USN-30-1 fixed several flaws in the Linux ELF binary loader’s handling of setuid binaries. Unfortunately it was found that these patches were not sufficient to prevent all possible attacks on 64-bit platforms, so previous amd64 kernel images were still vulnerable to root privilege escalation if setuid binaries were run under certain conditions.
This issue does not affect the i386 and powerpc platforms.
17 December 2004
A security issue affects these releases of Ubuntu and its derivatives:
USN-30-1 fixed several flaws in the Linux ELF binary loader’s handling of setuid binaries. Unfortunately it was found that these patches were not sufficient to prevent all possible attacks on 64-bit platforms, so previous amd64 kernel images were still vulnerable to root privilege escalation if setuid binaries were run under certain conditions.
This issue does not affect the i386 and powerpc platforms.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Vulmon