[USN-95-1] Linux kernel vulnerabilities

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 03/15/05

  • Next message: Thierry Carrez: "UPDATE: [ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities"
    Date: Tue, 15 Mar 2005 15:12:28 +0100
    To: ubuntu-security-announce@lists.ubuntu.com
    
    
    

    ===========================================================
    Ubuntu Security Notice USN-95-1 March 15, 2005
    linux-source-2.6.8.1 vulnerabilities
    CAN-2005-0209, CAN-2005-0210, CAN-2005-0384, CAN-2005-0529,
    CAN-2005-0530, CAN-2005-0531, CAN-2005-0532, CAN-2005-0736
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 4.10 (Warty Warthog)

    The following packages are affected:

    linux-image-2.6.8.1-5-386
    linux-image-2.6.8.1-5-686
    linux-image-2.6.8.1-5-686-smp
    linux-image-2.6.8.1-5-amd64-generic
    linux-image-2.6.8.1-5-amd64-k8
    linux-image-2.6.8.1-5-amd64-k8-smp
    linux-image-2.6.8.1-5-amd64-xeon
    linux-image-2.6.8.1-5-k7
    linux-image-2.6.8.1-5-k7-smp
    linux-image-2.6.8.1-5-power3
    linux-image-2.6.8.1-5-power3-smp
    linux-image-2.6.8.1-5-power4
    linux-image-2.6.8.1-5-power4-smp
    linux-image-2.6.8.1-5-powerpc
    linux-image-2.6.8.1-5-powerpc-smp
    linux-patch-debian-2.6.8.1

    The problem can be corrected by upgrading the affected package to
    version 2.6.8.1-16.12. You need to reboot the computer after doing a
    standard system upgrade to effect the necessary changes.

    Details follow:

    A remote Denial of Service vulnerability was discovered in the
    Netfilter IP packet handler. This allowed a remote attacker to crash
    the machine by sending specially crafted IP packet fragments.
    (CAN-2005-0209)

    The Netfilter code also contained a memory leak. Certain locally
    generated packet fragments are reassembled twice, which caused a
    double allocation of a data structure. This could be locally exploited
    to crash the machine due to kernel memory exhaustion. (CAN-2005-0210)

    Ben Martel and Stephen Blackheath found a remote Denial of Service
    vulnerability in the PPP driver. This allowed a malicious pppd client
    to crash the server machine. (CAN-2005-0384)

    Georgi Guninski discovered a buffer overflow in the ATM driver. The
    atm_get_addr() function does not validate its arguments sufficiently,
    which could allow a local attacker to overwrite large portions of
    kernel memory by supplying a negative length argument. This could
    eventually lead to arbitrary code execution. (CAN-2005-0531)

    Georgi Guninski also discovered three other integer comparison
    problems in the TTY layer, in the /proc interface and the ReiserFS
    driver. However, the previous Ubuntu security update (kernel version
    2.6.8.1-16.11) already contained a patch which checks the arguments to
    these functions at a higher level and thus prevents these flaws from
    being exploited. (CAN-2005-0529, CAN-2005-0530, CAN-2005-0532)

    Georgi Guninski discovered an integer overflow in the sys_epoll_wait()
    function which allowed local users to overwrite the first few kB of
    physical memory. However, very few applications actually use this
    space (dosemu is a notable exception), but potentially this could lead
    to privilege escalation. (CAN-2005-0736)

    Eric Anholt discovered a race condition in the Radeon DRI driver. In
    some cases this allowed a local user with DRI privileges on a Radeon
    card to execute arbitrary code with root privileges.

    Finally this update fixes a regression in the NFS server driver
    which was introduced in the previous security update (kernel version
    2.6.8.1-16.11). We apologize for the inconvenience.
    (https://bugzilla.ubuntulinux.org/show_bug.cgi?id=6749)

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.12.diff.gz
          Size/MD5: 3138173 562c678c1db3839022a46fe6707b17a2
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.12.dsc
          Size/MD5: 2121 ca9878e5a4300fb3d3ae973528826752
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
          Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84

      Architecture independent packages:

        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.12_all.deb
          Size/MD5: 6156398 8c909af9ca59a3ca9332e9b104550345
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.12_all.deb
          Size/MD5: 1494402 7a0837f2bf959a81c654c739adbd46e9
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.12_all.deb
          Size/MD5: 36720352 05befe6c04d9327f92b49f8141220449
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.12_all.deb
          Size/MD5: 308034 147891a0041bcf9d210915a71914d6c0

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-generic_2.6.8.1-16.12_amd64.deb
          Size/MD5: 247896 7dd57b2064006690e2cdcad73ee68d45
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.12_amd64.deb
          Size/MD5: 243798 af368e29fd8253726f4d98fc61ae8e63
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-k8_2.6.8.1-16.12_amd64.deb
          Size/MD5: 246918 2f15a30e62829856a793e1750d1627ec
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-amd64-xeon_2.6.8.1-16.12_amd64.deb
          Size/MD5: 242064 095a0823406b09537441e3e57bc2ab6c
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.12_amd64.deb
          Size/MD5: 3178994 b3837998e2015412d6a23a1767ab1f11
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-generic_2.6.8.1-16.12_amd64.deb
          Size/MD5: 14352688 c5be7b5e81a224bbe32c96f8abb4612e
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-k8-smp_2.6.8.1-16.12_amd64.deb
          Size/MD5: 14828788 eb195f0cf157bfe5da0dc5b77b156c27
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-k8_2.6.8.1-16.12_amd64.deb
          Size/MD5: 14861436 b43ddb164a0a2cc8808d1262b8d5750d
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-amd64-xeon_2.6.8.1-16.12_amd64.deb
          Size/MD5: 14684670 3420b9272177aece4bde1a566e894cf2

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-386_2.6.8.1-16.12_i386.deb
          Size/MD5: 276950 3d9f318befd4cabacf059a85c06324c0
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-686-smp_2.6.8.1-16.12_i386.deb
          Size/MD5: 271656 09e1b2b404a079852f81b4d7b6eae7bb
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-686_2.6.8.1-16.12_i386.deb
          Size/MD5: 274682 9f5ae2ee5d09e85f799eaf4ea3770615
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-k7-smp_2.6.8.1-16.12_i386.deb
          Size/MD5: 272144 67499c9bafe38440ee8f3f2b09b667e8
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-k7_2.6.8.1-16.12_i386.deb
          Size/MD5: 274840 754e3a4030ee75d3362466832849acbd
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.12_i386.deb
          Size/MD5: 3219706 508896938223113ea1699aa4151b8766
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-386_2.6.8.1-16.12_i386.deb
          Size/MD5: 15495248 38b990d93eaba078db891bd7404c01e7
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-686-smp_2.6.8.1-16.12_i386.deb
          Size/MD5: 16344242 89cb33e659438f4e34b68ba3c32106cd
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-686_2.6.8.1-16.12_i386.deb
          Size/MD5: 16512992 4147111c66724fa8691e4b16c356ce86
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-k7-smp_2.6.8.1-16.12_i386.deb
          Size/MD5: 16447442 663241c045b232b8b46ff9c5d5b2f973
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-k7_2.6.8.1-16.12_i386.deb
          Size/MD5: 16572538 8b8891f4526497e43eab0c173f179615

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power3-smp_2.6.8.1-16.12_powerpc.deb
          Size/MD5: 212792 cb39e28e0814976f2831528e20bf8deb
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power3_2.6.8.1-16.12_powerpc.deb
          Size/MD5: 213482 5b469307ceb0839a5ca73e170bd4b5a9
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power4-smp_2.6.8.1-16.12_powerpc.deb
          Size/MD5: 212514 eec8a75e60edee4eb0784cc44b4c5991
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-power4_2.6.8.1-16.12_powerpc.deb
          Size/MD5: 213232 7dc2c5a6884dc3bb9e12cb15c2d86475
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-powerpc-smp_2.6.8.1-16.12_powerpc.deb
          Size/MD5: 213112 71c2be933fe1cae5cf04a834af834b97
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5-powerpc_2.6.8.1-16.12_powerpc.deb
          Size/MD5: 214548 72904d0d50787c36b097c11f480329ba
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-5_2.6.8.1-16.12_powerpc.deb
          Size/MD5: 3297040 15f7b67ca420635504ba90d020cd5990
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power3-smp_2.6.8.1-16.12_powerpc.deb
          Size/MD5: 16366562 437904d293401104d04e879394be098e
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power3_2.6.8.1-16.12_powerpc.deb
          Size/MD5: 15942190 1b71783b31ec56e29d09dfa8de844caa
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power4-smp_2.6.8.1-16.12_powerpc.deb
          Size/MD5: 16353764 8aefa48d5f7461db9ede5fd05da3c57a
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-power4_2.6.8.1-16.12_powerpc.deb
          Size/MD5: 15924916 14f880d34cd8f1e232ec52a559f046af
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-powerpc-smp_2.6.8.1-16.12_powerpc.deb
          Size/MD5: 16289024 1878256aaff9b8bbb003554590d359b3
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-5-powerpc_2.6.8.1-16.12_powerpc.deb
          Size/MD5: 15975818 8ba319a47d693a063cfae316aaf965e8

    
    



  • Next message: Thierry Carrez: "UPDATE: [ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities"

    Relevant Pages

    • [Full-disclosure] [USN-95-1] Linux kernel vulnerabilities
      ... Ubuntu 4.10 ... The following packages are affected: ... Georgi Guninski discovered a buffer overflow in the ATM driver. ... the previous Ubuntu security update (kernel version ...
      (Full-Disclosure)
    • [Full-Disclosure] [USN-70-1] Perl DBI module vulnerability
      ... Ubuntu 4.10 ... The following packages are affected: ... The problem can be corrected by upgrading the affected package to ... Javier Fernández-Sanguino Peña from the Debian Security Audit Project ...
      (Full-Disclosure)
    • [USN-70-1] Perl DBI module vulnerability
      ... Ubuntu 4.10 ... The following packages are affected: ... The problem can be corrected by upgrading the affected package to ... Javier Fernández-Sanguino Peña from the Debian Security Audit Project ...
      (Full-Disclosure)
    • [USN-70-1] Perl DBI module vulnerability
      ... Ubuntu 4.10 ... The following packages are affected: ... The problem can be corrected by upgrading the affected package to ... Javier Fernández-Sanguino Peña from the Debian Security Audit Project ...
      (Bugtraq)
    • Re: live cd has restricted drivers but the full install does not have
      ... I want to know any Ubuntu distribution take 9.04 I have used the Live ... CD of all of these has the properietary Broadcom STA driver. ... necessarily need to connect a lan wire and then install the wireless ... You can use the CD in the sources, the packages in the CD will be used to ...
      (Ubuntu)