USN-319-2: Linux kernel vulnerability

Ubuntu Security Notice USN-319-2

19th July, 2006

linux-source-2.6.10, linux-source-2.6.12 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 5.10
Ubuntu 5.04

Details

USN-319-1 fixed a Linux kernel vulnerability in Ubuntu 6.06 LTS. This
followup advisory provides the corresponding updates for Ubuntu 5.04
and 5.10.

For reference, these are the details of the original USN:

A race condition has been discovered in the file permission handling
of the /proc file system. A local attacker could exploit this to
execute arbitrary code with full root privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 5.10:: linux-image-2.6.12-10-powerpc-smp 2.6.12-10.36; linux-patch-ubuntu-2.6.12 2.6.12-10.36; linux-image-2.6.12-10-hppa32 2.6.12-10.36; linux-image-2.6.12-10-itanium-smp 2.6.12-10.36; linux-image-2.6.12-10-sparc64 2.6.12-10.36; linux-image-2.6.12-10-powerpc64-smp 2.6.12-10.36; linux-image-2.6.12-10-hppa64-smp 2.6.12-10.36; linux-image-2.6.12-10-amd64-generic 2.6.12-10.36; linux-image-2.6.12-10-iseries-smp 2.6.12-10.36; linux-image-2.6.12-10-k7-smp 2.6.12-10.36; linux-image-2.6.12-10-amd64-xeon 2.6.12-10.36; linux-image-2.6.12-10-itanium 2.6.12-10.36; linux-image-2.6.12-10-hppa32-smp 2.6.12-10.36; linux-image-2.6.12-10-powerpc 2.6.12-10.36; linux-image-2.6.12-10-mckinley 2.6.12-10.36; linux-image-2.6.12-10-sparc64-smp 2.6.12-10.36; linux-image-2.6.12-10-hppa64 2.6.12-10.36; linux-image-2.6.12-10-amd64-k8-smp 2.6.12-10.36; linux-image-2.6.12-10-686 2.6.12-10.36; linux-image-2.6.12-10-686-smp 2.6.12-10.36; linux-image-2.6.12-10-k7 2.6.12-10.36; linux-image-2.6.12-10-mckinley-smp 2.6.12-10.36; linux-image-2.6.12-10-amd64-k8 2.6.12-10.36; linux-image-2.6.12-10-386 2.6.12-10.36
Ubuntu 5.04:: linux-patch-ubuntu-2.6.10 2.6.10-34.22; linux-image-2.6.10-6-amd64-k8-smp 2.6.10-34.22; linux-image-2.6.10-6-686 2.6.10-34.22; linux-image-2.6.10-6-powerpc 2.6.10-34.22; linux-image-2.6.10-6-itanium 2.6.10-34.22; linux-image-2.6.10-6-power4-smp 2.6.10-34.22; linux-image-2.6.10-6-sparc64-smp 2.6.10-34.22; linux-image-2.6.10-6-hppa64-smp 2.6.10-34.22; linux-image-2.6.10-6-hppa32-smp 2.6.10-34.22; linux-image-2.6.10-6-386 2.6.10-34.22; linux-image-2.6.10-6-hppa32 2.6.10-34.22; linux-image-2.6.10-6-sparc64 2.6.10-34.22; linux-image-2.6.10-6-hppa64 2.6.10-34.22; linux-image-2.6.10-6-amd64-xeon 2.6.10-34.22; linux-image-2.6.10-6-itanium-smp 2.6.10-34.22; linux-image-2.6.10-6-powerpc-smp 2.6.10-34.22; linux-image-2.6.10-6-k7-smp 2.6.10-34.22; linux-image-2.6.10-6-power3 2.6.10-34.22; linux-image-2.6.10-6-k7 2.6.10-34.22; linux-image-2.6.10-6-power4 2.6.10-34.22; linux-image-2.6.10-6-mckinley 2.6.10-34.22; linux-image-2.6.10-6-686-smp 2.6.10-34.22; linux-image-2.6.10-6-power3-smp 2.6.10-34.22; linux-image-2.6.10-6-amd64-generic 2.6.10-34.22; linux-image-2.6.10-6-amd64-k8 2.6.10-34.22; linux-image-2.6.10-6-mckinley-smp 2.6.10-34.22

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

References

CVE-2006-3626