USN-574-1: Linux kernel vulnerabilities
4 February 2008
Linux kernel vulnerabilities
Releases
Packages
Details
The minix filesystem did not properly validate certain filesystem
values. If a local attacker could trick the system into attempting
to mount a corrupted minix filesystem, the kernel could be made to
hang for long periods of time, resulting in a denial of service.
This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2006-6058)
The signal handling on PowerPC systems using HTX allowed local users
to cause a denial of service via floating point corruption. This was
only vulnerable in Ubuntu 6.10 and 7.04. (CVE-2007-3107)
The Linux kernel did not properly validate the hop-by-hop IPv6
extended header. Remote attackers could send a crafted IPv6 packet
and cause a denial of service via kernel panic. This was only
vulnerable in Ubuntu 7.04. (CVE-2007-4567)
The JFFS2 filesystem with ACL support enabled did not properly store
permissions during inode creation and ACL setting. Local users could
possibly access restricted files after a remount. This was only
vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4849)
Chris Evans discovered an issue with certain drivers that use the
ieee80211_rx function. Remote attackers could send a crafted 802.11
frame and cause a denial of service via crash. This was only
vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4997)
Alex Smith discovered an issue with the pwc driver for certain webcam
devices. A local user with physical access to the system could remove
the device while a userspace application had it open and cause the USB
subsystem to block. This was only vulnerable in Ubuntu 7.04.
(CVE-2007-5093)
Scott James Remnant discovered a coding error in ptrace. Local users
could exploit this and cause the kernel to enter an infinite loop.
This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-5500)
It was discovered that the Linux kernel could dereference a NULL
pointer when processing certain IPv4 TCP packets. A remote attacker
could send a crafted TCP ACK response and cause a denial of service
via crash. This was only vulnerable in Ubuntu 7.10. (CVE-2007-5501)
Warren Togami discovered that the hrtimer subsystem did not properly
check for large relative timeouts. A local user could exploit this and
cause a denial of service via soft lockup. (CVE-2007-5966)
Venustech AD-LAB discovered a buffer overflow in the isdn net
subsystem. This issue is exploitable by local users via crafted input
to the isdn_ioctl function. (CVE-2007-6063)
It was discovered that the isdn subsystem did not properly check for
NULL termination when performing ioctl handling. A local user could
exploit this to cause a denial of service. (CVE-2007-6151)
Blake Frantz discovered that when a root process overwrote an existing
core file, the resulting core file retained the previous core file's
ownership. Local users could exploit this to gain access to sensitive
information. (CVE-2007-6206)
Hugh Dickins discovered the when using the tmpfs filesystem, under
rare circumstances, a kernel page may be improperly cleared. A local
user may be able to exploit this and read sensitive kernel data or
cause a denial of service via crash. (CVE-2007-6417)
Bill Roman discovered that the VFS subsystem did not properly check
access modes. A local user may be able to gain removal privileges on
directories. (CVE-2008-0001)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 7.10
-
linux-image-2.6.22-14-itanium
-
2.6.22-14.51
-
linux-image-2.6.22-14-xen
-
2.6.22-14.51
-
linux-image-2.6.22-14-lpia
-
2.6.22-14.51
-
linux-image-2.6.22-14-hppa32
-
2.6.22-14.51
-
linux-image-2.6.22-14-powerpc-smp
-
2.6.22-14.51
-
linux-image-2.6.22-14-386
-
2.6.22-14.51
-
linux-image-2.6.22-14-mckinley
-
2.6.22-14.51
-
linux-image-2.6.22-14-sparc64-smp
-
2.6.22-14.51
-
linux-image-2.6.22-14-sparc64
-
2.6.22-14.51
-
linux-image-2.6.22-14-generic
-
2.6.22-14.51
-
linux-image-2.6.22-14-virtual
-
2.6.22-14.51
-
linux-image-2.6.22-14-powerpc
-
2.6.22-14.51
-
linux-image-2.6.22-14-cell
-
2.6.22-14.51
-
linux-image-2.6.22-14-rt
-
2.6.22-14.51
-
linux-image-2.6.22-14-hppa64
-
2.6.22-14.51
-
linux-image-2.6.22-14-lpiacompat
-
2.6.22-14.51
-
linux-image-2.6.22-14-ume
-
2.6.22-14.51
-
linux-image-2.6.22-14-powerpc64-smp
-
2.6.22-14.51
-
linux-image-2.6.22-14-server
-
2.6.22-14.51
Ubuntu 7.04
-
linux-image-2.6.20-16-386
-
2.6.20-16.34
-
linux-image-2.6.20-16-powerpc
-
2.6.20-16.34
-
linux-image-2.6.20-16-server
-
2.6.20-16.34
-
linux-image-2.6.20-16-mckinley
-
2.6.20-16.34
-
linux-image-2.6.20-16-sparc64-smp
-
2.6.20-16.34
-
linux-image-2.6.20-16-hppa32
-
2.6.20-16.34
-
linux-image-2.6.20-16-powerpc64-smp
-
2.6.20-16.34
-
linux-image-2.6.20-16-itanium
-
2.6.20-16.34
-
linux-image-2.6.20-16-powerpc-smp
-
2.6.20-16.34
-
linux-image-2.6.20-16-generic
-
2.6.20-16.34
-
linux-image-2.6.20-16-sparc64
-
2.6.20-16.34
-
linux-image-2.6.20-16-hppa64
-
2.6.20-16.34
-
linux-image-2.6.20-16-lowlatency
-
2.6.20-16.34
-
linux-image-2.6.20-16-server-bigiron
-
2.6.20-16.34
Ubuntu 6.10
-
linux-image-2.6.17-12-mckinley
-
2.6.17.1-12.43
-
linux-image-2.6.17-12-powerpc64-smp
-
2.6.17.1-12.43
-
linux-image-2.6.17-12-hppa32
-
2.6.17.1-12.43
-
linux-image-2.6.17-12-hppa64
-
2.6.17.1-12.43
-
linux-image-2.6.17-12-sparc64-smp
-
2.6.17.1-12.43
-
linux-image-2.6.17-12-generic
-
2.6.17.1-12.43
-
linux-image-2.6.17-12-powerpc-smp
-
2.6.17.1-12.43
-
linux-image-2.6.17-12-386
-
2.6.17.1-12.43
-
linux-image-2.6.17-12-server-bigiron
-
2.6.17.1-12.43
-
linux-image-2.6.17-12-itanium
-
2.6.17.1-12.43
-
linux-image-2.6.17-12-powerpc
-
2.6.17.1-12.43
-
linux-image-2.6.17-12-sparc64
-
2.6.17.1-12.43
-
linux-image-2.6.17-12-server
-
2.6.17.1-12.43
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Related notices
- USN-578-1: linux-source-2.6.15, linux-image-2.6.15-51-amd64-xeon, linux-image-2.6.15-51-hppa64, linux-image-2.6.15-51-amd64-generic, linux-image-2.6.15-51-sparc64, linux-image-2.6.15-51-hppa32, linux-image-2.6.15-51-mckinley, linux-image-2.6.15-51-k7, linux-image-2.6.15-51-powerpc, linux-image-2.6.15-51-sparc64-smp, linux-image-2.6.15-51-powerpc-smp, linux-image-2.6.15-51-server-bigiron, linux-image-2.6.15-51-itanium, linux-image-2.6.15-51-server, linux-image-2.6.15-51-powerpc64-smp, linux-image-2.6.15-51-hppa32-smp, linux-image-2.6.15-51-itanium-smp, linux-image-2.6.15-51-686, linux-image-2.6.15-51-mckinley-smp, linux-image-2.6.15-51-amd64-k8, linux-image-2.6.15-51-amd64-server, linux-image-2.6.15-51-386, linux-image-2.6.15-51-hppa64-smp
- USN-558-1: linux-image-2.6.22-14-386, linux-image-2.6.20-16-itanium, linux-image-2.6.20-16-sparc64, linux-image-2.6.22-14-sparc64, linux-image-2.6.17-12-server-bigiron, linux-image-2.6.22-14-cell, linux-image-2.6.17-12-powerpc, linux-image-2.6.17-12-sparc64, linux-image-2.6.20-16-hppa64, linux-image-2.6.22-14-virtual, linux-image-2.6.22-14-ume, linux-image-2.6.22-14-hppa32, linux-image-2.6.22-14-xen, linux-source-2.6.17, linux-source-2.6.20, linux-image-2.6.20-16-mckinley, linux-image-2.6.22-14-mckinley, linux-image-2.6.17-12-386, linux-image-2.6.22-14-lpia, linux-image-2.6.17-12-generic, linux-image-2.6.22-14-rt, linux-image-2.6.22-14-server, linux-image-2.6.20-16-powerpc64-smp, linux-image-2.6.17-12-mckinley, linux-image-2.6.22-14-itanium, linux-source-2.6.22, linux-image-2.6.22-14-powerpc, linux-image-2.6.20-16-powerpc, linux-image-2.6.22-14-sparc64-smp, linux-image-2.6.17-12-sparc64-smp, linux-image-2.6.17-12-hppa32, linux-image-2.6.17-12-server, linux-image-2.6.20-16-sparc64-smp, linux-image-2.6.22-14-lpiacompat, linux-image-2.6.17-12-itanium, linux-image-2.6.22-14-generic, linux-image-2.6.17-12-hppa64, linux-image-2.6.20-16-server, linux-image-2.6.22-14-powerpc64-smp, linux-image-2.6.17-12-powerpc-smp, linux-image-2.6.20-16-386, linux-image-2.6.22-14-hppa64, linux-image-2.6.22-14-powerpc-smp, linux-image-2.6.20-16-lowlatency, linux-image-2.6.17-12-powerpc64-smp, linux-image-2.6.20-16-powerpc-smp, linux-image-2.6.20-16-server-bigiron, linux-image-2.6.20-16-hppa32, linux-image-2.6.20-16-generic