrong validity check of the cmsghdr structure allowed a local attacker to modify kernel memory, thus causing an endless loop (Denial of Service) or possibly even root privilege escalation. CAN-2004-1056: Thomas Hellström discovered a Denial of Service vulnerability in the Direct Rendering Manager (DRM) drivers. Due to an insufficient DMA lock checking, any authorized client could send arbitrary values to the video card, which could cause an X server crash or modification of the video output. CAN-2004-1058: Rob Landley discovered a race condition in the handling of /proc/.../cmdline. Under very rare circumstances an user could read the environment variables of another process that was still spawning. Environment variables are often used to pass passwords and other private information to other processes. CAN-2004-1068: A race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel. CAN-2004-1069: Ross Kendall Axe discovered a possible kernel panic (causing a Denial of Service) while sending AF_UNIX network packages if the kernel options CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX are enabled. This is not the case in the kernel packages shipped in Warty Warthog; however, if you recompiled the kernel using SELinux, you are affected by this flaw. CAN-2004-1137: Paul Starzetz discovered several flaws in the IGMP handling code. This allowed users to provoke a Denial of Service, read kernel memory, and execute arbitrary code with root privileges. This flaw is also exploitable remotely if an application has bound a multicast socket. CAN-2004-1151: Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions. This could possibly be exploited to overwrite kernel memory with attacker-supplied code and cause root privilege escalation. This vulnerability only affects the amd64 architecture.