USN-1057-1: Linux kernel vulnerabilities

3 February 2011

linux-source-2.6.15 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.06 LTS

Summary

Multiple vulnerabilities in Linux kernel.

Software Description

  • linux-source-2.6.15 - ACPI support modules (udeb)

Details

Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. A remote attacker could exploit this to read or write disk blocks that had changed file assignment or had become unlinked, leading to a loss of privacy. (CVE-2010-2943)

Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3297)

Kees Cook and Vasiliy Kulikov discovered that the shm interface did not clear kernel memory correctly. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4072)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06 LTS
linux-image-2.6.15-55-386 - 2.6.15-55.91
linux-image-2.6.15-55-686 - 2.6.15-55.91
linux-image-2.6.15-55-amd64-generic - 2.6.15-55.91
linux-image-2.6.15-55-amd64-k8 - 2.6.15-55.91
linux-image-2.6.15-55-amd64-server - 2.6.15-55.91
linux-image-2.6.15-55-amd64-xeon - 2.6.15-55.91
linux-image-2.6.15-55-hppa32 - 2.6.15-55.91
linux-image-2.6.15-55-hppa32-smp - 2.6.15-55.91
linux-image-2.6.15-55-hppa64 - 2.6.15-55.91
linux-image-2.6.15-55-hppa64-smp - 2.6.15-55.91
linux-image-2.6.15-55-itanium - 2.6.15-55.91
linux-image-2.6.15-55-itanium-smp - 2.6.15-55.91
linux-image-2.6.15-55-k7 - 2.6.15-55.91
linux-image-2.6.15-55-mckinley - 2.6.15-55.91
linux-image-2.6.15-55-mckinley-smp - 2.6.15-55.91
linux-image-2.6.15-55-powerpc - 2.6.15-55.91
linux-image-2.6.15-55-powerpc-smp - 2.6.15-55.91
linux-image-2.6.15-55-powerpc64-smp - 2.6.15-55.91
linux-image-2.6.15-55-server - 2.6.15-55.91
linux-image-2.6.15-55-server-bigiron - 2.6.15-55.91
linux-image-2.6.15-55-sparc64 - 2.6.15-55.91
linux-image-2.6.15-55-sparc64-smp - 2.6.15-55.91

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References