USN-988-1: Linux kernel vulnerabilities

17 September 2010

linux, linux-source-2.6.15 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.04 LTS
  • Ubuntu 6.06 LTS

Summary

Local root privilege escalations.

Software Description

  • linux - Block storage devices (udeb)
  • linux-source-2.6.15 - ACPI support modules (udeb)

Details

Ben Hawkes discovered that the Linux kernel did not correctly validate memory ranges on 64bit kernels when allocating memory on behalf of 32bit system calls. On a 64bit system, a local attacker could perform malicious multicast getsockopt calls to gain root privileges. (CVE-2010-3081)

Ben Hawkes discovered that the Linux kernel did not correctly filter registers on 64bit kernels when performing 32bit system calls. On a 64bit system, a local attacker could manipulate 32bit system calls to gain root privileges. (Ubuntu 6.06 LTS and 8.04 LTS were not affected.) (CVE-2010-3301)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.04 LTS
linux-image-2.6.32-24-386 - 2.6.32-24.43
linux-image-2.6.32-24-386-dbgsym - 2.6.32-24.43
linux-image-2.6.32-24-generic - 2.6.32-24.43
linux-image-2.6.32-24-generic-dbgsym - 2.6.32-24.43
linux-image-2.6.32-24-generic-pae - 2.6.32-24.43
linux-image-2.6.32-24-generic-pae-dbgsym - 2.6.32-24.43
linux-image-2.6.32-24-ia64 - 2.6.32-24.43
linux-image-2.6.32-24-ia64-dbgsym - 2.6.32-24.43
linux-image-2.6.32-24-lpia - 2.6.32-24.43
linux-image-2.6.32-24-lpia-dbgsym - 2.6.32-24.43
linux-image-2.6.32-24-powerpc - 2.6.32-24.43
linux-image-2.6.32-24-powerpc-dbgsym - 2.6.32-24.43
linux-image-2.6.32-24-powerpc-smp - 2.6.32-24.43
linux-image-2.6.32-24-powerpc-smp-dbgsym - 2.6.32-24.43
linux-image-2.6.32-24-powerpc64-smp - 2.6.32-24.43
linux-image-2.6.32-24-powerpc64-smp-dbgsym - 2.6.32-24.43
linux-image-2.6.32-24-preempt - 2.6.32-24.43
linux-image-2.6.32-24-preempt-dbgsym - 2.6.32-24.43
linux-image-2.6.32-24-server - 2.6.32-24.43
linux-image-2.6.32-24-server-dbgsym - 2.6.32-24.43
linux-image-2.6.32-24-sparc64 - 2.6.32-24.43
linux-image-2.6.32-24-sparc64-dbgsym - 2.6.32-24.43
linux-image-2.6.32-24-sparc64-smp - 2.6.32-24.43
linux-image-2.6.32-24-sparc64-smp-dbgsym - 2.6.32-24.43
linux-image-2.6.32-24-versatile - 2.6.32-24.43
linux-image-2.6.32-24-versatile-dbgsym - 2.6.32-24.43
linux-image-2.6.32-24-virtual - 2.6.32-24.43
Ubuntu 9.10
linux-image-2.6.31-22-386 - 2.6.31-22.65
linux-image-2.6.31-22-generic - 2.6.31-22.65
linux-image-2.6.31-22-generic-pae - 2.6.31-22.65
linux-image-2.6.31-22-ia64 - 2.6.31-22.65
linux-image-2.6.31-22-lpia - 2.6.31-22.65
linux-image-2.6.31-22-powerpc - 2.6.31-22.65
linux-image-2.6.31-22-powerpc-smp - 2.6.31-22.65
linux-image-2.6.31-22-powerpc64-smp - 2.6.31-22.65
linux-image-2.6.31-22-server - 2.6.31-22.65
linux-image-2.6.31-22-sparc64 - 2.6.31-22.65
linux-image-2.6.31-22-sparc64-smp - 2.6.31-22.65
linux-image-2.6.31-22-virtual - 2.6.31-22.65
Ubuntu 9.04
linux-image-2.6.28-19-generic - 2.6.28-19.65
linux-image-2.6.28-19-imx51 - 2.6.28-19.65
linux-image-2.6.28-19-iop32x - 2.6.28-19.65
linux-image-2.6.28-19-ixp4xx - 2.6.28-19.65
linux-image-2.6.28-19-lpia - 2.6.28-19.65
linux-image-2.6.28-19-server - 2.6.28-19.65
linux-image-2.6.28-19-versatile - 2.6.28-19.65
linux-image-2.6.28-19-virtual - 2.6.28-19.65
Ubuntu 8.04 LTS
linux-image-2.6.24-28-386 - 2.6.24-28.79
linux-image-2.6.24-28-generic - 2.6.24-28.79
linux-image-2.6.24-28-hppa32 - 2.6.24-28.79
linux-image-2.6.24-28-hppa64 - 2.6.24-28.79
linux-image-2.6.24-28-itanium - 2.6.24-28.79
linux-image-2.6.24-28-lpia - 2.6.24-28.79
linux-image-2.6.24-28-lpiacompat - 2.6.24-28.79
linux-image-2.6.24-28-mckinley - 2.6.24-28.79
linux-image-2.6.24-28-openvz - 2.6.24-28.79
linux-image-2.6.24-28-powerpc - 2.6.24-28.79
linux-image-2.6.24-28-powerpc-smp - 2.6.24-28.79
linux-image-2.6.24-28-powerpc64-smp - 2.6.24-28.79
linux-image-2.6.24-28-rt - 2.6.24-28.79
linux-image-2.6.24-28-server - 2.6.24-28.79
linux-image-2.6.24-28-sparc64 - 2.6.24-28.79
linux-image-2.6.24-28-sparc64-smp - 2.6.24-28.79
linux-image-2.6.24-28-virtual - 2.6.24-28.79
linux-image-2.6.24-28-xen - 2.6.24-28.79
Ubuntu 6.06 LTS
linux-image-2.6.15-55-386 - 2.6.15-55.88
linux-image-2.6.15-55-686 - 2.6.15-55.88
linux-image-2.6.15-55-amd64-generic - 2.6.15-55.88
linux-image-2.6.15-55-amd64-k8 - 2.6.15-55.88
linux-image-2.6.15-55-amd64-server - 2.6.15-55.88
linux-image-2.6.15-55-amd64-xeon - 2.6.15-55.88
linux-image-2.6.15-55-hppa32 - 2.6.15-55.88
linux-image-2.6.15-55-hppa32-smp - 2.6.15-55.88
linux-image-2.6.15-55-hppa64 - 2.6.15-55.88
linux-image-2.6.15-55-hppa64-smp - 2.6.15-55.88
linux-image-2.6.15-55-itanium - 2.6.15-55.88
linux-image-2.6.15-55-itanium-smp - 2.6.15-55.88
linux-image-2.6.15-55-k7 - 2.6.15-55.88
linux-image-2.6.15-55-mckinley - 2.6.15-55.88
linux-image-2.6.15-55-mckinley-smp - 2.6.15-55.88
linux-image-2.6.15-55-powerpc - 2.6.15-55.88
linux-image-2.6.15-55-powerpc-smp - 2.6.15-55.88
linux-image-2.6.15-55-powerpc64-smp - 2.6.15-55.88
linux-image-2.6.15-55-server - 2.6.15-55.88
linux-image-2.6.15-55-server-bigiron - 2.6.15-55.88
linux-image-2.6.15-55-sparc64 - 2.6.15-55.88
linux-image-2.6.15-55-sparc64-smp - 2.6.15-55.88

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References