USN-947-1: Linux kernel vulnerabilities

3 June 2010

linux, linux-source-2.6.15 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.04 LTS
  • Ubuntu 6.06 LTS

Summary

Multiple flaws in the Linux kernel.

Software Description

  • linux - Linux kernel
  • linux-ec2 - Linux kernel for EC2
  • linux-fsl-imx51 - Linux kernel for fsl-imx51 ARM
  • linux-mvl-dove - Linux kernel for mvl-dove ARM
  • linux-qcm-msm - Linux kernel for qcm-msm ARM
  • linux-ti-omap - Linux kernel for ti-omap ARM
  • linux-source-2.6.15 - Linux kernel

Details

It was discovered that the Linux kernel did not correctly handle memory protection of the Virtual Dynamic Shared Object page when running a 32-bit application on a 64-bit kernel. A local attacker could exploit this to cause a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2009-4271)

It was discovered that the r8169 network driver did not correctly check the size of Ethernet frames. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2009-4537)

Wei Yongjun discovered that SCTP did not correctly validate certain chunks. A remote attacker could send specially crafted traffic to monopolize CPU resources, leading to a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2010-0008)

It was discovered that KVM did not correctly limit certain privileged IO accesses on x86. Processes in the guest OS with access to IO regions could gain further privileges within the guest OS. (Did not affect Ubuntu 6.06 LTS.) (CVE-2010-0298, CVE-2010-0306, CVE-2010-0419)

Evgeniy Polyakov discovered that IPv6 did not correctly handle certain TUN packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0437)

Sachin Prabhu discovered that GFS2 did not correctly handle certain locks. A local attacker with write access to a GFS2 filesystem could exploit this to crash the system, leading to a denial of service. (CVE-2010-0727)

Jamie Strandboge discovered that network virtio in KVM did not correctly handle certain high-traffic conditions. A remote attacker could exploit this by sending specially crafted traffic to a guest OS, causing the guest to crash, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0741)

Marcus Meissner discovered that the USB subsystem did not correctly handle certain error conditions. A local attacker with access to a USB device could exploit this to read recently used kernel memory, leading to a loss of privacy and potentially root privilege escalation. (CVE-2010-1083)

Neil Brown discovered that the Bluetooth subsystem did not correctly handle large amounts of traffic. A physically proximate remote attacker could exploit this by sending specially crafted traffic that would consume all available system memory, leading to a denial of service. (Ubuntu 6.06 LTS and 10.04 LTS were not affected.) (CVE-2010-1084)

Jody Bruchon discovered that the sound driver for the AMD780V did not correctly handle certain conditions. A local attacker with access to this hardward could exploit the flaw to cause a system crash, leading to a denial of service. (CVE-2010-1085)

Ang Way Chuang discovered that the DVB driver did not correctly handle certain MPEG2-TS frames. An attacker could exploit this by delivering specially crafted frames to monopolize CPU resources, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1086)

Trond Myklebust discovered that NFS did not correctly handle truncation under certain conditions. A local attacker with write access to an NFS share could exploit this to crash the system, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1087)

Al Viro discovered that automount of NFS did not correctly handle symlinks under certain conditions. A local attacker could exploit this to crash the system, leading to a denial of service. (Ubuntu 6.06 LTS and Ubuntu 10.04 LTS were not affected.) (CVE-2010-1088)

Matt McCutchen discovered that ReiserFS did not correctly protect xattr files in the .reiserfs_priv directory. A local attacker could exploit this to gain root privileges or crash the system, leading to a denial of service. (CVE-2010-1146)

Eugene Teo discovered that CIFS did not correctly validate arguments when creating new files. A local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges if mmap_min_addr was not set. (CVE-2010-1148)

Catalin Marinas and Tetsuo Handa discovered that the TTY layer did not correctly release process IDs. A local attacker could exploit this to consume kernel resources, leading to a denial of service. (CVE-2010-1162)

Neil Horman discovered that TIPC did not correctly check its internal state. A local attacker could send specially crafted packets via AF_TIPC that would cause the system to crash, leading to a denial of service. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1187)

Masayuki Nakagawa discovered that IPv6 did not correctly handle certain settings when listening. If a socket were listening with the IPV6_RECVPKTINFO flag, a remote attacker could send specially crafted traffic that would cause the system to crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2010-1188)

Oleg Nesterov discovered that the Out-Of-Memory handler did not correctly handle certain arrangements of processes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-1488)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.04 LTS
linux-image-2.6.31-608-imx51 - 2.6.31-608.14
linux-image-2.6.31-802-st1-5 - 2.6.31-802.4
linux-image-2.6.32-205-dove - 2.6.32-205.18
linux-image-2.6.32-22-386 - 2.6.32-22.35
linux-image-2.6.32-22-386-dbgsym - 2.6.32-22.35
linux-image-2.6.32-22-generic - 2.6.32-22.35
linux-image-2.6.32-22-generic-dbgsym - 2.6.32-22.35
linux-image-2.6.32-22-generic-pae - 2.6.32-22.35
linux-image-2.6.32-22-generic-pae-dbgsym - 2.6.32-22.35
linux-image-2.6.32-22-ia64 - 2.6.32-22.35
linux-image-2.6.32-22-ia64-dbgsym - 2.6.32-22.35
linux-image-2.6.32-22-lpia - 2.6.32-22.35
linux-image-2.6.32-22-lpia-dbgsym - 2.6.32-22.35
linux-image-2.6.32-22-powerpc - 2.6.32-22.35
linux-image-2.6.32-22-powerpc-dbgsym - 2.6.32-22.35
linux-image-2.6.32-22-powerpc-smp - 2.6.32-22.35
linux-image-2.6.32-22-powerpc-smp-dbgsym - 2.6.32-22.35
linux-image-2.6.32-22-powerpc64-smp - 2.6.32-22.35
linux-image-2.6.32-22-powerpc64-smp-dbgsym - 2.6.32-22.35
linux-image-2.6.32-22-preempt - 2.6.32-22.35
linux-image-2.6.32-22-preempt-dbgsym - 2.6.32-22.35
linux-image-2.6.32-22-server - 2.6.32-22.35
linux-image-2.6.32-22-server-dbgsym - 2.6.32-22.35
linux-image-2.6.32-22-sparc64 - 2.6.32-22.35
linux-image-2.6.32-22-sparc64-dbgsym - 2.6.32-22.35
linux-image-2.6.32-22-sparc64-smp - 2.6.32-22.35
linux-image-2.6.32-22-sparc64-smp-dbgsym - 2.6.32-22.35
linux-image-2.6.32-22-versatile - 2.6.32-22.35
linux-image-2.6.32-22-versatile-dbgsym - 2.6.32-22.35
linux-image-2.6.32-22-virtual - 2.6.32-22.35
linux-image-2.6.32-306-ec2 - 2.6.32-306.11
linux-image-2.6.33-501-omap - 2.6.33-501.7
Ubuntu 9.10
linux-image-2.6.31-112-imx51 - 2.6.31-112.28
linux-image-2.6.31-214-dove - 2.6.31-214.28
linux-image-2.6.31-214-dove-z0 - 2.6.31-214.28
linux-image-2.6.31-22-386 - 2.6.31-22.60
linux-image-2.6.31-22-generic - 2.6.31-22.60
linux-image-2.6.31-22-generic-pae - 2.6.31-22.60
linux-image-2.6.31-22-ia64 - 2.6.31-22.60
linux-image-2.6.31-22-lpia - 2.6.31-22.60
linux-image-2.6.31-22-powerpc - 2.6.31-22.60
linux-image-2.6.31-22-powerpc-smp - 2.6.31-22.60
linux-image-2.6.31-22-powerpc64-smp - 2.6.31-22.60
linux-image-2.6.31-22-server - 2.6.31-22.60
linux-image-2.6.31-22-sparc64 - 2.6.31-22.60
linux-image-2.6.31-22-sparc64-smp - 2.6.31-22.60
linux-image-2.6.31-22-virtual - 2.6.31-22.60
linux-image-2.6.31-307-ec2 - 2.6.31-307.15
Ubuntu 9.04
linux-image-2.6.28-19-generic - 2.6.28-19.61
linux-image-2.6.28-19-imx51 - 2.6.28-19.61
linux-image-2.6.28-19-iop32x - 2.6.28-19.61
linux-image-2.6.28-19-ixp4xx - 2.6.28-19.61
linux-image-2.6.28-19-lpia - 2.6.28-19.61
linux-image-2.6.28-19-server - 2.6.28-19.61
linux-image-2.6.28-19-versatile - 2.6.28-19.61
linux-image-2.6.28-19-virtual - 2.6.28-19.61
Ubuntu 8.04 LTS
linux-image-2.6.24-28-386 - 2.6.24-28.70
linux-image-2.6.24-28-generic - 2.6.24-28.70
linux-image-2.6.24-28-hppa32 - 2.6.24-28.70
linux-image-2.6.24-28-hppa64 - 2.6.24-28.70
linux-image-2.6.24-28-itanium - 2.6.24-28.70
linux-image-2.6.24-28-lpia - 2.6.24-28.70
linux-image-2.6.24-28-lpiacompat - 2.6.24-28.70
linux-image-2.6.24-28-mckinley - 2.6.24-28.70
linux-image-2.6.24-28-openvz - 2.6.24-28.70
linux-image-2.6.24-28-powerpc - 2.6.24-28.70
linux-image-2.6.24-28-powerpc-smp - 2.6.24-28.70
linux-image-2.6.24-28-powerpc64-smp - 2.6.24-28.70
linux-image-2.6.24-28-rt - 2.6.24-28.70
linux-image-2.6.24-28-server - 2.6.24-28.70
linux-image-2.6.24-28-sparc64 - 2.6.24-28.70
linux-image-2.6.24-28-sparc64-smp - 2.6.24-28.70
linux-image-2.6.24-28-virtual - 2.6.24-28.70
linux-image-2.6.24-28-xen - 2.6.24-28.70
Ubuntu 6.06 LTS
linux-image-2.6.15-55-386 - 2.6.15-55.84
linux-image-2.6.15-55-686 - 2.6.15-55.84
linux-image-2.6.15-55-amd64-generic - 2.6.15-55.84
linux-image-2.6.15-55-amd64-k8 - 2.6.15-55.84
linux-image-2.6.15-55-amd64-server - 2.6.15-55.84
linux-image-2.6.15-55-amd64-xeon - 2.6.15-55.84
linux-image-2.6.15-55-hppa32 - 2.6.15-55.84
linux-image-2.6.15-55-hppa32-smp - 2.6.15-55.84
linux-image-2.6.15-55-hppa64 - 2.6.15-55.84
linux-image-2.6.15-55-hppa64-smp - 2.6.15-55.84
linux-image-2.6.15-55-itanium - 2.6.15-55.84
linux-image-2.6.15-55-itanium-smp - 2.6.15-55.84
linux-image-2.6.15-55-k7 - 2.6.15-55.84
linux-image-2.6.15-55-mckinley - 2.6.15-55.84
linux-image-2.6.15-55-mckinley-smp - 2.6.15-55.84
linux-image-2.6.15-55-powerpc - 2.6.15-55.84
linux-image-2.6.15-55-powerpc-smp - 2.6.15-55.84
linux-image-2.6.15-55-powerpc64-smp - 2.6.15-55.84
linux-image-2.6.15-55-server - 2.6.15-55.84
linux-image-2.6.15-55-server-bigiron - 2.6.15-55.84
linux-image-2.6.15-55-sparc64 - 2.6.15-55.84
linux-image-2.6.15-55-sparc64-smp - 2.6.15-55.84

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well.

References