4 August 2010
linux, linux-{source-2.6.15,ec2,mvl-dove,ti-omap} vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 9.04
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary
Multiple security flaws.
Software Description
- linux - Linux kernel
- linux-ec2 - Linux kernel for EC2
- linux-mvl-dove - Linux kernel for MVL Dove
- linux-ti-omap - Linux kernel for TI Omap
- linux-source-2.6.15 - Linux kernel
Details
Junjiro R. Okajima discovered that knfsd did not correctly handle
strict overcommit. A local attacker could exploit this to crash knfsd,
leading to a denial of service. (Only Ubuntu 6.06 LTS and 8.04 LTS were
affected.) (CVE-2008-7256, CVE-2010-1643)
Chris Guo, Jukka Taimisto, and Olli Jarva discovered that SCTP did
not correctly handle invalid parameters. A remote attacker could send
specially crafted traffic that could crash the system, leading to a
denial of service. (CVE-2010-1173)
Mario Mikocevic discovered that GFS2 did not correctly handle certain
quota structures. A local attacker could exploit this to crash the
system, leading to a denial of service. (Ubuntu 6.06 LTS was not
affected.) (CVE-2010-1436)
Toshiyuki Okajima discovered that the kernel keyring did not correctly
handle dead keyrings. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-1437)
Brad Spengler discovered that Sparc did not correctly implement
non-executable stacks. This made userspace applications vulnerable to
exploits that would have been otherwise blocked due to non-executable
memory protections. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1451)
Dan Rosenberg discovered that the btrfs clone function did not correctly
validate permissions. A local attacker could exploit this to read
sensitive information, leading to a loss of privacy. (Only Ubuntu 9.10
was affected.) (CVE-2010-1636)
Dan Rosenberg discovered that GFS2 set_flags function did not correctly
validate permissions. A local attacker could exploit this to gain
access to files, leading to a loss of privacy and potential privilege
escalation. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1641)
Shi Weihua discovered that btrfs xattr_set_acl function did not
correctly validate permissions. A local attacker could exploit
this to gain access to files, leading to a loss of privacy and
potential privilege escalation. (Only Ubuntu 9.10 and 10.04 LTS were
affected.) (CVE-2010-2071)
Andre Osterhues discovered that eCryptfs did not correctly calculate
hash values. A local attacker with certain uids could exploit this to
crash the system or potentially gain root privileges. (Ubuntu 6.06 LTS
was not affected.) (CVE-2010-2492)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 10.04 LTS
- linux-image-2.6.32-207-dove - 2.6.32-207.21
- linux-image-2.6.32-24-386 - 2.6.32-24.39
- linux-image-2.6.32-24-generic - 2.6.32-24.39
- linux-image-2.6.32-24-generic-pae - 2.6.32-24.39
- linux-image-2.6.32-24-ia64 - 2.6.32-24.39
- linux-image-2.6.32-24-lpia - 2.6.32-24.39
- linux-image-2.6.32-24-powerpc - 2.6.32-24.39
- linux-image-2.6.32-24-powerpc-smp - 2.6.32-24.39
- linux-image-2.6.32-24-powerpc64-smp - 2.6.32-24.39
- linux-image-2.6.32-24-preempt - 2.6.32-24.39
- linux-image-2.6.32-24-server - 2.6.32-24.39
- linux-image-2.6.32-24-sparc64 - 2.6.32-24.39
- linux-image-2.6.32-24-sparc64-smp - 2.6.32-24.39
- linux-image-2.6.32-24-versatile - 2.6.32-24.39
- linux-image-2.6.32-24-virtual - 2.6.32-24.39
- linux-image-2.6.32-308-ec2 - 2.6.32-308.14
- linux-image-2.6.33-502-omap - 2.6.33-502.9
- Ubuntu 9.10
- linux-image-2.6.31-214-dove - 2.6.31-214.29
- linux-image-2.6.31-214-dove-z0 - 2.6.31-214.29
- linux-image-2.6.31-22-386 - 2.6.31-22.61
- linux-image-2.6.31-22-generic - 2.6.31-22.61
- linux-image-2.6.31-22-generic-pae - 2.6.31-22.61
- linux-image-2.6.31-22-ia64 - 2.6.31-22.61
- linux-image-2.6.31-22-lpia - 2.6.31-22.61
- linux-image-2.6.31-22-powerpc - 2.6.31-22.61
- linux-image-2.6.31-22-powerpc-smp - 2.6.31-22.61
- linux-image-2.6.31-22-powerpc64-smp - 2.6.31-22.61
- linux-image-2.6.31-22-server - 2.6.31-22.61
- linux-image-2.6.31-22-sparc64 - 2.6.31-22.61
- linux-image-2.6.31-22-sparc64-smp - 2.6.31-22.61
- linux-image-2.6.31-22-virtual - 2.6.31-22.61
- linux-image-2.6.31-307-ec2 - 2.6.31-307.16
- Ubuntu 9.04
- linux-image-2.6.28-19-generic - 2.6.28-19.62
- linux-image-2.6.28-19-imx51 - 2.6.28-19.62
- linux-image-2.6.28-19-iop32x - 2.6.28-19.62
- linux-image-2.6.28-19-ixp4xx - 2.6.28-19.62
- linux-image-2.6.28-19-lpia - 2.6.28-19.62
- linux-image-2.6.28-19-server - 2.6.28-19.62
- linux-image-2.6.28-19-versatile - 2.6.28-19.62
- linux-image-2.6.28-19-virtual - 2.6.28-19.62
- Ubuntu 8.04 LTS
- linux-image-2.6.24-28-386 - 2.6.24-28.73
- linux-image-2.6.24-28-generic - 2.6.24-28.73
- linux-image-2.6.24-28-hppa32 - 2.6.24-28.73
- linux-image-2.6.24-28-hppa64 - 2.6.24-28.73
- linux-image-2.6.24-28-itanium - 2.6.24-28.73
- linux-image-2.6.24-28-lpia - 2.6.24-28.73
- linux-image-2.6.24-28-lpiacompat - 2.6.24-28.73
- linux-image-2.6.24-28-mckinley - 2.6.24-28.73
- linux-image-2.6.24-28-openvz - 2.6.24-28.73
- linux-image-2.6.24-28-powerpc - 2.6.24-28.73
- linux-image-2.6.24-28-powerpc-smp - 2.6.24-28.73
- linux-image-2.6.24-28-powerpc64-smp - 2.6.24-28.73
- linux-image-2.6.24-28-rt - 2.6.24-28.73
- linux-image-2.6.24-28-server - 2.6.24-28.73
- linux-image-2.6.24-28-sparc64 - 2.6.24-28.73
- linux-image-2.6.24-28-sparc64-smp - 2.6.24-28.73
- linux-image-2.6.24-28-virtual - 2.6.24-28.73
- linux-image-2.6.24-28-xen - 2.6.24-28.73
- Ubuntu 6.06 LTS
- linux-image-2.6.15-55-386 - 2.6.15-55.86
- linux-image-2.6.15-55-686 - 2.6.15-55.86
- linux-image-2.6.15-55-amd64-generic - 2.6.15-55.86
- linux-image-2.6.15-55-amd64-k8 - 2.6.15-55.86
- linux-image-2.6.15-55-amd64-server - 2.6.15-55.86
- linux-image-2.6.15-55-amd64-xeon - 2.6.15-55.86
- linux-image-2.6.15-55-hppa32 - 2.6.15-55.86
- linux-image-2.6.15-55-hppa32-smp - 2.6.15-55.86
- linux-image-2.6.15-55-hppa64 - 2.6.15-55.86
- linux-image-2.6.15-55-hppa64-smp - 2.6.15-55.86
- linux-image-2.6.15-55-itanium - 2.6.15-55.86
- linux-image-2.6.15-55-itanium-smp - 2.6.15-55.86
- linux-image-2.6.15-55-k7 - 2.6.15-55.86
- linux-image-2.6.15-55-mckinley - 2.6.15-55.86
- linux-image-2.6.15-55-mckinley-smp - 2.6.15-55.86
- linux-image-2.6.15-55-powerpc - 2.6.15-55.86
- linux-image-2.6.15-55-powerpc-smp - 2.6.15-55.86
- linux-image-2.6.15-55-powerpc64-smp - 2.6.15-55.86
- linux-image-2.6.15-55-server - 2.6.15-55.86
- linux-image-2.6.15-55-server-bigiron - 2.6.15-55.86
- linux-image-2.6.15-55-sparc64 - 2.6.15-55.86
- linux-image-2.6.15-55-sparc64-smp - 2.6.15-55.86
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References