Ubuntu Security Notice USN-470-1
8th June, 2007
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 7.04
USN-464-1 fixed several vulnerabilities in the Linux kernel. Some
additional code changes were accidentally included in the Feisty update
which caused trouble for some people who were not using UUID-based
filesystem mounts. These changes have been reverted. We apologize for
the inconvenience. For more information see:
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local
attacker could exploit this flaw to view sensitive kernel information.
The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453)
The problem can be corrected by updating your system to the following package version:
- Ubuntu 7.04:
- linux-image-2.6.20-16-386 2.6.20-16.29
- linux-image-2.6.20-16-powerpc 2.6.20-16.29
- linux-image-2.6.20-16-server 2.6.20-16.29
- linux-image-2.6.20-16-mckinley 2.6.20-16.29
- linux-image-2.6.20-16-sparc64-smp 2.6.20-16.29
- linux-image-2.6.20-16-powerpc64-smp 2.6.20-16.29
- linux-image-2.6.20-16-hppa32 2.6.20-16.29
- linux-image-2.6.20-16-itanium 2.6.20-16.29
- linux-image-2.6.20-16-server-bigiron 2.6.20-16.29
- linux-image-2.6.20-16-generic 2.6.20-16.29
- linux-image-2.6.20-16-sparc64 2.6.20-16.29
- linux-image-2.6.20-16-hppa64 2.6.20-16.29
- linux-image-2.6.20-16-lowlatency 2.6.20-16.29
- linux-image-2.6.20-16-powerpc-smp 2.6.20-16.29
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.