USN-187-1: Linux kernel vulnerabilities

25 September 2005

linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

A Denial of Service vulnerability was detected in the stack segment fault handler. A local attacker could exploit this by causing stack fault exceptions under special circumstances (scheduling), which lead to a kernel crash. (CAN-2005-1767)

Vasiliy Averin discovered a Denial of Service vulnerability in the “tiocgdev” ioctl call and in the “routing_ioctl” function. By calling fget() and fput() in special ways, a local attacker could exploit this to destroy file descriptor structures and crash the kernel. (CAN-2005-3044)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
linux-image-2.6.10-5-386
linux-image-2.6.10-5-686
linux-image-2.6.10-5-686-smp
linux-image-2.6.10-5-amd64-generic
linux-image-2.6.10-5-amd64-k8
linux-image-2.6.10-5-amd64-k8-smp
linux-image-2.6.10-5-amd64-xeon
linux-image-2.6.10-5-itanium
linux-image-2.6.10-5-itanium-smp
linux-image-2.6.10-5-k7
linux-image-2.6.10-5-k7-smp
linux-image-2.6.10-5-mckinley
linux-image-2.6.10-5-mckinley-smp
linux-image-2.6.10-5-power3
linux-image-2.6.10-5-power3-smp
linux-image-2.6.10-5-power4
linux-image-2.6.10-5-power4-smp
linux-image-2.6.10-5-powerpc
linux-image-2.6.10-5-powerpc-smp
linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-patch-debian-2.6.8.1
linux-patch-ubuntu-2.6.10
Ubuntu 4.10
linux-image-2.6.10-5-386
linux-image-2.6.10-5-686
linux-image-2.6.10-5-686-smp
linux-image-2.6.10-5-amd64-generic
linux-image-2.6.10-5-amd64-k8
linux-image-2.6.10-5-amd64-k8-smp
linux-image-2.6.10-5-amd64-xeon
linux-image-2.6.10-5-itanium
linux-image-2.6.10-5-itanium-smp
linux-image-2.6.10-5-k7
linux-image-2.6.10-5-k7-smp
linux-image-2.6.10-5-mckinley
linux-image-2.6.10-5-mckinley-smp
linux-image-2.6.10-5-power3
linux-image-2.6.10-5-power3-smp
linux-image-2.6.10-5-power4
linux-image-2.6.10-5-power4-smp
linux-image-2.6.10-5-powerpc
linux-image-2.6.10-5-powerpc-smp
linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-patch-debian-2.6.8.1
linux-patch-ubuntu-2.6.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References