USN-143-1: Linux amd64 kernel vulnerabilities
27 June 2005
Linux amd64 kernel vulnerabilities
Releases
Details
A Denial of Service vulnerability has been discovered in the ptrace()
call on the amd64 platform. By calling ptrace() with specially crafted
("non-canonical") addresses, a local attacker could cause the kernel
to crash. This only affects the amd64 platform. (CAN-2005-1762)
ZouNanHai discovered that a local user could hang the kernel by
invoking syscall() with specially crafted arguments. This only affects
the amd64 platform when running in the 32 bit compatibility mode.
(CAN-2005-1765)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 5.04
-
linux-patch-ubuntu-2.6.10
-
-
linux-image-2.6.10-5-amd64-k8-smp
-
-
linux-patch-debian-2.6.8.1
-
-
linux-image-2.6.8.1-5-power4-smp
-
-
linux-image-2.6.10-5-amd64-xeon
-
-
linux-image-2.6.8.1-5-power4
-
-
linux-image-2.6.10-5-amd64-generic
-
-
linux-image-2.6.10-5-amd64-k8
-
-
linux-image-2.6.8.1-5-powerpc
-
-
linux-image-2.6.8.1-5-powerpc-smp
-
Ubuntu 4.10
-
linux-patch-ubuntu-2.6.10
-
-
linux-image-2.6.10-5-amd64-k8-smp
-
-
linux-patch-debian-2.6.8.1
-
-
linux-image-2.6.8.1-5-power4-smp
-
-
linux-image-2.6.10-5-amd64-xeon
-
-
linux-image-2.6.8.1-5-power4
-
-
linux-image-2.6.10-5-amd64-generic
-
-
linux-image-2.6.10-5-amd64-k8
-
-
linux-image-2.6.8.1-5-powerpc
-
-
linux-image-2.6.8.1-5-powerpc-smp
-
In general, a standard system update will make all the necessary changes.