USN-199-1: Linux kernel vulnerabilities

11 October 2005

Linux kernel vulnerabilities

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Details

A Denial of Service vulnerability was discovered in the
sys_set_mempolicy() function. By calling the function with a negative
first argument, a local attacker could cause a kernel crash.
(CAN-2005-3053)

A race condition was discovered in the handling of shared memory
mappings with CLONE_VM. A local attacker could exploit this to cause a
deadlock (Denial of Service) by triggering a core dump while waiting
for a thread which had just performed an exec() system call.
(CAN-2005-3106)

A race condition was found in the handling of traced processes. When
one thread was tracing another thread that shared the same memory map,
a local attacker could trigger a deadlock (Denial of Service) by
forcing a core dump when the traced thread was in the TASK_TRACED
state. (CAN-2005-3107)

A vulnerability has been found in the "ioremap" module. By performing
certain IO mapping operations, a local attacker could either read
memory pages he has not normally access to (information leak) or cause
a kernel crash (Denial of Service). This only affects the amd64
platform. (CAN-2005-3108)

The HFS and HFS+ file system drivers did not properly verify that the
file system that was attempted to be mounted really was HFS/HFS+. On
machines which allow users to mount arbitrary removable devices as HFS
or HFS+ with an /etc/fstab entry, this could be exploited to trigger a
kernel crash. (CAN-2005-3109)

Steve Herrel discovered a race condition in the "ebtables" netfilter
module. A remote attacker could exploit this by sending specially
crafted packets that caused a value to be modified after it had
been read but before it had been locked. This eventually lead to a
kernel crash. This only affects multiprocessor machines (SMP).
(CAN-2005-3110)

Robert Derr discovered a memory leak in the system call auditing code.
On a kernel which has the CONFIG_AUDITSYSCALL option enabled, this
leads to memory exhaustion and eventually a Denial of Service. A local
attacker could also speed this up by excessively calling system calls.
This only affects customized kernels built from the kernel source
packages. The standard Ubuntu kernel does not have the
CONFIG_AUDITSYSCALL option enabled, and is therefore not affected by
this.
(http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=829841146878e082613a49581ae252c071057c23)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
  • linux-patch-ubuntu-2.6.10 -
  • linux-image-2.6.8.1-5-powerpc-smp -
  • linux-image-2.6.8.1-5-power4-smp -
  • linux-image-2.6.10-5-386 -
  • linux-image-2.6.10-5-itanium-smp -
  • linux-image-2.6.10-5-power4 -
  • linux-image-2.6.10-5-amd64-k8 -
  • linux-image-2.6.10-5-amd64-xeon -
  • linux-image-2.6.10-5-mckinley-smp -
  • linux-image-2.6.10-5-power4-smp -
  • linux-image-2.6.8.1-5-amd64-generic -
  • linux-image-2.6.10-5-amd64-k8-smp -
  • linux-image-2.6.8.1-5-k7-smp -
  • linux-image-2.6.8.1-5-power3-smp -
  • linux-image-2.6.8.1-5-amd64-xeon -
  • linux-image-2.6.10-5-powerpc-smp -
  • linux-image-2.6.8.1-5-power3 -
  • linux-image-2.6.8.1-5-power4 -
  • linux-image-2.6.8.1-5-powerpc -
  • linux-image-2.6.10-5-mckinley -
  • linux-image-2.6.10-5-itanium -
  • linux-image-2.6.10-5-power3-smp -
  • linux-image-2.6.10-5-k7 -
  • linux-image-2.6.10-5-power3 -
  • linux-image-2.6.8.1-5-amd64-k8-smp -
  • linux-image-2.6.8.1-5-686 -
  • linux-image-2.6.8.1-5-686-smp -
  • linux-patch-debian-2.6.8.1 -
  • linux-image-2.6.10-5-powerpc -
  • linux-image-2.6.8.1-5-k7 -
  • linux-image-2.6.10-5-k7-smp -
  • linux-image-2.6.10-5-amd64-generic -
  • linux-image-2.6.10-5-686-smp -
  • linux-image-2.6.8.1-5-386 -
  • linux-image-2.6.10-5-686 -
  • linux-image-2.6.8.1-5-amd64-k8 -
Ubuntu 4.10
  • linux-patch-ubuntu-2.6.10 -
  • linux-image-2.6.8.1-5-powerpc-smp -
  • linux-image-2.6.8.1-5-power4-smp -
  • linux-image-2.6.10-5-386 -
  • linux-image-2.6.10-5-itanium-smp -
  • linux-image-2.6.10-5-power4 -
  • linux-image-2.6.10-5-amd64-k8 -
  • linux-image-2.6.10-5-amd64-xeon -
  • linux-image-2.6.10-5-mckinley-smp -
  • linux-image-2.6.10-5-power4-smp -
  • linux-image-2.6.8.1-5-amd64-generic -
  • linux-image-2.6.10-5-amd64-k8-smp -
  • linux-image-2.6.8.1-5-k7-smp -
  • linux-image-2.6.8.1-5-power3-smp -
  • linux-image-2.6.8.1-5-amd64-xeon -
  • linux-image-2.6.10-5-powerpc-smp -
  • linux-image-2.6.8.1-5-power3 -
  • linux-image-2.6.8.1-5-power4 -
  • linux-image-2.6.8.1-5-powerpc -
  • linux-image-2.6.10-5-mckinley -
  • linux-image-2.6.10-5-itanium -
  • linux-image-2.6.10-5-power3-smp -
  • linux-image-2.6.10-5-k7 -
  • linux-image-2.6.10-5-power3 -
  • linux-image-2.6.8.1-5-amd64-k8-smp -
  • linux-image-2.6.8.1-5-686 -
  • linux-image-2.6.8.1-5-686-smp -
  • linux-patch-debian-2.6.8.1 -
  • linux-image-2.6.10-5-powerpc -
  • linux-image-2.6.8.1-5-k7 -
  • linux-image-2.6.10-5-k7-smp -
  • linux-image-2.6.10-5-amd64-generic -
  • linux-image-2.6.10-5-686-smp -
  • linux-image-2.6.8.1-5-386 -
  • linux-image-2.6.10-5-686 -
  • linux-image-2.6.8.1-5-amd64-k8 -

In general, a standard system update will make all the necessary changes.