Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-864-1: Linux kernel vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-864-1: Linux kernel vulnerabilities
# 1  
Old 12-04-2009
USN-864-1: Linux kernel vulnerabilities
Referenced CVEs:
CVE-2009-2909, CVE-2009-2910, CVE-2009-3080, CVE-2009-3228, CVE-2009-3547, CVE-2009-3612, CVE-2009-3613, CVE-2009-3620, CVE-2009-3621, CVE-2009-3623, CVE-2009-3624, CVE-2009-3638, CVE-2009-3722, CVE-2009-3725, CVE-2009-3726, CVE-2009-3888, CVE-2009-3889, CVE-2009-3939, CVE-2009-4005, CVE-2009-4026, CVE-2009-4027


Description:
===========================================================Ubuntu Security Notice USN-864-1 December 05, 2009linux, linux-source-2.6.15 vulnerabilitiesCVE-2009-2909, CVE-2009-2910, CVE-2009-3080, CVE-2009-3228,CVE-2009-3547, CVE-2009-3612, CVE-2009-3613, CVE-2009-3620,CVE-2009-3621, CVE-2009-3623, CVE-2009-3624, CVE-2009-3638,CVE-2009-3722, CVE-2009-3725, CVE-2009-3726, CVE-2009-3888,CVE-2009-3889, CVE-2009-3939, CVE-2009-4005, CVE-2009-4026,CVE-2009-4027===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 8.04 LTSUbuntu 8.10Ubuntu 9.04Ubuntu 9.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: linux-image-2.6.15-55-386 2.6.15-55.81 linux-image-2.6.15-55-686 2.6.15-55.81 linux-image-2.6.15-55-amd64-generic 2.6.15-55.81 linux-image-2.6.15-55-amd64-k8 2.6.15-55.81 linux-image-2.6.15-55-amd64-server 2.6.15-55.81 linux-image-2.6.15-55-amd64-xeon 2.6.15-55.81 linux-image-2.6.15-55-hppa32 2.6.15-55.81 linux-image-2.6.15-55-hppa32-smp 2.6.15-55.81 linux-image-2.6.15-55-hppa64 2.6.15-55.81 linux-image-2.6.15-55-hppa64-smp 2.6.15-55.81 linux-image-2.6.15-55-itanium 2.6.15-55.81 linux-image-2.6.15-55-itanium-smp 2.6.15-55.81 linux-image-2.6.15-55-k7 2.6.15-55.81 linux-image-2.6.15-55-mckinley 2.6.15-55.81 linux-image-2.6.15-55-mckinley-smp 2.6.15-55.81 linux-image-2.6.15-55-powerpc 2.6.15-55.81 linux-image-2.6.15-55-powerpc-smp 2.6.15-55.81 linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.81 linux-image-2.6.15-55-server 2.6.15-55.81 linux-image-2.6.15-55-server-bigiron 2.6.15-55.81 linux-image-2.6.15-55-sparc64 2.6.15-55.81 linux-image-2.6.15-55-sparc64-smp 2.6.15-55.81Ubuntu 8.04 LTS: linux-image-2.6.24-26-386 2.6.24-26.64 linux-image-2.6.24-26-generic 2.6.24-26.64 linux-image-2.6.24-26-hppa32 2.6.24-26.64 linux-image-2.6.24-26-hppa64 2.6.24-26.64 linux-image-2.6.24-26-itanium 2.6.24-26.64 linux-image-2.6.24-26-lpia 2.6.24-26.64 linux-image-2.6.24-26-lpiacompat 2.6.24-26.64 linux-image-2.6.24-26-mckinley 2.6.24-26.64 linux-image-2.6.24-26-openvz 2.6.24-26.64 linux-image-2.6.24-26-powerpc 2.6.24-26.64 linux-image-2.6.24-26-powerpc-smp 2.6.24-26.64 linux-image-2.6.24-26-powerpc64-smp 2.6.24-26.64 linux-image-2.6.24-26-rt 2.6.24-26.64 linux-image-2.6.24-26-server 2.6.24-26.64 linux-image-2.6.24-26-sparc64 2.6.24-26.64 linux-image-2.6.24-26-sparc64-smp 2.6.24-26.64 linux-image-2.6.24-26-virtual 2.6.24-26.64 linux-image-2.6.24-26-xen 2.6.24-26.64 usb-modules-2.6.24-26-sparc64-di 2.6.24-26.64Ubuntu 8.10: linux-image-2.6.27-16-generic 2.6.27-16.44 linux-image-2.6.27-16-server 2.6.27-16.44 linux-image-2.6.27-16-virtual 2.6.27-16.44Ubuntu 9.04: linux-image-2.6.28-17-generic 2.6.28-17.58 linux-image-2.6.28-17-imx51 2.6.28-17.58 linux-image-2.6.28-17-iop32x 2.6.28-17.58 linux-image-2.6.28-17-ixp4xx 2.6.28-17.58 linux-image-2.6.28-17-lpia 2.6.28-17.58 linux-image-2.6.28-17-server 2.6.28-17.58 linux-image-2.6.28-17-versatile 2.6.28-17.58 linux-image-2.6.28-17-virtual 2.6.28-17.58Ubuntu 9.10: linux-image-2.6.31-16-386 2.6.31-16.52 linux-image-2.6.31-16-generic 2.6.31-16.52 linux-image-2.6.31-16-generic-pae 2.6.31-16.52 linux-image-2.6.31-16-ia64 2.6.31-16.52 linux-image-2.6.31-16-lpia 2.6.31-16.52 linux-image-2.6.31-16-powerpc 2.6.31-16.52 linux-image-2.6.31-16-powerpc-smp 2.6.31-16.52 linux-image-2.6.31-16-powerpc64-smp 2.6.31-16.52 linux-image-2.6.31-16-server 2.6.31-16.52 linux-image-2.6.31-16-sparc64 2.6.31-16.52 linux-image-2.6.31-16-sparc64-smp 2.6.31-16.52 linux-image-2.6.31-16-virtual 2.6.31-16.52After a standard system upgrade you need to reboot your computer toeffect the necessary changes.ATTENTION: Due to an unavoidable ABI change (except for Ubuntu 6.06)the kernel updates have been given a new version number, which requiresyou to recompile and reinstall all third party kernel modules youmight have installed. If you use linux-restricted-modules, you have toupdate that package as well to get modules which work with the new kernelversion. Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-server, linux-powerpc), a standard systemupgrade will automatically perform this as well.Details follow:It was discovered that the AX.25 network subsystem did not correctlycheck integer signedness in certain setsockopt calls. A local attackercould exploit this to crash the system, leading to a denial of service.Ubuntu 9.10 was not affected. (CVE-2009-2909)Jan Beulich discovered that the kernel could leak register contents to32-bit processes that were switched to 64-bit mode. A local attackercould run a specially crafted binary to read register values from anearlier process, leading to a loss of privacy. (CVE-2009-2910)Dave Jones discovered that the gdth SCSI driver did not correctly validatearray indexes in certain ioctl calls. A local attacker could exploitthis to crash the system or gain elevated privileges. (CVE-2009-3080)Eric Dumazet and Jiri Pirko discovered that the TC and CLS subsystemswould leak kernel memory via uninitialized structure members. A localattacker could exploit this to read several bytes of kernel memory,leading to a loss of privacy. (CVE-2009-3228, CVE-2009-3612)Earl Chew discovered race conditions in pipe handling. A local attackercould exploit anonymous pipes via /proc/*/fd/ and crash the system orgain root privileges. (CVE-2009-3547)Dave Jones and Francois Romieu discovered that the r8169 network drivercould be made to leak kernel memory. A remote attacker could send a largenumber of jumbo frames until the system memory was exhausted, leadingto a denial of service. Ubuntu 9.10 was not affected. (CVE-2009-3613).Ben Hutchings discovered that the ATI Rage 128 video driver did notcorrectly validate initialization states. A local attacker couldmake specially crafted ioctl calls to crash the system or gain rootprivileges. (CVE-2009-3620)Tomoki Sekiyama discovered that Unix sockets did not correctly verifynamespaces. A local attacker could exploit this to cause a system hang,leading to a denial of service. (CVE-2009-3621)J. Bruce Fields discovered that NFSv4 did not correctly use the credentialcache. A local attacker using a mount with AUTH_NULL authenticationcould exploit this to crash the system or gain root privileges. OnlyUbuntu 9.10 was affected. (CVE-2009-3623)Alexander Zangerl discovered that the kernel keyring did not correctlyreference count. A local attacker could issue a series of speciallycrafted keyring calls to crash the system or gain root privileges.Only Ubuntu 9.10 was affected. (CVE-2009-3624)David Wagner discovered that KVM did not correctly bounds-check CPUIDentries. A local attacker could exploit this to crash the systemor possibly gain elevated privileges. Ubuntu 6.06 and 9.10 were notaffected. (CVE-2009-3638)Avi Kivity discovered that KVM did not correctly check privileges whenaccessing debug registers. A local attacker could exploit this tocrash a host system from within a guest system, leading to a denial ofservice. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3722)Philip Reisner discovered that the connector layer for uvesafb, pohmelfs,dst, and dm did not correctly check capabilties. A local attacker couldexploit this to crash the system or gain elevated privileges. Ubuntu6.06 was not affected. (CVE-2009-3725)Trond Myklebust discovered that NFSv4 clients did not robustlyverify attributes. A malicious remote NFSv4 server could exploitthis to crash a client or gain root privileges. Ubuntu 9.10 was notaffected. (CVE-2009-3726)Robin Getz discovered that NOMMU systems did not correctly validateNULL pointers in do_mmap_pgoff calls. A local attacker could attempt toallocate large amounts of memory to crash the system, leading to a denialof service. Only Ubuntu 6.06 and 9.10 were affected. (CVE-2009-3888)Joseph Malicki discovered that the MegaRAID SAS driver hadworld-writable option files. A local attacker could exploit theseto disrupt the behavior of the controller, leading to a denial ofservice. (CVE-2009-3889, CVE-2009-3939)Roel Kluin discovered that the Hisax ISDN driver did not correctlycheck the size of packets. A remote attacker could send speciallycrafted packets to cause a system crash, leading to a denial ofservice. (CVE-2009-4005)Lennert Buytenhek discovered that certain 802.11 states were not handledcorrectly. A physically-proximate remote attacker could send speciallycrafted wireless traffic that would crash the system, leading to a denialof service. Only Ubuntu 9.10 was affected. (CVE-2009-4026, CVE-2009-4027)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question