USN-966-1: Linux kernel vulnerabilities

4 August 2010

linux, linux-{source-2.6.15,ec2,mvl-dove,ti-omap} vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.04 LTS
  • Ubuntu 6.06 LTS

Summary

Multiple security flaws.

Software Description

  • linux - Linux kernel
  • linux-ec2 - Linux kernel for EC2
  • linux-mvl-dove - Linux kernel for MVL Dove
  • linux-ti-omap - Linux kernel for TI Omap
  • linux-source-2.6.15 - Linux kernel

Details

Junjiro R. Okajima discovered that knfsd did not correctly handle strict overcommit. A local attacker could exploit this to crash knfsd, leading to a denial of service. (Only Ubuntu 6.06 LTS and 8.04 LTS were affected.) (CVE-2008-7256, CVE-2010-1643)

Chris Guo, Jukka Taimisto, and Olli Jarva discovered that SCTP did not correctly handle invalid parameters. A remote attacker could send specially crafted traffic that could crash the system, leading to a denial of service. (CVE-2010-1173)

Mario Mikocevic discovered that GFS2 did not correctly handle certain quota structures. A local attacker could exploit this to crash the system, leading to a denial of service. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1436)

Toshiyuki Okajima discovered that the kernel keyring did not correctly handle dead keyrings. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-1437)

Brad Spengler discovered that Sparc did not correctly implement non-executable stacks. This made userspace applications vulnerable to exploits that would have been otherwise blocked due to non-executable memory protections. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1451)

Dan Rosenberg discovered that the btrfs clone function did not correctly validate permissions. A local attacker could exploit this to read sensitive information, leading to a loss of privacy. (Only Ubuntu 9.10 was affected.) (CVE-2010-1636)

Dan Rosenberg discovered that GFS2 set_flags function did not correctly validate permissions. A local attacker could exploit this to gain access to files, leading to a loss of privacy and potential privilege escalation. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1641)

Shi Weihua discovered that btrfs xattr_set_acl function did not correctly validate permissions. A local attacker could exploit this to gain access to files, leading to a loss of privacy and potential privilege escalation. (Only Ubuntu 9.10 and 10.04 LTS were affected.) (CVE-2010-2071)

Andre Osterhues discovered that eCryptfs did not correctly calculate hash values. A local attacker with certain uids could exploit this to crash the system or potentially gain root privileges. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-2492)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.04 LTS
linux-image-2.6.32-207-dove - 2.6.32-207.21
linux-image-2.6.32-24-386 - 2.6.32-24.39
linux-image-2.6.32-24-generic - 2.6.32-24.39
linux-image-2.6.32-24-generic-pae - 2.6.32-24.39
linux-image-2.6.32-24-ia64 - 2.6.32-24.39
linux-image-2.6.32-24-lpia - 2.6.32-24.39
linux-image-2.6.32-24-powerpc - 2.6.32-24.39
linux-image-2.6.32-24-powerpc-smp - 2.6.32-24.39
linux-image-2.6.32-24-powerpc64-smp - 2.6.32-24.39
linux-image-2.6.32-24-preempt - 2.6.32-24.39
linux-image-2.6.32-24-server - 2.6.32-24.39
linux-image-2.6.32-24-sparc64 - 2.6.32-24.39
linux-image-2.6.32-24-sparc64-smp - 2.6.32-24.39
linux-image-2.6.32-24-versatile - 2.6.32-24.39
linux-image-2.6.32-24-virtual - 2.6.32-24.39
linux-image-2.6.32-308-ec2 - 2.6.32-308.14
linux-image-2.6.33-502-omap - 2.6.33-502.9
Ubuntu 9.10
linux-image-2.6.31-214-dove - 2.6.31-214.29
linux-image-2.6.31-214-dove-z0 - 2.6.31-214.29
linux-image-2.6.31-22-386 - 2.6.31-22.61
linux-image-2.6.31-22-generic - 2.6.31-22.61
linux-image-2.6.31-22-generic-pae - 2.6.31-22.61
linux-image-2.6.31-22-ia64 - 2.6.31-22.61
linux-image-2.6.31-22-lpia - 2.6.31-22.61
linux-image-2.6.31-22-powerpc - 2.6.31-22.61
linux-image-2.6.31-22-powerpc-smp - 2.6.31-22.61
linux-image-2.6.31-22-powerpc64-smp - 2.6.31-22.61
linux-image-2.6.31-22-server - 2.6.31-22.61
linux-image-2.6.31-22-sparc64 - 2.6.31-22.61
linux-image-2.6.31-22-sparc64-smp - 2.6.31-22.61
linux-image-2.6.31-22-virtual - 2.6.31-22.61
linux-image-2.6.31-307-ec2 - 2.6.31-307.16
Ubuntu 9.04
linux-image-2.6.28-19-generic - 2.6.28-19.62
linux-image-2.6.28-19-imx51 - 2.6.28-19.62
linux-image-2.6.28-19-iop32x - 2.6.28-19.62
linux-image-2.6.28-19-ixp4xx - 2.6.28-19.62
linux-image-2.6.28-19-lpia - 2.6.28-19.62
linux-image-2.6.28-19-server - 2.6.28-19.62
linux-image-2.6.28-19-versatile - 2.6.28-19.62
linux-image-2.6.28-19-virtual - 2.6.28-19.62
Ubuntu 8.04 LTS
linux-image-2.6.24-28-386 - 2.6.24-28.73
linux-image-2.6.24-28-generic - 2.6.24-28.73
linux-image-2.6.24-28-hppa32 - 2.6.24-28.73
linux-image-2.6.24-28-hppa64 - 2.6.24-28.73
linux-image-2.6.24-28-itanium - 2.6.24-28.73
linux-image-2.6.24-28-lpia - 2.6.24-28.73
linux-image-2.6.24-28-lpiacompat - 2.6.24-28.73
linux-image-2.6.24-28-mckinley - 2.6.24-28.73
linux-image-2.6.24-28-openvz - 2.6.24-28.73
linux-image-2.6.24-28-powerpc - 2.6.24-28.73
linux-image-2.6.24-28-powerpc-smp - 2.6.24-28.73
linux-image-2.6.24-28-powerpc64-smp - 2.6.24-28.73
linux-image-2.6.24-28-rt - 2.6.24-28.73
linux-image-2.6.24-28-server - 2.6.24-28.73
linux-image-2.6.24-28-sparc64 - 2.6.24-28.73
linux-image-2.6.24-28-sparc64-smp - 2.6.24-28.73
linux-image-2.6.24-28-virtual - 2.6.24-28.73
linux-image-2.6.24-28-xen - 2.6.24-28.73
Ubuntu 6.06 LTS
linux-image-2.6.15-55-386 - 2.6.15-55.86
linux-image-2.6.15-55-686 - 2.6.15-55.86
linux-image-2.6.15-55-amd64-generic - 2.6.15-55.86
linux-image-2.6.15-55-amd64-k8 - 2.6.15-55.86
linux-image-2.6.15-55-amd64-server - 2.6.15-55.86
linux-image-2.6.15-55-amd64-xeon - 2.6.15-55.86
linux-image-2.6.15-55-hppa32 - 2.6.15-55.86
linux-image-2.6.15-55-hppa32-smp - 2.6.15-55.86
linux-image-2.6.15-55-hppa64 - 2.6.15-55.86
linux-image-2.6.15-55-hppa64-smp - 2.6.15-55.86
linux-image-2.6.15-55-itanium - 2.6.15-55.86
linux-image-2.6.15-55-itanium-smp - 2.6.15-55.86
linux-image-2.6.15-55-k7 - 2.6.15-55.86
linux-image-2.6.15-55-mckinley - 2.6.15-55.86
linux-image-2.6.15-55-mckinley-smp - 2.6.15-55.86
linux-image-2.6.15-55-powerpc - 2.6.15-55.86
linux-image-2.6.15-55-powerpc-smp - 2.6.15-55.86
linux-image-2.6.15-55-powerpc64-smp - 2.6.15-55.86
linux-image-2.6.15-55-server - 2.6.15-55.86
linux-image-2.6.15-55-server-bigiron - 2.6.15-55.86
linux-image-2.6.15-55-sparc64 - 2.6.15-55.86
linux-image-2.6.15-55-sparc64-smp - 2.6.15-55.86

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References