USN-679-1: Linux kernel vulnerabilities

27 November 2008

linux, linux-source-2.6.1522 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.10
  • Ubuntu 8.04 LTS
  • Ubuntu 7.10
  • Ubuntu 6.06 LTS

Software Description

  • linux
  • linux-backports-modules-2.6.27
  • linux-restricted-modules
  • linux-backports-modules-2.6.24
  • linux-restricted-modules-2.6.24
  • linux-ubuntu-modules-2.6.24
  • linux-backports-modules-2.6.22
  • linux-restricted-modules-2.6.22
  • linux-source-2.6.22
  • linux-ubuntu-modules-2.6.22
  • linux-backports-modules-2.6.15
  • linux-restricted-modules-2.6.15
  • linux-source-2.6.15

Details

It was discovered that the Xen hypervisor block driver did not correctly validate requests. A user with root privileges in a guest OS could make a malicious IO request with a large number of blocks that would crash the host OS, leading to a denial of service. This only affected Ubuntu 7.10. (CVE-2007-5498)

It was discovered the the i915 video driver did not correctly validate memory addresses. A local attacker could exploit this to remap memory that could cause a system crash, leading to a denial of service. This issue did not affect Ubuntu 6.06 and was previous fixed for Ubuntu 7.10 and 8.04 in USN-659-1. Ubuntu 8.10 has now been corrected as well. (CVE-2008-3831)

David Watson discovered that the kernel did not correctly strip permissions when creating files in setgid directories. A local user could exploit this to gain additional group privileges. This issue only affected Ubuntu 6.06. (CVE-2008-4210)

Olaf Kirch and Miklos Szeredi discovered that the Linux kernel did not correctly reject the “append” flag when handling file splice requests. A local attacker could bypass append mode and make changes to arbitrary locations in a file. This issue only affected Ubuntu 7.10 and 8.04. (CVE-2008-4554)

It was discovered that the SCTP stack did not correctly handle INIT-ACK. A remote user could exploit this by sending specially crafted SCTP traffic which would trigger a crash in the system, leading to a denial of service. This issue did not affect Ubuntu 8.10. (CVE-2008-4576)

It was discovered that the SCTP stack did not correctly handle bad packet lengths. A remote user could exploit this by sending specially crafted SCTP traffic which would trigger a crash in the system, leading to a denial of service. This issue did not affect Ubuntu 8.10. (CVE-2008-4618)

Eric Sesterhenn discovered multiple flaws in the HFS+ filesystem. If a local user or automated system were tricked into mounting a malicious HFS+ filesystem, the system could crash, leading to a denial of service. (CVE-2008-4933, CVE-2008-4934, CVE-2008-5025)

It was discovered that the Unix Socket handler did not correctly process the SCM_RIGHTS message. A local attacker could make a malicious socket request that would crash the system, leading to a denial of service. (CVE-2008-5029)

It was discovered that the driver for simple i2c audio interfaces did not correctly validate certain function pointers. A local user could exploit this to gain root privileges or crash the system, leading to a denial of service. (CVE-2008-5033)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.10
linux-image-2.6.27-9-generic - 2.6.27-9.19
linux-image-2.6.27-9-server - 2.6.27-9.19
linux-image-2.6.27-9-virtual - 2.6.27-9.19
Ubuntu 8.04 LTS
linux-image-2.6.24-22-386 - 2.6.24-22.45
linux-image-2.6.24-22-generic - 2.6.24-22.45
linux-image-2.6.24-22-hppa32 - 2.6.24-22.45
linux-image-2.6.24-22-hppa64 - 2.6.24-22.45
linux-image-2.6.24-22-itanium - 2.6.24-22.45
linux-image-2.6.24-22-lpia - 2.6.24-22.45
linux-image-2.6.24-22-lpiacompat - 2.6.24-22.45
linux-image-2.6.24-22-mckinley - 2.6.24-22.45
linux-image-2.6.24-22-openvz - 2.6.24-22.45
linux-image-2.6.24-22-powerpc - 2.6.24-22.45
linux-image-2.6.24-22-powerpc-smp - 2.6.24-22.45
linux-image-2.6.24-22-powerpc64-smp - 2.6.24-22.45
linux-image-2.6.24-22-rt - 2.6.24-22.45
linux-image-2.6.24-22-server - 2.6.24-22.45
linux-image-2.6.24-22-sparc64 - 2.6.24-22.45
linux-image-2.6.24-22-sparc64-smp - 2.6.24-22.45
linux-image-2.6.24-22-virtual - 2.6.24-22.45
linux-image-2.6.24-22-xen - 2.6.24-22.45
Ubuntu 7.10
linux-image-2.6.22-16-386 - 2.6.22-16.60
linux-image-2.6.22-16-cell - 2.6.22-16.60
linux-image-2.6.22-16-generic - 2.6.22-16.60
linux-image-2.6.22-16-hppa32 - 2.6.22-16.60
linux-image-2.6.22-16-hppa64 - 2.6.22-16.60
linux-image-2.6.22-16-itanium - 2.6.22-16.60
linux-image-2.6.22-16-lpia - 2.6.22-16.60
linux-image-2.6.22-16-lpiacompat - 2.6.22-16.60
linux-image-2.6.22-16-mckinley - 2.6.22-16.60
linux-image-2.6.22-16-powerpc - 2.6.22-16.60
linux-image-2.6.22-16-powerpc-smp - 2.6.22-16.60
linux-image-2.6.22-16-powerpc64-smp - 2.6.22-16.60
linux-image-2.6.22-16-rt - 2.6.22-16.60
linux-image-2.6.22-16-server - 2.6.22-16.60
linux-image-2.6.22-16-sparc64 - 2.6.22-16.60
linux-image-2.6.22-16-sparc64-smp - 2.6.22-16.60
linux-image-2.6.22-16-ume - 2.6.22-16.60
linux-image-2.6.22-16-virtual - 2.6.22-16.60
linux-image-2.6.22-16-xen - 2.6.22-16.60
Ubuntu 6.06 LTS
linux-image-2.6.15-53-386 - 2.6.15-53.74
linux-image-2.6.15-53-686 - 2.6.15-53.74
linux-image-2.6.15-53-amd64-generic - 2.6.15-53.74
linux-image-2.6.15-53-amd64-k8 - 2.6.15-53.74
linux-image-2.6.15-53-amd64-server - 2.6.15-53.74
linux-image-2.6.15-53-amd64-xeon - 2.6.15-53.74
linux-image-2.6.15-53-hppa32 - 2.6.15-53.74
linux-image-2.6.15-53-hppa32-smp - 2.6.15-53.74
linux-image-2.6.15-53-hppa64 - 2.6.15-53.74
linux-image-2.6.15-53-hppa64-smp - 2.6.15-53.74
linux-image-2.6.15-53-itanium - 2.6.15-53.74
linux-image-2.6.15-53-itanium-smp - 2.6.15-53.74
linux-image-2.6.15-53-k7 - 2.6.15-53.74
linux-image-2.6.15-53-mckinley - 2.6.15-53.74
linux-image-2.6.15-53-mckinley-smp - 2.6.15-53.74
linux-image-2.6.15-53-powerpc - 2.6.15-53.74
linux-image-2.6.15-53-powerpc-smp - 2.6.15-53.74
linux-image-2.6.15-53-powerpc64-smp - 2.6.15-53.74
linux-image-2.6.15-53-server - 2.6.15-53.74
linux-image-2.6.15-53-server-bigiron - 2.6.15-53.74
linux-image-2.6.15-53-sparc64 - 2.6.15-53.74
linux-image-2.6.15-53-sparc64-smp - 2.6.15-53.74

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well.

References