USN-659-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-659-1

27th October, 2008

linux, linux-source-2.6.15/22 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.04 LTS
  • Ubuntu 7.10
  • Ubuntu 6.06 LTS

Software description

  • linux
  • linux-source-2.6.15
  • linux-source-2.6.22

Details

It was discovered that the direct-IO subsystem did not correctly validate
certain structures. A local attacker could exploit this to cause a system
crash, leading to a denial of service. (CVE-2007-6716)

It was discovered that the disabling of the ZERO_PAGE optimization could
lead to large memory consumption. A local attacker could exploit this to
allocate all available memory, leading to a denial of service.
(CVE-2008-2372)

It was discovered that the Datagram Congestion Control Protocol (DCCP) did
not correctly validate its arguments. If DCCP was in use, a remote attacker
could send specially crafted network traffic and cause a system crash,
leading to a denial of service. (CVE-2008-3276)

It was discovered that the SBNI WAN driver did not correctly check for the
NET_ADMIN capability. A malicious local root user lacking CAP_NET_ADMIN
would be able to change the WAN device configuration, leading to a denial
of service. (CVE-2008-3525)

It was discovered that the Stream Control Transmission Protocol (SCTP) did
not correctly validate the key length in the SCTP_AUTH_KEY option. If SCTP
is in use, a remote attacker could send specially crafted network traffic
that would crash the system, leading to a denial of service.
(CVE-2008-3526)

It was discovered that the tmpfs implementation did not correctly handle
certain sequences of inode operations. A local attacker could exploit this
to crash the system, leading to a denial of service. (CVE-2008-3534)

It was discovered that the readv/writev functions did not correctly handle
certain sequences of file operations. A local attacker could exploit this
to crash the system, leading to a denial of service. (CVE-2008-3535)

It was discovered that SCTP did not correctly validate its userspace
arguments. A local attacker could call certain sctp_* functions with
malicious options and cause a system crash, leading to a denial of service.
(CVE-2008-3792, CVE-2008-4113, CVE-2008-4445)

It was discovered the the i915 video driver did not correctly validate
memory addresses. A local attacker could exploit this to remap memory
that could cause a system crash, leading to a denial of service.
(CVE-2008-3831)

Johann Dahm and David Richter discovered that NFSv4 did not correctly
handle certain file ACLs. If NFSv4 is in use, a local attacker could create
a malicious ACL that could cause a system crash, leading to a denial of
service. (CVE-2008-3915)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 8.04 LTS:
linux-image-2.6.24-21-powerpc 2.6.24-21.43
linux-image-2.6.24-21-powerpc64-smp 2.6.24-21.43
linux-image-2.6.24-21-sparc64 2.6.24-21.43
linux-image-2.6.24-21-server 2.6.24-21.43
linux-image-2.6.24-21-openvz 2.6.24-21.43
linux-image-2.6.24-21-itanium 2.6.24-21.43
linux-image-2.6.24-21-lpiacompat 2.6.24-21.43
linux-image-2.6.24-21-386 2.6.24-21.43
linux-image-2.6.24-21-generic 2.6.24-21.43
linux-image-2.6.24-21-lpia 2.6.24-21.43
linux-image-2.6.24-21-xen 2.6.24-21.43
linux-image-2.6.24-21-hppa64 2.6.24-21.43
linux-image-2.6.24-21-powerpc-smp 2.6.24-21.43
linux-image-2.6.24-21-mckinley 2.6.24-21.43
linux-image-2.6.24-21-hppa32 2.6.24-21.43
linux-image-2.6.24-21-rt 2.6.24-21.43
linux-image-2.6.24-21-virtual 2.6.24-21.43
linux-image-2.6.24-21-sparc64-smp 2.6.24-21.43
Ubuntu 7.10:
linux-image-2.6.22-15-mckinley 2.6.22-15.59
linux-image-2.6.22-15-generic 2.6.22-15.59
linux-image-2.6.22-15-hppa32 2.6.22-15.59
linux-image-2.6.22-15-xen 2.6.22-15.59
linux-image-2.6.22-15-sparc64-smp 2.6.22-15.59
linux-image-2.6.22-15-powerpc 2.6.22-15.59
linux-image-2.6.22-15-itanium 2.6.22-15.59
linux-image-2.6.22-15-lpiacompat 2.6.22-15.59
linux-image-2.6.22-15-386 2.6.22-15.59
linux-image-2.6.22-15-powerpc-smp 2.6.22-15.59
linux-image-2.6.22-15-lpia 2.6.22-15.59
linux-image-2.6.22-15-sparc64 2.6.22-15.59
linux-image-2.6.22-15-rt 2.6.22-15.59
linux-image-2.6.22-15-virtual 2.6.22-15.59
linux-image-2.6.22-15-server 2.6.22-15.59
linux-image-2.6.22-15-powerpc64-smp 2.6.22-15.59
linux-image-2.6.22-15-hppa64 2.6.22-15.59
linux-image-2.6.22-15-cell 2.6.22-15.59
linux-image-2.6.22-15-ume 2.6.22-15.59
Ubuntu 6.06 LTS:
linux-image-2.6.15-52-386 2.6.15-52.73
linux-image-2.6.15-52-mckinley 2.6.15-52.73
linux-image-2.6.15-52-amd64-server 2.6.15-52.73
linux-image-2.6.15-52-hppa32 2.6.15-52.73
linux-image-2.6.15-52-k7 2.6.15-52.73
linux-image-2.6.15-52-686 2.6.15-52.73
linux-image-2.6.15-52-amd64-k8 2.6.15-52.73
linux-image-2.6.15-52-server-bigiron 2.6.15-52.73
linux-image-2.6.15-52-powerpc64-smp 2.6.15-52.73
linux-image-2.6.15-52-sparc64-smp 2.6.15-52.73
linux-image-2.6.15-52-itanium 2.6.15-52.73
linux-image-2.6.15-52-server 2.6.15-52.73
linux-image-2.6.15-52-hppa32-smp 2.6.15-52.73
linux-image-2.6.15-52-amd64-xeon 2.6.15-52.73
linux-image-2.6.15-52-mckinley-smp 2.6.15-52.73
linux-image-2.6.15-52-hppa64-smp 2.6.15-52.73
linux-image-2.6.15-52-hppa64 2.6.15-52.73
linux-image-2.6.15-52-powerpc 2.6.15-52.73
linux-image-2.6.15-52-powerpc-smp 2.6.15-52.73
linux-image-2.6.15-52-amd64-generic 2.6.15-52.73
linux-image-2.6.15-52-itanium-smp 2.6.15-52.73
linux-image-2.6.15-52-sparc64 2.6.15-52.73

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

ATTENTION: For systems without the hardy-updates pocket enabled, the 8.04
kernel update will include an unavoidable ABI change. The kernel update
has been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-386,
linux-powerpc, linux-amd64-generic), a standard system upgrade will
automatically perform this as well.

References

CVE-2007-6716, CVE-2008-2372, CVE-2008-3276, CVE-2008-3525, CVE-2008-3526, CVE-2008-3534, CVE-2008-3535, CVE-2008-3792, CVE-2008-3831, CVE-2008-3915, CVE-2008-4113, CVE-2008-4445