Ubuntu Security Notice USN-869-1
9th December, 2009
linux vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 9.10
Software description
- linux
Details
David Ford discovered that the IPv4 defragmentation routine did not
correctly handle oversized packets. A remote attacker could send
specially crafted traffic that would cause a system to crash, leading
to a denial of service. (The fix was included in the earlier kernels
from USN-864-1.) (CVE-2009-1298)
Akira Fujita discovered that the Ext4 "move extents" ioctl did not
correctly check permissions. A local attacker could exploit this to
overwrite arbitrary files on the system, leading to root privilege
escalation. (CVE-2009-4131)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 9.10:
- linux-image-2.6.31-16-powerpc-smp 2.6.31-16.53
- linux-image-2.6.31-16-server 2.6.31-16.53
- linux-image-2.6.31-16-powerpc64-smp 2.6.31-16.53
- linux-image-2.6.31-16-lpia 2.6.31-16.53
- linux-image-2.6.31-16-386 2.6.31-16.53
- linux-image-2.6.31-16-generic-pae 2.6.31-16.53
- linux-image-2.6.31-16-sparc64-smp 2.6.31-16.53
- linux-image-2.6.31-16-virtual 2.6.31-16.53
- linux-image-2.6.31-16-sparc64 2.6.31-16.53
- linux-image-2.6.31-16-ia64 2.6.31-16.53
- linux-image-2.6.31-16-generic 2.6.31-16.53
- linux-image-2.6.31-16-powerpc 2.6.31-16.53
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.