USN-39-1: Linux amd64 kernel vulnerability

17 December 2004

linux-source-2.6.8.1 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

USN-30-1 fixed several flaws in the Linux ELF binary loader’s handling of setuid binaries. Unfortunately it was found that these patches were not sufficient to prevent all possible attacks on 64-bit platforms, so previous amd64 kernel images were still vulnerable to root privilege escalation if setuid binaries were run under certain conditions.

This issue does not affect the i386 and powerpc platforms.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
linux-image-2.6.8.1-4-amd64-generic
linux-image-2.6.8.1-4-amd64-k8
linux-image-2.6.8.1-4-amd64-k8-smp
linux-image-2.6.8.1-4-amd64-xeon

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References