About Ubuntu

=========================================================== Ubuntu Security Notice USN-395-1 December 13, 2006 linux-source-2.6.12/-2.6.15/-2.6.17 vulnerabilities CVE-2006-4572, CVE-2006-4813, CVE-2006-4997, CVE-2006-5158, CVE-2006-5173, CVE-2006-5619, CVE-2006-5648, CVE-2006-5649, CVE-2006-5701, CVE-2006-5751 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: linux-image-2.6.12-10-386 2.6.12-10.42 linux-image-2.6.12-10-686 2.6.12-10.42 linux-image-2.6.12-10-686-smp 2.6.12-10.42 linux-image-2.6.12-10-amd64-generic 2.6.12-10.42 linux-image-2.6.12-10-amd64-k8 2.6.12-10.42 linux-image-2.6.12-10-amd64-k8-smp 2.6.12-10.42 linux-image-2.6.12-10-amd64-xeon 2.6.12-10.42 linux-image-2.6.12-10-k7 2.6.12-10.42 linux-image-2.6.12-10-k7-smp 2.6.12-10.42 linux-image-2.6.12-10-powerpc 2.6.12-10.42 linux-image-2.6.12-10-powerpc-smp 2.6.12-10.42 linux-image-2.6.12-10-powerpc64-smp 2.6.12-10.42 linux-image-2.6.12-10-sparc64 2.6.12-10.42 linux-image-2.6.12-10-sparc64-smp 2.6.12-10.42 linux-patch-ubuntu-2.6.12 2.6.12-10.42 Ubuntu 6.06 LTS: linux-image-2.6.15-27-386 2.6.15-27.50 linux-image-2.6.15-27-686 2.6.15-27.50 linux-image-2.6.15-27-amd64-generic 2.6.15-27.50 linux-image-2.6.15-27-amd64-k8 2.6.15-27.50 linux-image-2.6.15-27-amd64-server 2.6.15-27.50 linux-image-2.6.15-27-amd64-xeon 2.6.15-27.50 linux-image-2.6.15-27-k7 2.6.15-27.50 linux-image-2.6.15-27-powerpc 2.6.15-27.50 linux-image-2.6.15-27-powerpc-smp 2.6.15-27.50 linux-image-2.6.15-27-powerpc64-smp 2.6.15-27.50 linux-image-2.6.15-27-server 2.6.15-27.50 linux-image-2.6.15-27-server-bigiron 2.6.15-27.50 linux-image-2.6.15-27-sparc64 2.6.15-27.50 linux-image-2.6.15-27-sparc64-smp 2.6.15-27.50 linux-source-2.6.15 2.6.15-27.50 Ubuntu 6.10: linux-image-2.6.17-10-386 2.6.17.1-10.34 linux-image-2.6.17-10-generic 2.6.17.1-10.34 linux-image-2.6.17-10-powerpc 2.6.17.1-10.34 linux-image-2.6.17-10-powerpc-smp 2.6.17.1-10.34 linux-image-2.6.17-10-powerpc64-smp 2.6.17.1-10.34 linux-image-2.6.17-10-server 2.6.17.1-10.34 linux-image-2.6.17-10-server-bigiron 2.6.17.1-10.34 linux-image-2.6.17-10-sparc64 2.6.17.1-10.34 linux-image-2.6.17-10-sparc64-smp 2.6.17.1-10.34 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Mark Dowd discovered that the netfilter iptables module did not correcly handle fragmented IPv6 packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules. This has only be fixed for Ubuntu 6.10; the corresponding fix for Ubuntu 5.10 and 6.06 will follow soon. (CVE-2006-4572) Dmitriy Monakhov discovered an information leak in the __block_prepare_write() function. During error recovery, this function did not properly clear memory buffers which could allow local users to read portions of unlinked files. This only affects Ubuntu 5.10. (CVE-2006-4813) ADLab Venustech Info Ltd discovered that the ATM network driver referenced an already released pointer in some circumstances. By sending specially crafted packets to a host over ATM, a remote attacker could exploit this to crash that host. This does not affect Ubuntu 6.10. (CVE-2006-4997) Matthias Andree discovered that the NFS locking management daemon (lockd) did not correctly handle mixing of 'lock' and 'nolock' option mounts on the same client. A remote attacker could exploit this to crash lockd and thus rendering the NFS imports inaccessible. This only affects Ubuntu 5.10. (CVE-2006-5158) The task switching code did not save and restore EFLAGS of processes. By starting a specially crafted executable, a local attacker could exploit this to eventually crash many other running processes. This does not affect Ubuntu 6.10. (CVE-2006-5173) James Morris discovered that the ip6fl_get_n() function incorrectly handled flow labels. A local attacker could exploit this to crash the kernel. (CVE-2006-5619) Fabio Massimo Di Nitto discovered that the sys_get_robust_list and sys_set_robust_list system calls lacked proper lock handling on the powerpc and sparc platforms. A local attacker could exploit this to create unkillable processes, drain all available CPU/memory, and render the machine unrebootable. This only affects Ubuntu 6.10. (CVE-2006-5648) Fabio Massimo Di Nitto discovered a flaw in the alignment check exception handling on the powerpc and sparc platforms. A local attacker could exploit this to cause a kernel panic and crash the machine. (CVE-2006-5649) Certain corrupted squashfs file system images caused a memory allocation to be freed twice. By mounting a specially crafted squashfs file system, a local attacker could exploit this to crash the kernel. This does not affect Ubuntu 5.10. (CVE-2006-5701) An integer overflow was found in the get_fdb_entries() function of the network bridging code. By executing a specially crafted ioctl, a local attacker could exploit this to execute arbitrary code with root privileges. (CVE-2006-5751)