USN-966-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-966-1

4th August, 2010

linux, linux-{source-2.6.15,ec2,mvl-dove,ti-omap} vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.04 LTS
  • Ubuntu 6.06 LTS

Summary

Multiple security flaws.

Software description

  • linux - Linux kernel
  • linux-ec2 - Linux kernel for EC2
  • linux-mvl-dove - Linux kernel for MVL Dove
  • linux-source-2.6.15 - Linux kernel
  • linux-ti-omap - Linux kernel for TI Omap

Details

Junjiro R. Okajima discovered that knfsd did not correctly handle
strict overcommit. A local attacker could exploit this to crash knfsd,
leading to a denial of service. (Only Ubuntu 6.06 LTS and 8.04 LTS were
affected.) (CVE-2008-7256, CVE-2010-1643)

Chris Guo, Jukka Taimisto, and Olli Jarva discovered that SCTP did
not correctly handle invalid parameters. A remote attacker could send
specially crafted traffic that could crash the system, leading to a
denial of service. (CVE-2010-1173)

Mario Mikocevic discovered that GFS2 did not correctly handle certain
quota structures. A local attacker could exploit this to crash the
system, leading to a denial of service. (Ubuntu 6.06 LTS was not
affected.) (CVE-2010-1436)

Toshiyuki Okajima discovered that the kernel keyring did not correctly
handle dead keyrings. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-1437)

Brad Spengler discovered that Sparc did not correctly implement
non-executable stacks. This made userspace applications vulnerable to
exploits that would have been otherwise blocked due to non-executable
memory protections. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1451)

Dan Rosenberg discovered that the btrfs clone function did not correctly
validate permissions. A local attacker could exploit this to read
sensitive information, leading to a loss of privacy. (Only Ubuntu 9.10
was affected.) (CVE-2010-1636)

Dan Rosenberg discovered that GFS2 set_flags function did not correctly
validate permissions. A local attacker could exploit this to gain
access to files, leading to a loss of privacy and potential privilege
escalation. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1641)

Shi Weihua discovered that btrfs xattr_set_acl function did not
correctly validate permissions. A local attacker could exploit
this to gain access to files, leading to a loss of privacy and
potential privilege escalation. (Only Ubuntu 9.10 and 10.04 LTS were
affected.) (CVE-2010-2071)

Andre Osterhues discovered that eCryptfs did not correctly calculate
hash values. A local attacker with certain uids could exploit this to
crash the system or potentially gain root privileges. (Ubuntu 6.06 LTS
was not affected.) (CVE-2010-2492)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:
linux-image-2.6.33-502-omap 2.6.33-502.9
linux-image-2.6.32-308-ec2 2.6.32-308.14
linux-image-2.6.32-207-dove 2.6.32-207.21
linux-image-2.6.32-24-386 2.6.32-24.39
linux-image-2.6.32-24-powerpc 2.6.32-24.39
linux-image-2.6.32-24-powerpc64-smp 2.6.32-24.39
linux-image-2.6.32-24-generic-pae 2.6.32-24.39
linux-image-2.6.32-24-versatile 2.6.32-24.39
linux-image-2.6.32-24-generic 2.6.32-24.39
linux-image-2.6.32-24-virtual 2.6.32-24.39
linux-image-2.6.32-24-server 2.6.32-24.39
linux-image-2.6.32-24-ia64 2.6.32-24.39
linux-image-2.6.32-24-sparc64-smp 2.6.32-24.39
linux-image-2.6.32-24-preempt 2.6.32-24.39
linux-image-2.6.32-24-powerpc-smp 2.6.32-24.39
linux-image-2.6.32-24-sparc64 2.6.32-24.39
linux-image-2.6.32-24-lpia 2.6.32-24.39
Ubuntu 9.10:
linux-image-2.6.31-22-server 2.6.31-22.61
linux-image-2.6.31-22-ia64 2.6.31-22.61
linux-image-2.6.31-307-ec2 2.6.31-307.16
linux-image-2.6.31-22-generic-pae 2.6.31-22.61
linux-image-2.6.31-22-386 2.6.31-22.61
linux-image-2.6.31-22-powerpc 2.6.31-22.61
linux-image-2.6.31-22-sparc64 2.6.31-22.61
linux-image-2.6.31-22-sparc64-smp 2.6.31-22.61
linux-image-2.6.31-22-powerpc-smp 2.6.31-22.61
linux-image-2.6.31-22-virtual 2.6.31-22.61
linux-image-2.6.31-214-dove 2.6.31-214.29
linux-image-2.6.31-22-powerpc64-smp 2.6.31-22.61
linux-image-2.6.31-22-generic 2.6.31-22.61
linux-image-2.6.31-22-lpia 2.6.31-22.61
linux-image-2.6.31-214-dove-z0 2.6.31-214.29
Ubuntu 9.04:
linux-image-2.6.28-19-lpia 2.6.28-19.62
linux-image-2.6.28-19-versatile 2.6.28-19.62
linux-image-2.6.28-19-imx51 2.6.28-19.62
linux-image-2.6.28-19-generic 2.6.28-19.62
linux-image-2.6.28-19-server 2.6.28-19.62
linux-image-2.6.28-19-ixp4xx 2.6.28-19.62
linux-image-2.6.28-19-virtual 2.6.28-19.62
linux-image-2.6.28-19-iop32x 2.6.28-19.62
Ubuntu 8.04 LTS:
linux-image-2.6.24-28-powerpc64-smp 2.6.24-28.73
linux-image-2.6.24-28-hppa32 2.6.24-28.73
linux-image-2.6.24-28-generic 2.6.24-28.73
linux-image-2.6.24-28-powerpc 2.6.24-28.73
linux-image-2.6.24-28-sparc64-smp 2.6.24-28.73
linux-image-2.6.24-28-itanium 2.6.24-28.73
linux-image-2.6.24-28-openvz 2.6.24-28.73
linux-image-2.6.24-28-virtual 2.6.24-28.73
linux-image-2.6.24-28-rt 2.6.24-28.73
linux-image-2.6.24-28-lpia 2.6.24-28.73
linux-image-2.6.24-28-hppa64 2.6.24-28.73
linux-image-2.6.24-28-mckinley 2.6.24-28.73
linux-image-2.6.24-28-server 2.6.24-28.73
linux-image-2.6.24-28-powerpc-smp 2.6.24-28.73
linux-image-2.6.24-28-386 2.6.24-28.73
linux-image-2.6.24-28-lpiacompat 2.6.24-28.73
linux-image-2.6.24-28-sparc64 2.6.24-28.73
linux-image-2.6.24-28-xen 2.6.24-28.73
Ubuntu 6.06 LTS:
linux-image-2.6.15-55-hppa64 2.6.15-55.86
linux-image-2.6.15-55-mckinley 2.6.15-55.86
linux-image-2.6.15-55-powerpc-smp 2.6.15-55.86
linux-image-2.6.15-55-hppa32-smp 2.6.15-55.86
linux-image-2.6.15-55-686 2.6.15-55.86
linux-image-2.6.15-55-amd64-k8 2.6.15-55.86
linux-image-2.6.15-55-amd64-server 2.6.15-55.86
linux-image-2.6.15-55-386 2.6.15-55.86
linux-image-2.6.15-55-sparc64-smp 2.6.15-55.86
linux-image-2.6.15-55-k7 2.6.15-55.86
linux-image-2.6.15-55-sparc64 2.6.15-55.86
linux-image-2.6.15-55-server 2.6.15-55.86
linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.86
linux-image-2.6.15-55-hppa32 2.6.15-55.86
linux-image-2.6.15-55-mckinley-smp 2.6.15-55.86
linux-image-2.6.15-55-server-bigiron 2.6.15-55.86
linux-image-2.6.15-55-itanium-smp 2.6.15-55.86
linux-image-2.6.15-55-amd64-xeon 2.6.15-55.86
linux-image-2.6.15-55-powerpc 2.6.15-55.86
linux-image-2.6.15-55-amd64-generic 2.6.15-55.86
linux-image-2.6.15-55-hppa64-smp 2.6.15-55.86
linux-image-2.6.15-55-itanium 2.6.15-55.86

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2008-7256, CVE-2010-1173, CVE-2010-1436, CVE-2010-1437, CVE-2010-1451, CVE-2010-1636, CVE-2010-1641, CVE-2010-1643, CVE-2010-2071, CVE-2010-2492