linux vulnerability

11 December 2012

linux vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 8.04 LTS

Summary

The system’s firewall could be bypassed by a remote attacker.

Software Description

• linux - Linux kernel

Details

Zhang Zuotao discovered a bug in the Linux kernel’s handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.04 LTS

linux-image-2.6.24-32-386 - 2.6.24-32.107

linux-image-2.6.24-32-generic - 2.6.24-32.107

linux-image-2.6.24-32-hppa32 - 2.6.24-32.107

linux-image-2.6.24-32-hppa64 - 2.6.24-32.107

linux-image-2.6.24-32-itanium - 2.6.24-32.107

linux-image-2.6.24-32-lpia - 2.6.24-32.107

linux-image-2.6.24-32-lpiacompat - 2.6.24-32.107

linux-image-2.6.24-32-mckinley - 2.6.24-32.107

linux-image-2.6.24-32-openvz - 2.6.24-32.107

linux-image-2.6.24-32-powerpc - 2.6.24-32.107

linux-image-2.6.24-32-powerpc-smp - 2.6.24-32.107

linux-image-2.6.24-32-powerpc64-smp - 2.6.24-32.107

linux-image-2.6.24-32-rt - 2.6.24-32.107

linux-image-2.6.24-32-server - 2.6.24-32.107

linux-image-2.6.24-32-sparc64 - 2.6.24-32.107

linux-image-2.6.24-32-sparc64-smp - 2.6.24-32.107

linux-image-2.6.24-32-virtual - 2.6.24-32.107

linux-image-2.6.24-32-xen - 2.6.24-32.107

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

• CVE-2012-4444