Ubuntu Security Notice USN-662-2
6th November, 2008
linux-ubuntu-modules-2.6.22/24 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.04 LTS
- Ubuntu 7.10
Software description
- linux-ubuntu-modules-2.6.22
- linux-ubuntu-modules-2.6.24
Details
USN-662-1 fixed vulnerabilities in ndiswrapper in Ubuntu 8.10.
This update provides the corresponding updates for Ubuntu 8.04 and 7.10.
Original advisory details:
Anders Kaseorg discovered that ndiswrapper did not correctly handle long
ESSIDs. For a system using ndiswrapper, a physically near-by attacker
could generate specially crafted wireless network traffic and execute
arbitrary code with root privileges. (CVE-2008-4395)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 8.04 LTS:
- linux-ubuntu-modules-2.6.24-21-server 2.6.24-21.33
- linux-ubuntu-modules-2.6.24-21-generic 2.6.24-21.33
- linux-ubuntu-modules-2.6.24-21-386 2.6.24-21.33
- linux-ubuntu-modules-2.6.24-21-rt 2.6.24-21.33
- Ubuntu 7.10:
- linux-ubuntu-modules-2.6.22-15-generic 2.6.22-15.40
- linux-ubuntu-modules-2.6.22-15-rt 2.6.22-15.40
- linux-ubuntu-modules-2.6.22-15-386 2.6.22-15.40
- linux-ubuntu-modules-2.6.22-15-server 2.6.22-15.40
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.