USN-137-1: Linux kernel vulnerabilities

8 June 2005

linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Alexander Nyberg discovered that ptrace() insufficiently validated addresses on the amd64 platform so that it was possible to set an invalid segment base. A local attacker could exploit this to crash the kernel. This does not affect the i386 and powerpc platforms in any way. (CAN-2005-0756)

Chris Wright discovered that the mmap() function could create illegal memory maps (using the “mmap” function) with the start address pointing beyond the end address. A local user could exploit this to crash the kernel or possibly even execute arbitrary code with kernel privileges. (CAN-2005-1265)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
linux-image-2.6.10-5-386
linux-image-2.6.10-5-686
linux-image-2.6.10-5-686-smp
linux-image-2.6.10-5-amd64-generic
linux-image-2.6.10-5-amd64-k8
linux-image-2.6.10-5-amd64-k8-smp
linux-image-2.6.10-5-amd64-xeon
linux-image-2.6.10-5-itanium
linux-image-2.6.10-5-itanium-smp
linux-image-2.6.10-5-k7
linux-image-2.6.10-5-k7-smp
linux-image-2.6.10-5-mckinley
linux-image-2.6.10-5-mckinley-smp
linux-image-2.6.10-5-power3
linux-image-2.6.10-5-power3-smp
linux-image-2.6.10-5-power4
linux-image-2.6.10-5-power4-smp
linux-image-2.6.10-5-powerpc
linux-image-2.6.10-5-powerpc-smp
linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-patch-debian-2.6.8.1
linux-patch-ubuntu-2.6.10
Ubuntu 4.10
linux-image-2.6.10-5-386
linux-image-2.6.10-5-686
linux-image-2.6.10-5-686-smp
linux-image-2.6.10-5-amd64-generic
linux-image-2.6.10-5-amd64-k8
linux-image-2.6.10-5-amd64-k8-smp
linux-image-2.6.10-5-amd64-xeon
linux-image-2.6.10-5-itanium
linux-image-2.6.10-5-itanium-smp
linux-image-2.6.10-5-k7
linux-image-2.6.10-5-k7-smp
linux-image-2.6.10-5-mckinley
linux-image-2.6.10-5-mckinley-smp
linux-image-2.6.10-5-power3
linux-image-2.6.10-5-power3-smp
linux-image-2.6.10-5-power4
linux-image-2.6.10-5-power4-smp
linux-image-2.6.10-5-powerpc
linux-image-2.6.10-5-powerpc-smp
linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-patch-debian-2.6.8.1
linux-patch-ubuntu-2.6.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References