News

=========================================================== Ubuntu Security Notice USN-244-1 January 18, 2006 linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities CVE-2005-3356, CVE-2005-4605, CVE-2005-4618, CVE-2005-4639, CVE-2006-0095, CVE-2006-0096 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: linux-image-2.6.10-6-386 linux-image-2.6.10-6-686 linux-image-2.6.10-6-686-smp linux-image-2.6.10-6-amd64-generic linux-image-2.6.10-6-amd64-k8 linux-image-2.6.10-6-amd64-k8-smp linux-image-2.6.10-6-amd64-xeon linux-image-2.6.10-6-itanium linux-image-2.6.10-6-itanium-smp linux-image-2.6.10-6-k7 linux-image-2.6.10-6-k7-smp linux-image-2.6.10-6-mckinley linux-image-2.6.10-6-mckinley-smp linux-image-2.6.10-6-power3 linux-image-2.6.10-6-power3-smp linux-image-2.6.10-6-power4 linux-image-2.6.10-6-power4-smp linux-image-2.6.10-6-powerpc linux-image-2.6.10-6-powerpc-smp linux-image-2.6.12-10-386 linux-image-2.6.12-10-686 linux-image-2.6.12-10-686-smp linux-image-2.6.12-10-amd64-generic linux-image-2.6.12-10-amd64-k8 linux-image-2.6.12-10-amd64-k8-smp linux-image-2.6.12-10-amd64-xeon linux-image-2.6.12-10-iseries-smp linux-image-2.6.12-10-itanium linux-image-2.6.12-10-itanium-smp linux-image-2.6.12-10-k7 linux-image-2.6.12-10-k7-smp linux-image-2.6.12-10-mckinley linux-image-2.6.12-10-mckinley-smp linux-image-2.6.12-10-powerpc linux-image-2.6.12-10-powerpc-smp linux-image-2.6.12-10-powerpc64-smp linux-image-2.6.8.1-6-386 linux-image-2.6.8.1-6-686 linux-image-2.6.8.1-6-686-smp linux-image-2.6.8.1-6-amd64-generic linux-image-2.6.8.1-6-amd64-k8 linux-image-2.6.8.1-6-amd64-k8-smp linux-image-2.6.8.1-6-amd64-xeon linux-image-2.6.8.1-6-k7 linux-image-2.6.8.1-6-k7-smp linux-image-2.6.8.1-6-power3 linux-image-2.6.8.1-6-power3-smp linux-image-2.6.8.1-6-power4 linux-image-2.6.8.1-6-power4-smp linux-image-2.6.8.1-6-powerpc linux-image-2.6.8.1-6-powerpc-smp linux-patch-debian-2.6.8.1 linux-patch-ubuntu-2.6.10 linux-patch-ubuntu-2.6.12 The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.27 (for Ubuntu 4.10), 2.6.10-34.11 (for Ubuntu 5.04), or 2.6.12-10.26 (for Ubuntu 5.10). After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Doug Chapman discovered a flaw in the reference counting in the sys_mq_open() function. By calling this function in a special way, a local attacker could exploit this to cause a kernel crash. (CVE-2005-3356) Karl Janmar discovered that the /proc file system module used signed data types in a wrong way. A local attacker could exploit this to read random kernel memory, which could possibly contain sensitive data like passwords or private keys. (CVE-2005-4605) Yi Yang discovered an off-by-one buffer overflow in the sysctl() system call. By calling sysctl with a specially crafted long string, a local attacker could exploit this to crash the kernel or possibly even execute arbitrary code with full kernel privileges. (CVE-2005-4618) Perceval Anichini found a buffer overflow in the TwinHan DST Frontend/Card DVB driver. A local user could exploit this to crash the kernel or possibly execute arbitrary code with full kernel privileges. This only affects Ubuntu 5.10. (CVE-2005-4639) Stefan Rompf discovered that the dm-crypt module did not clear memory structures before releasing the memory allocation of it. This could lead to the disclosure of encryption keys. (CVE-2006-0095) The SDLA WAN driver did not restrict firmware upgrades to processes that have the CAP_SYS_RAWIO kernel capability, it just required the CAP_NET_ADMIN privilege. This could allow processes with the latter privilege to update the SDLA firmware. Please note that this does not affect a standard Ubuntu installation, and this cannot be exploited by a normal (unprivileged) user. At most, this flaw might be relevant for installations that use a fine-grained capability granting system like RSBAC, cap_over, or grsecurity. This only affects Ubuntu 4.10. (CVE-2006-0096)