USN-578-1: Linux kernel vulnerabilities

Releases

• Ubuntu 6.06

Packages

• linux-source-2.6.15 -

Details

The minix filesystem did not properly validate certain filesystem
values. If a local attacker could trick the system into attempting
to mount a corrupted minix filesystem, the kernel could be made to
hang for long periods of time, resulting in a denial of service.
(CVE-2006-6058)

Alexander Schulze discovered that the skge driver does not properly
use the spin_lock and spin_unlock functions. Remote attackers could
exploit this by sending a flood of network traffic and cause a denial
of service (crash). (CVE-2006-7229)

Hugh Dickins discovered that hugetlbfs performed certain prio_tree
calculations using HPAGE_SIZE instead of PAGE_SIZE. A local user
could exploit this and cause a denial of service via kernel panic.
(CVE-2007-4133)

Chris Evans discovered an issue with certain drivers that use the
ieee80211_rx function. Remote attackers could send a crafted 802.11
frame and cause a denial of service via crash. (CVE-2007-4997)

Alex Smith discovered an issue with the pwc driver for certain webcam
devices. A local user with physical access to the system could remove
the device while a userspace application had it open and cause the USB
subsystem to block. (CVE-2007-5093)

Scott James Remnant discovered a coding error in ptrace. Local users
could exploit this and cause the kernel to enter an infinite loop.
(CVE-2007-5500)

Venustech AD-LAB discovered a buffer overflow in the isdn net
subsystem. This issue is exploitable by local users via crafted input
to the isdn_ioctl function. (CVE-2007-6063)

It was discovered that the isdn subsystem did not properly check for
NULL termination when performing ioctl handling. A local user could
exploit this to cause a denial of service. (CVE-2007-6151)

Blake Frantz discovered that when a root process overwrote an existing
core file, the resulting core file retained the previous core file's
ownership. Local users could exploit this to gain access to sensitive
information. (CVE-2007-6206)

Hugh Dickins discovered the when using the tmpfs filesystem, under
rare circumstances, a kernel page may be improperly cleared. A local
user may be able to exploit this and read sensitive kernel data or
cause a denial of service via crash. (CVE-2007-6417)

Bill Roman discovered that the VFS subsystem did not properly check
access modes. A local user may be able to gain removal privileges
on directories. (CVE-2008-0001)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06

• linux-image-2.6.15-51-amd64-k8 - 2.6.15-51.66
• linux-image-2.6.15-51-mckinley-smp - 2.6.15-51.66
• linux-image-2.6.15-51-mckinley - 2.6.15-51.66
• linux-image-2.6.15-51-server-bigiron - 2.6.15-51.66
• linux-image-2.6.15-51-386 - 2.6.15-51.66
• linux-image-2.6.15-51-686 - 2.6.15-51.66
• linux-image-2.6.15-51-sparc64 - 2.6.15-51.66
• linux-image-2.6.15-51-amd64-generic - 2.6.15-51.66
• linux-image-2.6.15-51-hppa64-smp - 2.6.15-51.66
• linux-image-2.6.15-51-itanium - 2.6.15-51.66
• linux-image-2.6.15-51-hppa64 - 2.6.15-51.66
• linux-image-2.6.15-51-sparc64-smp - 2.6.15-51.66
• linux-image-2.6.15-51-k7 - 2.6.15-51.66
• linux-image-2.6.15-51-itanium-smp - 2.6.15-51.66
• linux-image-2.6.15-51-server - 2.6.15-51.66
• linux-image-2.6.15-51-hppa32-smp - 2.6.15-51.66
• linux-image-2.6.15-51-powerpc - 2.6.15-51.66
• linux-image-2.6.15-51-amd64-server - 2.6.15-51.66
• linux-image-2.6.15-51-powerpc64-smp - 2.6.15-51.66
• linux-image-2.6.15-51-amd64-xeon - 2.6.15-51.66
• linux-image-2.6.15-51-powerpc-smp - 2.6.15-51.66
• linux-image-2.6.15-51-hppa32 - 2.6.15-51.66

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-386,
linux-powerpc, linux-amd64-generic), a standard system upgrade will
automatically perform this as well.

References

• CVE-2006-7229
• CVE-2006-6058
• CVE-2007-4133
• CVE-2007-4997
• CVE-2007-5093
• CVE-2007-5500
• CVE-2007-6063
• CVE-2007-6151
• CVE-2007-6206
• CVE-2007-6417
• CVE-2008-0001

Related notices

• USN-574-1: linux-image-2.6.17-12-itanium, linux-image-2.6.22-14-sparc64-smp, linux-image-2.6.20-16-hppa64, linux-image-2.6.20-16-powerpc, linux-image-2.6.20-16-server-bigiron, linux-image-2.6.22-14-powerpc64-smp, linux-image-2.6.22-14-386, linux-image-2.6.17-12-mckinley, linux-image-2.6.17-12-sparc64-smp, linux-image-2.6.22-14-sparc64, linux-image-2.6.22-14-hppa64, linux-image-2.6.17-12-sparc64, linux-image-2.6.20-16-386, linux-image-2.6.22-14-server, linux-source-2.6.20, linux-image-2.6.22-14-ume, linux-image-2.6.22-14-cell, linux-image-2.6.17-12-386, linux-image-2.6.22-14-generic, linux-image-2.6.22-14-hppa32, linux-image-2.6.22-14-powerpc-smp, linux-image-2.6.20-16-powerpc64-smp, linux-image-2.6.20-16-generic, linux-image-2.6.20-16-sparc64-smp, linux-image-2.6.22-14-itanium, linux-image-2.6.20-16-lowlatency, linux-image-2.6.22-14-lpia, linux-image-2.6.22-14-powerpc, linux-image-2.6.17-12-hppa32, linux-image-2.6.17-12-generic, linux-image-2.6.20-16-hppa32, linux-image-2.6.20-16-powerpc-smp, linux-image-2.6.20-16-server, linux-image-2.6.20-16-itanium, linux-image-2.6.17-12-server-bigiron, linux-image-2.6.17-12-powerpc, linux-image-2.6.17-12-powerpc-smp, linux-image-2.6.17-12-server, linux-image-2.6.22-14-lpiacompat, linux-image-2.6.22-14-mckinley, linux-source-2.6.17, linux-image-2.6.17-12-powerpc64-smp, linux-image-2.6.22-14-rt, linux-image-2.6.22-14-virtual, linux-image-2.6.20-16-mckinley, linux-image-2.6.20-16-sparc64, linux-image-2.6.22-14-xen, linux-source-2.6.22, linux-image-2.6.17-12-hppa64
• USN-558-1: linux-image-2.6.17-12-itanium, linux-image-2.6.22-14-sparc64-smp, linux-image-2.6.20-16-hppa64, linux-image-2.6.20-16-powerpc, linux-image-2.6.20-16-server-bigiron, linux-image-2.6.22-14-powerpc64-smp, linux-image-2.6.22-14-386, linux-image-2.6.17-12-mckinley, linux-image-2.6.17-12-sparc64-smp, linux-image-2.6.22-14-sparc64, linux-image-2.6.22-14-hppa64, linux-image-2.6.17-12-sparc64, linux-image-2.6.20-16-386, linux-image-2.6.22-14-server, linux-source-2.6.20, linux-image-2.6.22-14-ume, linux-image-2.6.22-14-cell, linux-image-2.6.17-12-386, linux-image-2.6.22-14-generic, linux-image-2.6.22-14-hppa32, linux-image-2.6.22-14-powerpc-smp, linux-image-2.6.20-16-powerpc64-smp, linux-image-2.6.20-16-generic, linux-image-2.6.20-16-sparc64-smp, linux-image-2.6.22-14-itanium, linux-image-2.6.20-16-lowlatency, linux-image-2.6.22-14-lpia, linux-image-2.6.22-14-powerpc, linux-image-2.6.17-12-hppa32, linux-image-2.6.17-12-generic, linux-image-2.6.20-16-hppa32, linux-image-2.6.20-16-powerpc-smp, linux-image-2.6.20-16-server, linux-image-2.6.20-16-itanium, linux-image-2.6.17-12-server-bigiron, linux-image-2.6.17-12-powerpc, linux-image-2.6.17-12-powerpc-smp, linux-image-2.6.17-12-server, linux-image-2.6.22-14-lpiacompat, linux-image-2.6.22-14-mckinley, linux-source-2.6.17, linux-image-2.6.17-12-powerpc64-smp, linux-image-2.6.22-14-rt, linux-image-2.6.22-14-virtual, linux-image-2.6.20-16-mckinley, linux-image-2.6.20-16-sparc64, linux-image-2.6.22-14-xen, linux-source-2.6.22, linux-image-2.6.17-12-hppa64