USN-1071-1: Linux kernel vulnerabilities

25 February 2011

linux-source-2.6.15 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.06 LTS

Summary

Software Description

  • linux-source-2.6.15

Details

Tavis Ormandy discovered that the Linux kernel did not properly implement exception fixup. A local attacker could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-3086)

Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. (CVE-2010-3859)

Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-3873)

Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)

Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3876)

Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. (CVE-2010-3880)

Dan Rosenberg discovered that the SiS video driver did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4078)

Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080, CVE-2010-4081)

Dan Rosenberg discovered that the semctl syscall did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4083)

James Bottomley discovered that the ICP vortex storage array controller driver did not validate certain sizes. A local attacker on a 64bit system could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-4157)

Dan Rosenberg discovered that the Linux kernel L2TP implementation contained multiple integer signedness errors. A local attacker could exploit this to to crash the kernel, or possibly gain root privileges. (CVE-2010-4160)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06 LTS
linux-image-2.6.15-55-386 - 2.6.15-55.93
linux-image-2.6.15-55-686 - 2.6.15-55.93
linux-image-2.6.15-55-amd64-generic - 2.6.15-55.93
linux-image-2.6.15-55-amd64-k8 - 2.6.15-55.93
linux-image-2.6.15-55-amd64-server - 2.6.15-55.93
linux-image-2.6.15-55-amd64-xeon - 2.6.15-55.93
linux-image-2.6.15-55-hppa32 - 2.6.15-55.93
linux-image-2.6.15-55-hppa32-smp - 2.6.15-55.93
linux-image-2.6.15-55-hppa64 - 2.6.15-55.93
linux-image-2.6.15-55-hppa64-smp - 2.6.15-55.93
linux-image-2.6.15-55-itanium - 2.6.15-55.93
linux-image-2.6.15-55-itanium-smp - 2.6.15-55.93
linux-image-2.6.15-55-k7 - 2.6.15-55.93
linux-image-2.6.15-55-mckinley - 2.6.15-55.93
linux-image-2.6.15-55-mckinley-smp - 2.6.15-55.93
linux-image-2.6.15-55-powerpc - 2.6.15-55.93
linux-image-2.6.15-55-powerpc-smp - 2.6.15-55.93
linux-image-2.6.15-55-powerpc64-smp - 2.6.15-55.93
linux-image-2.6.15-55-server - 2.6.15-55.93
linux-image-2.6.15-55-server-bigiron - 2.6.15-55.93
linux-image-2.6.15-55-sparc64 - 2.6.15-55.93
linux-image-2.6.15-55-sparc64-smp - 2.6.15-55.93

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References