Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

USN-679-1: Linux kernel vulnerabilities

27 November 2008

Linux kernel vulnerabilities

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

Details

It was discovered that the Xen hypervisor block driver did not correctly
validate requests. A user with root privileges in a guest OS could make a
malicious IO request with a large number of blocks that would crash the
host OS, leading to a denial of service. This only affected Ubuntu 7.10.
(CVE-2007-5498)

It was discovered the the i915 video driver did not correctly validate
memory addresses. A local attacker could exploit this to remap memory that
could cause a system crash, leading to a denial of service. This issue did
not affect Ubuntu 6.06 and was previous fixed for Ubuntu 7.10 and 8.04 in
USN-659-1. Ubuntu 8.10 has now been corrected as well. (CVE-2008-3831)

David Watson discovered that the kernel did not correctly strip permissions
when creating files in setgid directories. A local user could exploit this
to gain additional group privileges. This issue only affected Ubuntu 6.06.
(CVE-2008-4210)

Olaf Kirch and Miklos Szeredi discovered that the Linux kernel did
not correctly reject the "append" flag when handling file splice
requests. A local attacker could bypass append mode and make changes to
arbitrary locations in a file. This issue only affected Ubuntu 7.10 and
8.04. (CVE-2008-4554)

It was discovered that the SCTP stack did not correctly handle INIT-ACK. A
remote user could exploit this by sending specially crafted SCTP traffic
which would trigger a crash in the system, leading to a denial of service.
This issue did not affect Ubuntu 8.10. (CVE-2008-4576)

It was discovered that the SCTP stack did not correctly handle bad packet
lengths. A remote user could exploit this by sending specially crafted SCTP
traffic which would trigger a crash in the system, leading to a denial of
service. This issue did not affect Ubuntu 8.10. (CVE-2008-4618)

Eric Sesterhenn discovered multiple flaws in the HFS+ filesystem. If a
local user or automated system were tricked into mounting a malicious HFS+
filesystem, the system could crash, leading to a denial of service.
(CVE-2008-4933, CVE-2008-4934, CVE-2008-5025)

It was discovered that the Unix Socket handler did not correctly process
the SCM_RIGHTS message. A local attacker could make a malicious socket
request that would crash the system, leading to a denial of service.
(CVE-2008-5029)

It was discovered that the driver for simple i2c audio interfaces did not
correctly validate certain function pointers. A local user could exploit
this to gain root privileges or crash the system, leading to a denial of
service. (CVE-2008-5033)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.10
Ubuntu 8.04
Ubuntu 7.10
Ubuntu 6.06

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

Related notices

  • USN-659-1: linux-image-2.6.15-52-powerpc, linux-image-2.6.15-52-386, linux-image-2.6.15-52-server-bigiron, linux, linux-image-2.6.24-21-generic, linux-image-2.6.15-52-hppa32, linux-image-2.6.15-52-powerpc-smp, linux-image-2.6.24-21-powerpc, linux-image-2.6.24-21-virtual, linux-image-2.6.15-52-powerpc64-smp, linux-image-2.6.15-52-k7, linux-image-2.6.22-15-ume, linux-image-2.6.15-52-itanium-smp, linux-image-2.6.15-52-amd64-k8, linux-image-2.6.24-21-xen, linux-image-2.6.15-52-hppa64, linux-image-2.6.15-52-686, linux-image-2.6.22-15-virtual, linux-image-2.6.22-15-powerpc64-smp, linux-image-2.6.24-21-386, linux-image-2.6.22-15-generic, linux-image-2.6.24-21-rt, linux-image-2.6.15-52-mckinley-smp, linux-image-2.6.15-52-sparc64, linux-image-2.6.22-15-sparc64-smp, linux-image-2.6.24-21-powerpc-smp, linux-image-2.6.22-15-rt, linux-image-2.6.22-15-cell, linux-image-2.6.22-15-386, linux-image-2.6.22-15-xen, linux-image-2.6.22-15-lpiacompat, linux-image-2.6.15-52-server, linux-image-2.6.22-15-hppa32, linux-image-2.6.22-15-itanium, linux-image-2.6.22-15-powerpc-smp, linux-image-2.6.24-21-powerpc64-smp, linux-image-2.6.24-21-sparc64, linux-image-2.6.24-21-hppa32, linux-image-2.6.15-52-amd64-generic, linux-image-2.6.22-15-lpia, linux-image-2.6.15-52-mckinley, linux-image-2.6.22-15-sparc64, linux-image-2.6.24-21-mckinley, linux-image-2.6.15-52-amd64-server, linux-image-2.6.24-21-server, linux-image-2.6.15-52-itanium, linux-image-2.6.22-15-server, linux-source-2.6.15, linux-image-2.6.24-21-openvz, linux-image-2.6.24-21-hppa64, linux-image-2.6.15-52-sparc64-smp, linux-image-2.6.22-15-powerpc, linux-image-2.6.24-21-lpiacompat, linux-image-2.6.24-21-itanium, linux-image-2.6.15-52-amd64-xeon, linux-image-2.6.15-52-hppa64-smp, linux-image-2.6.15-52-hppa32-smp, linux-image-2.6.22-15-hppa64, linux-image-2.6.22-15-mckinley, linux-image-2.6.24-21-lpia, linux-image-2.6.24-21-sparc64-smp, linux-source-2.6.22