News

=========================================================== Ubuntu Security Notice USN-143-1 June 27, 2005 linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities CAN-2005-1762, CAN-2005-1765 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: linux-image-2.6.8.1-5-power4 linux-image-2.6.8.1-5-power4-smp linux-image-2.6.8.1-5-powerpc linux-image-2.6.8.1-5-powerpc-smp linux-image-2.6.10-5-amd64-generic linux-image-2.6.10-5-amd64-k8 linux-image-2.6.10-5-amd64-k8-smp linux-image-2.6.10-5-amd64-xeon linux-patch-debian-2.6.8.1 linux-patch-ubuntu-2.6.10 The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.20 (for Ubuntu 4.10) and 2.6.10-34.3 (for Ubuntu 5.04). You need to reboot your computer after doing a standard system upgrade to effect the necessary changes. Details follow: A Denial of Service vulnerability has been discovered in the ptrace() call on the amd64 platform. By calling ptrace() with specially crafted ("non-canonical") addresses, a local attacker could cause the kernel to crash. This only affects the amd64 platform. (CAN-2005-1762) ZouNanHai discovered that a local user could hang the kernel by invoking syscall() with specially crafted arguments. This only affects the amd64 platform when running in the 32 bit compatibility mode. (CAN-2005-1765)