USN-470-1: Linux kernel vulnerabilities

Releases

• Ubuntu 7.04

Details

USN-464-1 fixed several vulnerabilities in the Linux kernel. Some
additional code changes were accidentally included in the Feisty update
which caused trouble for some people who were not using UUID-based
filesystem mounts. These changes have been reverted. We apologize for
the inconvenience. For more information see:
https://launchpad.net/bugs/117314
https://wiki.myasnchisdf.eu.org/UsingUUID

Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local
attacker could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)

The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
(CVE-2007-2451)

The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.04

• linux-image-2.6.20-16-386 - 2.6.20-16.29
• linux-image-2.6.20-16-powerpc - 2.6.20-16.29
• linux-image-2.6.20-16-server - 2.6.20-16.29
• linux-image-2.6.20-16-mckinley - 2.6.20-16.29
• linux-image-2.6.20-16-sparc64-smp - 2.6.20-16.29
• linux-image-2.6.20-16-hppa32 - 2.6.20-16.29
• linux-image-2.6.20-16-powerpc64-smp - 2.6.20-16.29
• linux-image-2.6.20-16-itanium - 2.6.20-16.29
• linux-image-2.6.20-16-powerpc-smp - 2.6.20-16.29
• linux-image-2.6.20-16-generic - 2.6.20-16.29
• linux-image-2.6.20-16-sparc64 - 2.6.20-16.29
• linux-image-2.6.20-16-hppa64 - 2.6.20-16.29
• linux-image-2.6.20-16-lowlatency - 2.6.20-16.29
• linux-image-2.6.20-16-server-bigiron - 2.6.20-16.29

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

References

• CVE-2007-2453
• CVE-2007-2451
• CVE-2007-1353

Related notices

• USN-489-1: linux-image-2.6.15-28-mckinley, linux-image-2.6.15-28-sparc64, linux-image-2.6.15-28-386, linux-image-2.6.15-28-mckinley-smp, linux-image-2.6.15-28-amd64-server, linux-image-2.6.15-28-686, linux-image-2.6.15-28-amd64-k8, linux-image-2.6.15-28-server, linux-image-2.6.15-28-server-bigiron, linux-image-2.6.15-28-powerpc-smp, linux-image-2.6.15-28-amd64-generic, linux-image-2.6.15-28-amd64-xeon, linux-image-2.6.15-28-sparc64-smp, linux-image-2.6.15-28-powerpc64-smp, linux-image-2.6.15-28-powerpc, linux-image-2.6.15-28-k7
• USN-486-1: linux-image-2.6.17-12-sparc64-smp, linux-image-2.6.17-12-powerpc-smp, linux-image-2.6.17-12-powerpc, linux-image-2.6.17-12-generic, linux-image-2.6.17-12-mckinley, linux-image-2.6.17-12-386, linux-image-2.6.17-12-server-bigiron, linux-image-2.6.17-12-server, linux-image-2.6.17-12-itanium, linux-image-2.6.17-12-powerpc64-smp, linux-image-2.6.17-12-hppa64, linux-image-2.6.17-12-sparc64, linux-image-2.6.17-12-hppa32