USN-793-1: Linux kernel vulnerabilities

Publication date

2 July 2009

Overview

Linux kernel vulnerabilities


Packages

Details

Igor Zhbanov discovered that NFS clients were able to create device nodes
even when root_squash was enabled. An authenticated remote attacker
could create device nodes with open permissions, leading to a loss of
privacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 were
affected. (CVE-2009-1072)

Dan Carpenter discovered that SELinux did not correctly handle
certain network checks when running with compat_net=1. A local
attacker could exploit this to bypass network checks. Default Ubuntu
installations do not enable SELinux, and only Ubuntu 8.10 and 9.04 were
affected. (CVE-2009-1184)

Shaohua Li discovered that memory was not correctly initialized in the
AGP subsystem. A local attacker could potentially read kernel memory,
leading to a loss of privacy. (CVE-2009-1192)

Benjamin Gilbert discovered...

Igor Zhbanov discovered that NFS clients were able to create device nodes
even when root_squash was enabled. An authenticated remote attacker
could create device nodes with open permissions, leading to a loss of
privacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 were
affected. (CVE-2009-1072)

Dan Carpenter discovered that SELinux did not correctly handle
certain network checks when running with compat_net=1. A local
attacker could exploit this to bypass network checks. Default Ubuntu
installations do not enable SELinux, and only Ubuntu 8.10 and 9.04 were
affected. (CVE-2009-1184)

Shaohua Li discovered that memory was not correctly initialized in the
AGP subsystem. A local attacker could potentially read kernel memory,
leading to a loss of privacy. (CVE-2009-1192)

Benjamin Gilbert discovered that the VMX implementation of KVM did
not correctly handle certain registers. An attacker in a guest VM
could exploit this to cause a host system crash, leading to a denial
of service. This only affected 32bit hosts. Ubuntu 6.06 was not
affected. (CVE-2009-1242)

Thomas Pollet discovered that the Amateur Radio X.25 Packet Layer Protocol
did not correctly validate certain fields. A remote attacker could exploit
this to read kernel memory, leading to a loss of privacy. (CVE-2009-1265)

Trond Myklebust discovered that NFS did not correctly handle certain
long filenames. An authenticated remote attacker could exploit this to
cause a system crash, leading to a denial of service. Only Ubuntu 6.06
was affected. (CVE-2009-1336)

Oleg Nesterov discovered that the kernel did not correctly handle
CAP_KILL. A local user could exploit this to send signals to arbitrary
processes, leading to a denial of service. (CVE-2009-1337)

Daniel Hokka Zakrisson discovered that signal handling was not correctly
limited to process namespaces. A local user could bypass namespace
restrictions, possibly leading to a denial of service. Only Ubuntu 8.04
was affected. (CVE-2009-1338)

Pavel Emelyanov discovered that network namespace support for IPv6 was
not correctly handled. A remote attacker could send specially crafted
IPv6 traffic that would cause a system crash, leading to a denial of
service. Only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1360)

Neil Horman discovered that the e1000 network driver did not correctly
validate certain fields. A remote attacker could send a specially
crafted packet that would cause a system crash, leading to a denial of
service. (CVE-2009-1385)

Pavan Naregundi discovered that CIFS did not correctly check lengths
when handling certain mount requests. A remote attacker could send
specially crafted traffic to cause a system crash, leading to a denial
of service. (CVE-2009-1439)

Simon Vallet and Frank Filz discovered that execute permissions were
not correctly handled by NFSv4. A local user could bypass permissions
and run restricted programs, possibly leading to an escalation of
privileges. (CVE-2009-1630)

Jeff Layton and Suresh Jayaraman discovered buffer overflows in the CIFS
client code. A malicious remote server could exploit this to cause a
system crash or execute arbitrary code as root. (CVE-2009-1633)

Mikulas Patocka discovered that /proc/iomem was not correctly
initialized on Sparc. A local attacker could use this file to crash
the system, leading to a denial of service. Ubuntu 6.06 was not
affected. (CVE-2009-1914)

Miklos Szeredi discovered that OCFS2 did not correctly handle certain
splice operations. A local attacker could exploit this to cause
a system hang, leading to a denial of service. Ubuntu 6.06 was not
affected. (CVE-2009-1961)


Update instructions

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Learn more about how to get the fixes.

ATTENTION: Due to an unavoidable ABI change for Ubuntu 8.04, 8.10 and 9.04 the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
9.04 jaunty linux-image-2.6.28-13-iop32x –  2.6.28-13.45
linux-image-2.6.28-13-generic –  2.6.28-13.45
linux-image-2.6.28-13-ixp4xx –  2.6.28-13.45
linux-image-2.6.28-13-imx51 –  2.6.28-13.45
linux-image-2.6.28-13-lpia –  2.6.28-13.45
linux-image-2.6.28-13-versatile –  2.6.28-13.45
linux-image-2.6.28-13-virtual –  2.6.28-13.45
linux-image-2.6.28-13-server –  2.6.28-13.45
8.10 intrepid linux-image-2.6.27-14-generic –  2.6.27-14.35
linux-image-2.6.27-14-server –  2.6.27-14.35
linux-image-2.6.27-14-virtual –  2.6.27-14.35
8.04 hardy linux-image-2.6.24-24-sparc64 –  2.6.24-24.55
linux-image-2.6.24-24-server –  2.6.24-24.55
linux-image-2.6.24-24-itanium –  2.6.24-24.55
linux-image-2.6.24-24-lpiacompat –  2.6.24-24.55
linux-image-2.6.24-24-hppa64 –  2.6.24-24.55
linux-image-2.6.24-24-virtual –  2.6.24-24.55
linux-image-2.6.24-24-powerpc64-smp –  2.6.24-24.55
linux-image-2.6.24-24-386 –  2.6.24-24.55
linux-image-2.6.24-24-generic –  2.6.24-24.55
linux-image-2.6.24-24-xen –  2.6.24-24.55
linux-image-2.6.24-24-powerpc-smp –  2.6.24-24.55
linux-image-2.6.24-24-rt –  2.6.24-24.55
linux-image-2.6.24-24-hppa32 –  2.6.24-24.55
linux-image-2.6.24-24-lpia –  2.6.24-24.55
linux-image-2.6.24-24-mckinley –  2.6.24-24.55
linux-image-2.6.24-24-sparc64-smp –  2.6.24-24.55
linux-image-2.6.24-24-powerpc –  2.6.24-24.55
linux-image-2.6.24-24-openvz –  2.6.24-24.55
6.06 dapper linux-image-2.6.15-54-hppa64 –  2.6.15-54.77
linux-image-2.6.15-54-hppa32-smp –  2.6.15-54.77
linux-image-2.6.15-54-server-bigiron –  2.6.15-54.77
linux-image-2.6.15-54-amd64-generic –  2.6.15-54.77
linux-image-2.6.15-54-itanium –  2.6.15-54.77
linux-image-2.6.15-54-k7 –  2.6.15-54.77
linux-image-2.6.15-54-powerpc-smp –  2.6.15-54.77
linux-image-2.6.15-54-server –  2.6.15-54.77
linux-image-2.6.15-54-amd64-server –  2.6.15-54.77
linux-image-2.6.15-54-sparc64-smp –  2.6.15-54.77
linux-image-2.6.15-54-sparc64 –  2.6.15-54.77
linux-image-2.6.15-54-mckinley-smp –  2.6.15-54.77
linux-image-2.6.15-54-amd64-k8 –  2.6.15-54.77
linux-image-2.6.15-54-386 –  2.6.15-54.77
linux-image-2.6.15-54-mckinley –  2.6.15-54.77
linux-image-2.6.15-54-hppa32 –  2.6.15-54.77
linux-image-2.6.15-54-amd64-xeon –  2.6.15-54.77
linux-image-2.6.15-54-powerpc –  2.6.15-54.77
linux-image-2.6.15-54-powerpc64-smp –  2.6.15-54.77
linux-image-2.6.15-54-itanium-smp –  2.6.15-54.77
linux-image-2.6.15-54-686 –  2.6.15-54.77
linux-image-2.6.15-54-hppa64-smp –  2.6.15-54.77

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›