=========================================================== Ubuntu Security Notice USN-47-1 December 23, 2004 linux-source-2.6.8.1 vulnerabilities http://lists.netsys.com/pipermail/full-disclosure/2004-December/030011.html =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: linux-image-2.6.8.1-4-386 linux-image-2.6.8.1-4-686 linux-image-2.6.8.1-4-686-smp linux-image-2.6.8.1-4-amd64-generic linux-image-2.6.8.1-4-amd64-k8 linux-image-2.6.8.1-4-amd64-k8-smp linux-image-2.6.8.1-4-amd64-xeon linux-image-2.6.8.1-4-k7 linux-image-2.6.8.1-4-k7-smp linux-image-2.6.8.1-4-power3 linux-image-2.6.8.1-4-power3-smp linux-image-2.6.8.1-4-power4 linux-image-2.6.8.1-4-power4-smp linux-image-2.6.8.1-4-powerpc linux-image-2.6.8.1-4-powerpc-smp The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.5. You need to reboot the computer after doing a standard system upgrade to effect the necessary changes. Details follow: Georgi Guninski discovered two Denial of Service vulnerabilities in the Linux kernel. An integer overflow in the vc_resize() function caused the memory allocation for the new screen being too short, thus causing a buffer overflow and a kernel crash. There was also a memory leak in the ip_options_get() function. Calling ip_cmsg_send() very often would gradually exhaust memory. Note: The original advisory (see URL above) also mentions a "ip_options_get integer overflow". This was already fixed in USN-38-1 (known as CAN-2004-1016).