USN-819-1: Linux kernel vulnerability

Releases

• Ubuntu 9.04
• Ubuntu 8.10
• Ubuntu 8.04
• Ubuntu 6.06

Packages

• linux -
• linux-source-2.6.15 -

Details

Tavis Ormandy and Julien Tinnes discovered that Linux did not correctly
initialize certain socket operation function pointers. A local attacker
could exploit this to gain root privileges. By default, Ubuntu 8.04
and later with a non-zero /proc/sys/vm/mmap_min_addr setting were not
vulnerable.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.04

• linux-image-2.6.28-15-versatile - 2.6.28-15.49
• linux-image-2.6.28-15-generic - 2.6.28-15.49
• linux-image-2.6.28-15-lpia - 2.6.28-15.49
• linux-image-2.6.28-15-server - 2.6.28-15.49
• linux-image-2.6.28-15-ixp4xx - 2.6.28-15.49
• linux-image-2.6.28-15-virtual - 2.6.28-15.49
• linux-image-2.6.28-15-iop32x - 2.6.28-15.49
• linux-image-2.6.28-15-imx51 - 2.6.28-15.49

Ubuntu 8.10

• linux-image-2.6.27-14-generic - 2.6.27-14.39
• linux-image-2.6.27-14-server - 2.6.27-14.39
• linux-image-2.6.27-14-virtual - 2.6.27-14.39

Ubuntu 8.04

• linux-image-2.6.24-24-sparc64 - 2.6.24-24.59
• linux-image-2.6.24-24-server - 2.6.24-24.59
• linux-image-2.6.24-24-itanium - 2.6.24-24.59
• linux-image-2.6.24-24-lpiacompat - 2.6.24-24.59
• linux-image-2.6.24-24-hppa64 - 2.6.24-24.59
• linux-image-2.6.24-24-virtual - 2.6.24-24.59
• linux-image-2.6.24-24-powerpc64-smp - 2.6.24-24.59
• linux-image-2.6.24-24-386 - 2.6.24-24.59
• linux-image-2.6.24-24-generic - 2.6.24-24.59
• linux-image-2.6.24-24-xen - 2.6.24-24.59
• linux-image-2.6.24-24-powerpc-smp - 2.6.24-24.59
• linux-image-2.6.24-24-rt - 2.6.24-24.59
• linux-image-2.6.24-24-hppa32 - 2.6.24-24.59
• linux-image-2.6.24-24-lpia - 2.6.24-24.59
• linux-image-2.6.24-24-mckinley - 2.6.24-24.59
• linux-image-2.6.24-24-sparc64-smp - 2.6.24-24.59
• linux-image-2.6.24-24-powerpc - 2.6.24-24.59
• linux-image-2.6.24-24-openvz - 2.6.24-24.59

Ubuntu 6.06

• linux-image-2.6.15-54-hppa64 - 2.6.15-54.79
• linux-image-2.6.15-54-hppa32-smp - 2.6.15-54.79
• linux-image-2.6.15-54-server-bigiron - 2.6.15-54.79
• linux-image-2.6.15-54-amd64-generic - 2.6.15-54.79
• linux-image-2.6.15-54-itanium - 2.6.15-54.79
• linux-image-2.6.15-54-k7 - 2.6.15-54.79
• linux-image-2.6.15-54-powerpc-smp - 2.6.15-54.79
• linux-image-2.6.15-54-server - 2.6.15-54.79
• linux-image-2.6.15-54-amd64-server - 2.6.15-54.79
• linux-image-2.6.15-54-sparc64-smp - 2.6.15-54.79
• linux-image-2.6.15-54-sparc64 - 2.6.15-54.79
• linux-image-2.6.15-54-mckinley-smp - 2.6.15-54.79
• linux-image-2.6.15-54-amd64-k8 - 2.6.15-54.79
• linux-image-2.6.15-54-386 - 2.6.15-54.79
• linux-image-2.6.15-54-mckinley - 2.6.15-54.79
• linux-image-2.6.15-54-hppa32 - 2.6.15-54.79
• linux-image-2.6.15-54-amd64-xeon - 2.6.15-54.79
• linux-image-2.6.15-54-powerpc - 2.6.15-54.79
• linux-image-2.6.15-54-powerpc64-smp - 2.6.15-54.79
• linux-image-2.6.15-54-itanium-smp - 2.6.15-54.79
• linux-image-2.6.15-54-686 - 2.6.15-54.79
• linux-image-2.6.15-54-hppa64-smp - 2.6.15-54.79

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

References

• CVE-2009-2692