Referenced CVEs:
CVE-2009-1072, CVE-2009-1184, CVE-2009-1192, CVE-2009-1242, CVE-2009-1265, CVE-2009-1336, CVE-2009-1337, CVE-2009-1338, CVE-2009-1360, CVE-2009-1385, CVE-2009-1439, CVE-2009-1630, CVE-2009-1633, CVE-2009-1914, CVE-2009-1961
Description:
===========================================================Ubuntu Security Notice USN-793-1 July 02, 2009linux, linux-source-2.6.15 vulnerabilitiesCVE-2009-1072, CVE-2009-1184, CVE-2009-1192, CVE-2009-1242,CVE-2009-1265, CVE-2009-1336, CVE-2009-1337, CVE-2009-1338,CVE-2009-1360, CVE-2009-1385, CVE-2009-1439, CVE-2009-1630,CVE-2009-1633, CVE-2009-1914, CVE-2009-1961===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 8.04 LTSUbuntu 8.10Ubuntu 9.04This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: linux-image-2.6.15-54-386 2.6.15-54.77 linux-image-2.6.15-54-686 2.6.15-54.77 linux-image-2.6.15-54-amd64-generic 2.6.15-54.77 linux-image-2.6.15-54-amd64-k8 2.6.15-54.77 linux-image-2.6.15-54-amd64-server 2.6.15-54.77 linux-image-2.6.15-54-amd64-xeon 2.6.15-54.77 linux-image-2.6.15-54-hppa32 2.6.15-54.77 linux-image-2.6.15-54-hppa32-smp 2.6.15-54.77 linux-image-2.6.15-54-hppa64 2.6.15-54.77 linux-image-2.6.15-54-hppa64-smp 2.6.15-54.77 linux-image-2.6.15-54-itanium 2.6.15-54.77 linux-image-2.6.15-54-itanium-smp 2.6.15-54.77 linux-image-2.6.15-54-k7 2.6.15-54.77 linux-image-2.6.15-54-mckinley 2.6.15-54.77 linux-image-2.6.15-54-mckinley-smp 2.6.15-54.77 linux-image-2.6.15-54-powerpc 2.6.15-54.77 linux-image-2.6.15-54-powerpc-smp 2.6.15-54.77 linux-image-2.6.15-54-powerpc64-smp 2.6.15-54.77 linux-image-2.6.15-54-server 2.6.15-54.77 linux-image-2.6.15-54-server-bigiron 2.6.15-54.77 linux-image-2.6.15-54-sparc64 2.6.15-54.77 linux-image-2.6.15-54-sparc64-smp 2.6.15-54.77Ubuntu 8.04 LTS: linux-image-2.6.24-24-386 2.6.24-24.55 linux-image-2.6.24-24-generic 2.6.24-24.55 linux-image-2.6.24-24-hppa32 2.6.24-24.55 linux-image-2.6.24-24-hppa64 2.6.24-24.55 linux-image-2.6.24-24-itanium 2.6.24-24.55 linux-image-2.6.24-24-lpia 2.6.24-24.55 linux-image-2.6.24-24-lpiacompat 2.6.24-24.55 linux-image-2.6.24-24-mckinley 2.6.24-24.55 linux-image-2.6.24-24-openvz 2.6.24-24.55 linux-image-2.6.24-24-powerpc 2.6.24-24.55 linux-image-2.6.24-24-powerpc-smp 2.6.24-24.55 linux-image-2.6.24-24-powerpc64-smp 2.6.24-24.55 linux-image-2.6.24-24-rt 2.6.24-24.55 linux-image-2.6.24-24-server 2.6.24-24.55 linux-image-2.6.24-24-sparc64 2.6.24-24.55 linux-image-2.6.24-24-sparc64-smp 2.6.24-24.55 linux-image-2.6.24-24-virtual 2.6.24-24.55 linux-image-2.6.24-24-xen 2.6.24-24.55Ubuntu 8.10: linux-image-2.6.27-14-generic 2.6.27-14.35 linux-image-2.6.27-14-server 2.6.27-14.35 linux-image-2.6.27-14-virtual 2.6.27-14.35Ubuntu 9.04: linux-image-2.6.28-13-generic 2.6.28-13.45 linux-image-2.6.28-13-imx51 2.6.28-13.45 linux-image-2.6.28-13-iop32x 2.6.28-13.45 linux-image-2.6.28-13-ixp4xx 2.6.28-13.45 linux-image-2.6.28-13-lpia 2.6.28-13.45 linux-image-2.6.28-13-server 2.6.28-13.45 linux-image-2.6.28-13-versatile 2.6.28-13.45 linux-image-2.6.28-13-virtual 2.6.28-13.45After a standard system upgrade you need to reboot your computer toeffect the necessary changes.ATTENTION: Due to an unavoidable ABI change for Ubuntu 8.04, 8.10 and 9.04the kernel updates have been given a new version number, which requiresyou to recompile and reinstall all third party kernel modules youmight have installed. If you use linux-restricted-modules, you have toupdate that package as well to get modules which work with the new kernelversion. Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-server, linux-powerpc), a standard systemupgrade will automatically perform this as well.Details follow:Igor Zhbanov discovered that
NFS clients were able to create device nodeseven when root_squash was enabled. An authenticated remote attackercould create device nodes with open permissions, leading to a loss ofprivacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 wereaffected. (CVE-2009-1072)Dan Carpenter discovered that SELinux did not correctly handlecertain network checks when running with compat_net=1. A localattacker could exploit this to bypass network checks. Default Ubuntuinstallations do not enable SELinux, and only Ubuntu 8.10 and 9.04 wereaffected. (CVE-2009-1184)Shaohua Li discovered that memory was not correctly initialized in theAGP subsystem. A local attacker could potentially read kernel memory,leading to a loss of privacy. (CVE-2009-1192)Benjamin Gilbert discovered that the VMX implementation of KVM didnot correctly handle certain registers. An attacker in a guest VMcould exploit this to cause a host system crash, leading to a denialof service. This only affected 32bit hosts. Ubuntu 6.06 was notaffected. (CVE-2009-1242)Thomas Pollet discovered that the Amateur Radio X.25 Packet Layer Protocoldid not correctly validate certain fields. A remote attacker could exploitthis to read kernel memory, leading to a loss of privacy. (CVE-2009-1265)Trond Myklebust discovered that
NFS did not correctly handle certainlong filenames. An authenticated remote attacker could exploit this tocause a system crash, leading to a denial of service. Only Ubuntu 6.06was affected. (CVE-2009-1336)Oleg Nesterov discovered that the kernel did not correctly handleCAP_KILL. A local user could exploit this to send signals to arbitraryprocesses, leading to a denial of service. (CVE-2009-1337)Daniel Hokka Zakrisson discovered that signal handling was not correctlylimited to process namespaces. A local user could bypass namespacerestrictions, possibly leading to a denial of service. Only Ubuntu 8.04was affected. (CVE-2009-1338)Pavel Emelyanov discovered that network namespace support for IPv6 wasnot correctly handled. A remote attacker could send specially craftedIPv6 traffic that would cause a system crash, leading to a denial ofservice. Only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1360)Neil Horman discovered that the e1000 network driver did not correctlyvalidate certain fields. A remote attacker could send a speciallycrafted packet that would cause a system crash, leading to a denial ofservice. (CVE-2009-1385)Pavan Naregundi discovered that CIFS did not correctly check lengthswhen handling certain mount requests. A remote attacker could sendspecially crafted traffic to cause a system crash, leading to a denialof service. (CVE-2009-1439)Simon Vallet and Frank Filz discovered that execute permissions werenot correctly handled by NFSv4. A local user could bypass permissionsand run restricted programs, possibly leading to an escalation ofprivileges. (CVE-2009-1630)Jeff Layton and Suresh Jayaraman discovered buffer overflows in the CIFSclient code. A malicious remote server could exploit this to cause asystem crash or execute arbitrary code as root. (CVE-2009-1633)Mikulas Patocka discovered that /proc/iomem was not correctlyinitialized on Sparc. A local attacker could use this file to crashthe system, leading to a denial of service. Ubuntu 6.06 was notaffected. (CVE-2009-1914)Miklos Szeredi discovered that OCFS2 did not correctly handle certainsplice operations. A local attacker could exploit this to causea system hang, leading to a denial of service. Ubuntu 6.06 was notaffected. (CVE-2009-1961)
More...
More UNIX and Linux Forum Topics You Might Find Helpful
Powered by 
07-02-2009
Linear Mode
