About Ubuntu

=========================================================== Ubuntu Security Notice USN-470-1 June 08, 2007 linux-source-2.6.20 vulnerabilities CVE-2007-1353, CVE-2007-2451, CVE-2007-2453 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: linux-image-2.6.20-16-386 2.6.20-16.29 linux-image-2.6.20-16-generic 2.6.20-16.29 linux-image-2.6.20-16-hppa32 2.6.20-16.29 linux-image-2.6.20-16-hppa64 2.6.20-16.29 linux-image-2.6.20-16-itanium 2.6.20-16.29 linux-image-2.6.20-16-lowlatency 2.6.20-16.29 linux-image-2.6.20-16-mckinley 2.6.20-16.29 linux-image-2.6.20-16-powerpc 2.6.20-16.29 linux-image-2.6.20-16-powerpc-smp 2.6.20-16.29 linux-image-2.6.20-16-powerpc64-smp 2.6.20-16.29 linux-image-2.6.20-16-server 2.6.20-16.29 linux-image-2.6.20-16-server-bigiron 2.6.20-16.29 linux-image-2.6.20-16-sparc64 2.6.20-16.29 linux-image-2.6.20-16-sparc64-smp 2.6.20-16.29 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: USN-464-1 fixed several vulnerabilities in the Linux kernel. Some additional code changes were accidentally included in the Feisty update which caused trouble for some people who were not using UUID-based filesystem mounts. These changes have been reverted. We apologize for the inconvenience. For more information see: https://launchpad.net/bugs/117314 https://wiki.ubuntu.com/UsingUUID Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353) The GEODE-AES driver did not correctly initialize its encryption key. Any data encrypted using this type of device would be easily compromised. (CVE-2007-2451) The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453)