USN-263-1: Linux kernel vulnerabilities

13 March 2006

Linux kernel vulnerabilities

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Details

A flaw was found in the module reference counting for loadable
protocol modules of netfilter. By performing particular socket
operations, a local attacker could exploit this to crash the kernel.
This flaw only affects Ubuntu 5.10. (CVE-2005-3359)

David Howells noticed a race condition in the add_key(), request_key()
and keyctl() functions. By modifying the length of string arguments
after the kernel determined their length, but before the kernel copied
them into kernel memory, a local attacker could either crash the
kernel or read random parts of kernel memory (which could potentially
contain sensitive data). (CVE-2006-0457)

An information disclosure vulnerability was discovered in the
ftruncate() function for the XFS file system. Under certain
conditions, this function could expose random unallocated blocks.
A local user could potentially exploit this to recover sensitive data
from previously deleted files. (CVE-2006-0554)

A local Denial of Service vulnerability was found in the NFS client
module. By opening a file on an NFS share with O_DIRECT and performing
some special operations on it, a local attacker could trigger a kernel
crash. (CVE-2006-0555)

The ELF binary loader did not sufficiently verify some addresses in
the ELF headers. By attempting to execute a specially crafted program,
a local attacker could exploit this to trigger a recursive loop of
kernel errors, which finally ended in a kernel crash. This only
affects the amd64 architecture on Intel processors (EMT64).
(CVE-2006-0741)

The die_if_kernel() function was incorrectly declared as "does never
return" on the ia64 platform. A local attacker could exploit this to
crash the kernel. Please note that ia64 is not an officially supported
platform. (CVE-2006-0742)

Oleg Nesterov discovered a race condition in the signal handling. On
multiprocessor (SMP) machines, a local attacker could exploit this to
create many unkillable processes, which could eventually lead to a
Denial of Service.

A memory leak was discovered in the handling of files which were
opened with the O_DIRECT flag. By repeatedly opening files in a
special way, a local attacker could eventually drain all available
kernel memory and render the machine unusable. This flaw only affects
Ubuntu 4.10.
(http://linux.bkbits.net:8080/linux-2.6/cset%404182a613oVsK0-8eCWpyYFrUf8rhLA)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
  • linux-patch-ubuntu-2.6.10 -
  • linux-image-2.6.12-10-powerpc-smp -
  • linux-patch-ubuntu-2.6.12 -
  • linux-image-2.6.12-10-itanium-smp -
  • linux-image-2.6.8.1-6-power3-smp -
  • linux-image-2.6.8.1-6-amd64-k8-smp -
  • linux-image-2.6.10-6-686 -
  • linux-image-2.6.10-6-powerpc -
  • linux-image-2.6.10-6-itanium -
  • linux-image-2.6.10-6-power4-smp -
  • linux-image-2.6.12-10-powerpc64-smp -
  • linux-image-2.6.8.1-6-k7 -
  • linux-image-2.6.8.1-6-powerpc -
  • linux-image-2.6.12-10-amd64-generic -
  • linux-image-2.6.12-10-iseries-smp -
  • linux-image-2.6.12-10-k7-smp -
  • linux-image-2.6.8.1-6-amd64-xeon -
  • linux-image-2.6.12-10-amd64-xeon -
  • linux-image-2.6.8.1-6-power4 -
  • linux-image-2.6.8.1-6-amd64-k8 -
  • linux-image-2.6.10-6-386 -
  • linux-image-2.6.8.1-6-power3 -
  • linux-image-2.6.12-10-itanium -
  • linux-image-2.6.12-10-powerpc -
  • linux-image-2.6.10-6-amd64-xeon -
  • linux-image-2.6.12-10-mckinley -
  • linux-image-2.6.10-6-itanium-smp -
  • linux-image-2.6.10-6-powerpc-smp -
  • linux-image-2.6.10-6-power4 -
  • linux-image-2.6.8.1-6-power4-smp -
  • linux-image-2.6.10-6-power3 -
  • linux-image-2.6.8.1-6-386 -
  • linux-image-2.6.8.1-6-powerpc-smp -
  • linux-image-2.6.10-6-k7 -
  • linux-image-2.6.12-10-amd64-k8-smp -
  • linux-image-2.6.10-6-k7-smp -
  • linux-image-2.6.12-10-686 -
  • linux-image-2.6.10-6-mckinley -
  • linux-image-2.6.12-10-686-smp -
  • linux-image-2.6.10-6-686-smp -
  • linux-image-2.6.8.1-6-amd64-generic -
  • linux-image-2.6.10-6-power3-smp -
  • linux-image-2.6.10-6-amd64-k8-smp -
  • linux-image-2.6.12-10-k7 -
  • linux-image-2.6.10-6-amd64-generic -
  • linux-image-2.6.8.1-6-686 -
  • linux-image-2.6.10-6-amd64-k8 -
  • linux-image-2.6.12-10-mckinley-smp -
  • linux-image-2.6.8.1-6-686-smp -
  • linux-patch-debian-2.6.8.1 -
  • linux-image-2.6.8.1-6-k7-smp -
  • linux-image-2.6.12-10-386 -
  • linux-image-2.6.10-6-mckinley-smp -
  • linux-image-2.6.12-10-amd64-k8 -
Ubuntu 5.04
  • linux-patch-ubuntu-2.6.10 -
  • linux-image-2.6.12-10-powerpc-smp -
  • linux-patch-ubuntu-2.6.12 -
  • linux-image-2.6.12-10-itanium-smp -
  • linux-image-2.6.8.1-6-power3-smp -
  • linux-image-2.6.8.1-6-amd64-k8-smp -
  • linux-image-2.6.10-6-686 -
  • linux-image-2.6.10-6-powerpc -
  • linux-image-2.6.10-6-itanium -
  • linux-image-2.6.10-6-power4-smp -
  • linux-image-2.6.12-10-powerpc64-smp -
  • linux-image-2.6.8.1-6-k7 -
  • linux-image-2.6.8.1-6-powerpc -
  • linux-image-2.6.12-10-amd64-generic -
  • linux-image-2.6.12-10-iseries-smp -
  • linux-image-2.6.12-10-k7-smp -
  • linux-image-2.6.8.1-6-amd64-xeon -
  • linux-image-2.6.12-10-amd64-xeon -
  • linux-image-2.6.8.1-6-power4 -
  • linux-image-2.6.8.1-6-amd64-k8 -
  • linux-image-2.6.10-6-386 -
  • linux-image-2.6.8.1-6-power3 -
  • linux-image-2.6.12-10-itanium -
  • linux-image-2.6.12-10-powerpc -
  • linux-image-2.6.10-6-amd64-xeon -
  • linux-image-2.6.12-10-mckinley -
  • linux-image-2.6.10-6-itanium-smp -
  • linux-image-2.6.10-6-powerpc-smp -
  • linux-image-2.6.10-6-power4 -
  • linux-image-2.6.8.1-6-power4-smp -
  • linux-image-2.6.10-6-power3 -
  • linux-image-2.6.8.1-6-386 -
  • linux-image-2.6.8.1-6-powerpc-smp -
  • linux-image-2.6.10-6-k7 -
  • linux-image-2.6.12-10-amd64-k8-smp -
  • linux-image-2.6.10-6-k7-smp -
  • linux-image-2.6.12-10-686 -
  • linux-image-2.6.10-6-mckinley -
  • linux-image-2.6.12-10-686-smp -
  • linux-image-2.6.10-6-686-smp -
  • linux-image-2.6.8.1-6-amd64-generic -
  • linux-image-2.6.10-6-power3-smp -
  • linux-image-2.6.10-6-amd64-k8-smp -
  • linux-image-2.6.12-10-k7 -
  • linux-image-2.6.10-6-amd64-generic -
  • linux-image-2.6.8.1-6-686 -
  • linux-image-2.6.10-6-amd64-k8 -
  • linux-image-2.6.12-10-mckinley-smp -
  • linux-image-2.6.8.1-6-686-smp -
  • linux-patch-debian-2.6.8.1 -
  • linux-image-2.6.8.1-6-k7-smp -
  • linux-image-2.6.12-10-386 -
  • linux-image-2.6.10-6-mckinley-smp -
  • linux-image-2.6.12-10-amd64-k8 -
Ubuntu 4.10
  • linux-patch-ubuntu-2.6.10 -
  • linux-image-2.6.12-10-powerpc-smp -
  • linux-patch-ubuntu-2.6.12 -
  • linux-image-2.6.12-10-itanium-smp -
  • linux-image-2.6.8.1-6-power3-smp -
  • linux-image-2.6.8.1-6-amd64-k8-smp -
  • linux-image-2.6.10-6-686 -
  • linux-image-2.6.10-6-powerpc -
  • linux-image-2.6.10-6-itanium -
  • linux-image-2.6.10-6-power4-smp -
  • linux-image-2.6.12-10-powerpc64-smp -
  • linux-image-2.6.8.1-6-k7 -
  • linux-image-2.6.8.1-6-powerpc -
  • linux-image-2.6.12-10-amd64-generic -
  • linux-image-2.6.12-10-iseries-smp -
  • linux-image-2.6.12-10-k7-smp -
  • linux-image-2.6.8.1-6-amd64-xeon -
  • linux-image-2.6.12-10-amd64-xeon -
  • linux-image-2.6.8.1-6-power4 -
  • linux-image-2.6.8.1-6-amd64-k8 -
  • linux-image-2.6.10-6-386 -
  • linux-image-2.6.8.1-6-power3 -
  • linux-image-2.6.12-10-itanium -
  • linux-image-2.6.12-10-powerpc -
  • linux-image-2.6.10-6-amd64-xeon -
  • linux-image-2.6.12-10-mckinley -
  • linux-image-2.6.10-6-itanium-smp -
  • linux-image-2.6.10-6-powerpc-smp -
  • linux-image-2.6.10-6-power4 -
  • linux-image-2.6.8.1-6-power4-smp -
  • linux-image-2.6.10-6-power3 -
  • linux-image-2.6.8.1-6-386 -
  • linux-image-2.6.8.1-6-powerpc-smp -
  • linux-image-2.6.10-6-k7 -
  • linux-image-2.6.12-10-amd64-k8-smp -
  • linux-image-2.6.10-6-k7-smp -
  • linux-image-2.6.12-10-686 -
  • linux-image-2.6.10-6-mckinley -
  • linux-image-2.6.12-10-686-smp -
  • linux-image-2.6.10-6-686-smp -
  • linux-image-2.6.8.1-6-amd64-generic -
  • linux-image-2.6.10-6-power3-smp -
  • linux-image-2.6.10-6-amd64-k8-smp -
  • linux-image-2.6.12-10-k7 -
  • linux-image-2.6.10-6-amd64-generic -
  • linux-image-2.6.8.1-6-686 -
  • linux-image-2.6.10-6-amd64-k8 -
  • linux-image-2.6.12-10-mckinley-smp -
  • linux-image-2.6.8.1-6-686-smp -
  • linux-patch-debian-2.6.8.1 -
  • linux-image-2.6.8.1-6-k7-smp -
  • linux-image-2.6.12-10-386 -
  • linux-image-2.6.10-6-mckinley-smp -
  • linux-image-2.6.12-10-amd64-k8 -

In general, a standard system update will make all the necessary changes.