Submitted by KeesCook on Sun, 2005-09-25 12:03
Referenced CVEs:
CAN-2005-1767, CAN-2005-3044
Description:
===========================================================
Ubuntu Security Notice USN-187-1 September 25, 2005
linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities
CAN-2005-1767, CAN-2005-3044
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-image-2.6.10-5-386
linux-image-2.6.10-5-686
linux-image-2.6.10-5-686-smp
linux-image-2.6.10-5-amd64-generic
linux-image-2.6.10-5-amd64-k8
linux-image-2.6.10-5-amd64-k8-smp
linux-image-2.6.10-5-amd64-xeon
linux-image-2.6.10-5-itanium
linux-image-2.6.10-5-itanium-smp
linux-image-2.6.10-5-k7
linux-image-2.6.10-5-k7-smp
linux-image-2.6.10-5-mckinley
linux-image-2.6.10-5-mckinley-smp
linux-image-2.6.10-5-power3
linux-image-2.6.10-5-power3-smp
linux-image-2.6.10-5-power4
linux-image-2.6.10-5-power4-smp
linux-image-2.6.10-5-powerpc
linux-image-2.6.10-5-powerpc-smp
linux-patch-debian-2.6.8.1
linux-patch-ubuntu-2.6.10
The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.23 (for Ubuntu 4.10), or 2.6.10-34.6 (for Ubuntu
5.04). After a standard system upgrade you need to restart your
computer to effect the necessary changes.
Details follow:
A Denial of Service vulnerability was detected in the stack segment
fault handler. A local attacker could exploit this by causing stack
fault exceptions under special circumstances (scheduling), which lead
to a kernel crash. (CAN-2005-1767)
Vasiliy Averin discovered a Denial of Service vulnerability in the
"tiocgdev" ioctl call and in the "routing_ioctl" function. By calling
fget() and fput() in special ways, a local attacker could exploit this
to destroy file descriptor structures and crash the kernel.
(CAN-2005-3044)
