The UNIX and Linux Forums  
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.

Go Back   The UNIX and Linux Forums > Special Forums > Security > Security Advisories (RSS)
USN-574-1: Linux kernel vulnerabilities USN-574-1: Linux kernel vulnerabilities
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


Security Advisories (RSS) UNIX and Linux Security Advisories Via RSS News

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
USN-614-1: Linux kernel vulnerabilities iBot Security Advisories (RSS) 0 06-03-2008 04:09 PM
Ubuntu: Linux kernel vulnerabilities iBot Security Advisories (RSS) 0 02-14-2008 10:20 AM
USN-578-1: Linux kernel vulnerabilities iBot Security Advisories (RSS) 0 02-14-2008 01:00 AM
Ubuntu: Linux kernel vulnerabilities iBot Security Advisories (RSS) 0 02-04-2008 07:50 PM
USN-558-1: Linux kernel vulnerabilities iBot Security Advisories (RSS) 0 12-24-2007 12:52 AM

 
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
Prev Previous Post   Next Post Next
  #1 (permalink)  
Old 02-04-2008
iBot's Avatar
iBot iBot is offline
Forum Robot Girl
  
 

Join Date: Sep 2000
Posts: 22,146
USN-574-1: Linux kernel vulnerabilities
Referenced CVEs:
CVE-2006-6058, CVE-2007-3107, CVE-2007-4567, CVE-2007-4849, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-5501, CVE-2007-5966, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6417, CVE-2008-0001


Description:
=========================================================== Ubuntu Security Notice USN-574-1 February 04, 2008linux-source-2.6.17/20/22 vulnerabilitiesCVE-2006-6058, CVE-2007-3107, CVE-2007-4567, CVE-2007-4849,CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-5501,CVE-2007-5966, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206,CVE-2007-6417, CVE-2008-0001===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.10Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.10: linux-image-2.6.17-12-386 2.6.17.1-12.43 linux-image-2.6.17-12-generic 2.6.17.1-12.43 linux-image-2.6.17-12-hppa32 2.6.17.1-12.43 linux-image-2.6.17-12-hppa64 2.6.17.1-12.43 linux-image-2.6.17-12-itanium 2.6.17.1-12.43 linux-image-2.6.17-12-mckinley 2.6.17.1-12.43 linux-image-2.6.17-12-powerpc 2.6.17.1-12.43 linux-image-2.6.17-12-powerpc-smp 2.6.17.1-12.43 linux-image-2.6.17-12-powerpc64-smp 2.6.17.1-12.43 linux-image-2.6.17-12-server 2.6.17.1-12.43 linux-image-2.6.17-12-server-bigiron 2.6.17.1-12.43 linux-image-2.6.17-12-sparc64 2.6.17.1-12.43 linux-image-2.6.17-12-sparc64-smp 2.6.17.1-12.43Ubuntu 7.04: linux-image-2.6.20-16-386 2.6.20-16.34 linux-image-2.6.20-16-generic 2.6.20-16.34 linux-image-2.6.20-16-hppa32 2.6.20-16.34 linux-image-2.6.20-16-hppa64 2.6.20-16.34 linux-image-2.6.20-16-itanium 2.6.20-16.34 linux-image-2.6.20-16-lowlatency 2.6.20-16.34 linux-image-2.6.20-16-mckinley 2.6.20-16.34 linux-image-2.6.20-16-powerpc 2.6.20-16.34 linux-image-2.6.20-16-powerpc-smp 2.6.20-16.34 linux-image-2.6.20-16-powerpc64-smp 2.6.20-16.34 linux-image-2.6.20-16-server 2.6.20-16.34 linux-image-2.6.20-16-server-bigiron 2.6.20-16.34 linux-image-2.6.20-16-sparc64 2.6.20-16.34 linux-image-2.6.20-16-sparc64-smp 2.6.20-16.34Ubuntu 7.10: linux-image-2.6.22-14-386 2.6.22-14.51 linux-image-2.6.22-14-cell 2.6.22-14.51 linux-image-2.6.22-14-generic 2.6.22-14.51 linux-image-2.6.22-14-hppa32 2.6.22-14.51 linux-image-2.6.22-14-hppa64 2.6.22-14.51 linux-image-2.6.22-14-itanium 2.6.22-14.51 linux-image-2.6.22-14-lpia 2.6.22-14.51 linux-image-2.6.22-14-lpiacompat 2.6.22-14.51 linux-image-2.6.22-14-mckinley 2.6.22-14.51 linux-image-2.6.22-14-powerpc 2.6.22-14.51 linux-image-2.6.22-14-powerpc-smp 2.6.22-14.51 linux-image-2.6.22-14-powerpc64-smp 2.6.22-14.51 linux-image-2.6.22-14-rt 2.6.22-14.51 linux-image-2.6.22-14-server 2.6.22-14.51 linux-image-2.6.22-14-sparc64 2.6.22-14.51 linux-image-2.6.22-14-sparc64-smp 2.6.22-14.51 linux-image-2.6.22-14-ume 2.6.22-14.51 linux-image-2.6.22-14-virtual 2.6.22-14.51 linux-image-2.6.22-14-xen 2.6.22-14.51After a standard system upgrade you need to reboot your computer toeffect the necessary changes.Details follow:The minix filesystem did not properly validate certain filesystemvalues. If a local attacker could trick the system into attemptingto mount a corrupted minix filesystem, the kernel could be made tohang for long periods of time, resulting in a denial of service.This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2006-6058)The signal handling on PowerPC systems using HTX allowed local usersto cause a denial of service via floating point corruption. This wasonly vulnerable in Ubuntu 6.10 and 7.04. (CVE-2007-3107)The Linux kernel did not properly validate the hop-by-hop IPv6extended header. Remote attackers could send a crafted IPv6 packetand cause a denial of service via kernel panic. This was onlyvulnerable in Ubuntu 7.04. (CVE-2007-4567)The JFFS2 filesystem with ACL support enabled did not properly storepermissions during inode creation and ACL setting. Local users couldpossibly access restricted files after a remount. This was onlyvulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4849)Chris Evans discovered an issue with certain drivers that use theieee80211_rx function. Remote attackers could send a crafted 802.11frame and cause a denial of service via crash. This was onlyvulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4997)Alex Smith discovered an issue with the pwc driver for certain webcamdevices. A local user with physical access to the system could removethe device while a userspace application had it open and cause the USBsubsystem to block. This was only vulnerable in Ubuntu 7.04.(CVE-2007-5093)Scott James Remnant discovered a coding error in ptrace. Local userscould exploit this and cause the kernel to enter an infinite loop.This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-5500)It was discovered that the Linux kernel could dereference a NULLpointer when processing certain IPv4 TCP packets. A remote attackercould send a crafted TCP ACK response and cause a denial of servicevia crash. This was only vulnerable in Ubuntu 7.10. (CVE-2007-5501)Warren Togami discovered that the hrtimer subsystem did not properlycheck for large relative timeouts. A local user could exploit this andcause a denial of service via soft lockup. (CVE-2007-5966)Venustech AD-LAB discovered a buffer overflow in the isdn netsubsystem. This issue is exploitable by local users via crafted inputto the isdn_ioctl function. (CVE-2007-6063)It was discovered that the isdn subsystem did not properly check forNULL termination when performing ioctl handling. A local user couldexploit this to cause a denial of service. (CVE-2007-6151)Blake Frantz discovered that when a root process overwrote an existingcore file, the resulting core file retained the previous core file'sownership. Local users could exploit this to gain access to sensitiveinformation. (CVE-2007-6206)Hugh Dickins discovered the when using the tmpfs filesystem, underrare circumstances, a kernel page may be improperly cleared. A localuser may be able to exploit this and read sensitive kernel data orcause a denial of service via crash. (CVE-2007-6417)Bill Roman discovered that the VFS subsystem did not properly checkaccess modes. A local user may be able to gain removal privileges ondirectories. (CVE-2008-0001)





More...
 

Bookmarks

« Mandriva: Updated ruby-gnome2 packages fix arbitrary code | Ubuntu: Linux kernel vulnerabilities »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Threaded Mode Threaded Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 09:54 AM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0