Referenced CVEs:
CVE-2006-6058, CVE-2007-3107, CVE-2007-4567, CVE-2007-4849, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-5501, CVE-2007-5966, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6417, CVE-2008-0001
Description:
=========================================================== Ubuntu Security Notice USN-574-1 February 04, 2008linux-source-2.6.17/20/22 vulnerabilitiesCVE-2006-6058, CVE-2007-3107, CVE-2007-4567, CVE-2007-4849,CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-5501,CVE-2007-5966, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206,CVE-2007-6417, CVE-2008-0001===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.10Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.10: linux-image-2.6.17-12-386 2.6.17.1-12.43 linux-image-2.6.17-12-generic 2.6.17.1-12.43 linux-image-2.6.17-12-hppa32 2.6.17.1-12.43 linux-image-2.6.17-12-hppa64 2.6.17.1-12.43 linux-image-2.6.17-12-itanium 2.6.17.1-12.43 linux-image-2.6.17-12-mckinley 2.6.17.1-12.43 linux-image-2.6.17-12-powerpc 2.6.17.1-12.43 linux-image-2.6.17-12-powerpc-smp 2.6.17.1-12.43 linux-image-2.6.17-12-powerpc64-smp 2.6.17.1-12.43 linux-image-2.6.17-12-server 2.6.17.1-12.43 linux-image-2.6.17-12-server-bigiron 2.6.17.1-12.43 linux-image-2.6.17-12-sparc64 2.6.17.1-12.43 linux-image-2.6.17-12-sparc64-smp 2.6.17.1-12.43Ubuntu 7.04: linux-image-2.6.20-16-386 2.6.20-16.34 linux-image-2.6.20-16-generic 2.6.20-16.34 linux-image-2.6.20-16-hppa32 2.6.20-16.34 linux-image-2.6.20-16-hppa64 2.6.20-16.34 linux-image-2.6.20-16-itanium 2.6.20-16.34 linux-image-2.6.20-16-lowlatency 2.6.20-16.34 linux-image-2.6.20-16-mckinley 2.6.20-16.34 linux-image-2.6.20-16-powerpc 2.6.20-16.34 linux-image-2.6.20-16-powerpc-smp 2.6.20-16.34 linux-image-2.6.20-16-powerpc64-smp 2.6.20-16.34 linux-image-2.6.20-16-server 2.6.20-16.34 linux-image-2.6.20-16-server-bigiron 2.6.20-16.34 linux-image-2.6.20-16-sparc64 2.6.20-16.34 linux-image-2.6.20-16-sparc64-smp 2.6.20-16.34Ubuntu 7.10: linux-image-2.6.22-14-386 2.6.22-14.51 linux-image-2.6.22-14-cell 2.6.22-14.51 linux-image-2.6.22-14-generic 2.6.22-14.51 linux-image-2.6.22-14-hppa32 2.6.22-14.51 linux-image-2.6.22-14-hppa64 2.6.22-14.51 linux-image-2.6.22-14-itanium 2.6.22-14.51 linux-image-2.6.22-14-lpia 2.6.22-14.51 linux-image-2.6.22-14-lpiacompat 2.6.22-14.51 linux-image-2.6.22-14-mckinley 2.6.22-14.51 linux-image-2.6.22-14-powerpc 2.6.22-14.51 linux-image-2.6.22-14-powerpc-smp 2.6.22-14.51 linux-image-2.6.22-14-powerpc64-smp 2.6.22-14.51 linux-image-2.6.22-14-rt 2.6.22-14.51 linux-image-2.6.22-14-server 2.6.22-14.51 linux-image-2.6.22-14-sparc64 2.6.22-14.51 linux-image-2.6.22-14-sparc64-smp 2.6.22-14.51 linux-image-2.6.22-14-ume 2.6.22-14.51 linux-image-2.6.22-14-virtual 2.6.22-14.51 linux-image-2.6.22-14-xen 2.6.22-14.51After a standard system upgrade you need to reboot your computer toeffect the necessary changes.Details follow:The minix filesystem did not properly validate certain filesystemvalues. If a local attacker could trick the system into attemptingto mount a corrupted minix filesystem, the kernel could be made tohang for long periods of time, resulting in a denial of service.This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2006-6058)The signal handling on PowerPC systems using HTX allowed local usersto cause a denial of service via floating point corruption. This wasonly vulnerable in Ubuntu 6.10 and 7.04. (CVE-2007-3107)The Linux kernel did not properly validate the hop-by-hop IPv6extended header. Remote attackers could send a crafted IPv6 packetand cause a denial of service via kernel panic. This was onlyvulnerable in Ubuntu 7.04. (CVE-2007-4567)The JFFS2 filesystem with ACL support enabled did not properly storepermissions during inode creation and ACL setting. Local users couldpossibly access restricted files after a remount. This was onlyvulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4849)Chris Evans discovered an issue with certain drivers that use theieee80211_rx function. Remote attackers could send a crafted 802.11frame and cause a denial of service via crash. This was onlyvulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4997)Alex Smith discovered an issue with the pwc driver for certain webcamdevices. A local user with physical access to the system could removethe device while a userspace application had it open and cause the USBsubsystem to block. This was only vulnerable in Ubuntu 7.04.(CVE-2007-5093)Scott James Remnant discovered a coding error in ptrace. Local userscould exploit this and cause the kernel to enter an infinite loop.This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-5500)It was discovered that the Linux kernel could dereference a NULLpointer when processing certain IPv4 TCP packets. A remote attackercould send a crafted TCP ACK response and cause a denial of servicevia crash. This was only vulnerable in Ubuntu 7.10. (CVE-2007-5501)Warren Togami discovered that the hrtimer subsystem did not properlycheck for large relative timeouts. A local user could exploit this andcause a denial of service via soft lockup. (CVE-2007-5966)Venustech AD-LAB discovered a buffer overflow in the isdn netsubsystem. This issue is exploitable by local users via crafted inputto the isdn_ioctl function. (CVE-2007-6063)It was discovered that the isdn subsystem did not properly check forNULL termination when performing ioctl handling. A local user couldexploit this to cause a denial of service. (CVE-2007-6151)Blake Frantz discovered that when a root process overwrote an existingcore file, the resulting core file retained the previous core file'sownership. Local users could exploit this to gain access to sensitiveinformation. (CVE-2007-6206)Hugh Dickins discovered the when using the tmpfs filesystem, underrare circumstances, a kernel page may be improperly cleared. A localuser may be able to exploit this and read sensitive kernel data orcause a denial of service via crash. (CVE-2007-6417)Bill Roman discovered that the VFS subsystem did not properly checkaccess modes. A local user may be able to gain removal privileges ondirectories. (CVE-2008-0001)
More...
