Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

USN-231-1: Linux kernel vulnerabilities

23 December 2005

Linux kernel vulnerabilities

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Details

Rudolf Polzer reported an abuse of the 'loadkeys' command. By
redefining one or more keys and tricking another user (like root) into
logging in on a text console and typing something that involves the
redefined keys, a local user could cause execution of arbitrary
commands with the privileges of the target user. The updated kernel
restricts the usage of 'loadkeys' to root. (CVE-2005-3257)

The ptrace() system call did not correctly check whether a process
tried to attach to itself. A local attacker could exploit this to
cause a kernel crash. (CVE-2005-3783)

A Denial of Service vulnerability was found in the handler that
automatically cleans up and terminates child processes that are not
correctly handled by their parent process ("auto-reaper"). The check
did not correctly handle processes which were currently traced by
another process. A local attacker could exploit this to cause a kernel
crash. (CVE-2005-3784)

A locking problem was discovered in the POSIX timer cleanup handling
on process exit. A local attacker could exploit this to cause the
machine to hang (Denial of Service). This flaw only affects
multiprocessor (SMP) systems. (CVE-2005-3805)

A Denial of Service vulnerability was discovered in the IPv6 flowlabel
handling code. By invoking setsockopt(IPV6_FLOWLABEL_MGR) in a special
way, a local attacker could cause memory corruption which eventually
led to a kernel crash. (CVE-2005-3806)

A memory leak was discovered in the VFS lease handling. These
operations are commonly executed by the Samba server, which led to
steady memory exhaustion. By repeatedly triggering the affected
operations in quick succession, a local attacker could exploit this to
drain all memory, which leads to a Denial of Service. (CVE-2005-3807)

An integer overflow was discovered in the
invalidate_inode_pages2_range() function. By issuing 64-bit mmap calls
on a 32 bit system, a local user could exploit this to crash the
machine, thereby causing Denial of Service. This flaw does not affect
the amd64 platform, and does only affect Ubuntu 5.10. (CVE-2005-3808)

Ollie Wild discovered a memory leak in the icmp_push_reply() function.
By sending a large amount of specially crafted packets, a remote
attacker could exploit this to drain all memory, which eventually
leads to a Denial of Service. (CVE-2005-3848)

Chris Wrigth found a Denial of Service vulnerability in the
time_out_leases() function. By allocating a large number of VFS file
lock leases and having them timeout at the same time, a large number
of 'printk' debugging statements was generated at the same time, which
could exhaust kernel memory. (CVE-2005-3857)

Patrick McHardy discovered a memory leak in the ip6_input_finish()
function. A remote attacker could exploit this by sending specially
crafted IPv6 packets, which would eventually drain all available
kernel memory, thus causing a Denial of Service. (CVE-2005-3858)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
  • linux-patch-ubuntu-2.6.10 -
  • linux-image-2.6.12-10-powerpc-smp -
  • linux-patch-ubuntu-2.6.12 -
  • linux-image-2.6.8.1-6-power3-smp -
  • linux-image-2.6.8.1-6-amd64-k8-smp -
  • linux-image-2.6.10-6-686 -
  • linux-image-2.6.10-6-powerpc -
  • linux-image-2.6.10-6-itanium -
  • linux-image-2.6.10-6-power4-smp -
  • linux-image-2.6.12-10-powerpc64-smp -
  • linux-image-2.6.8.1-6-k7 -
  • linux-image-2.6.8.1-6-powerpc -
  • linux-image-2.6.12-10-amd64-generic -
  • linux-image-2.6.12-10-iseries-smp -
  • linux-image-2.6.12-10-k7-smp -
  • linux-image-2.6.8.1-6-amd64-xeon -
  • linux-image-2.6.12-10-amd64-xeon -
  • linux-image-2.6.8.1-6-power4 -
  • linux-image-2.6.8.1-6-amd64-k8 -
  • linux-image-2.6.10-6-386 -
  • linux-image-2.6.8.1-6-power3 -
  • linux-image-2.6.12-10-powerpc -
  • linux-image-2.6.10-6-amd64-xeon -
  • linux-image-2.6.10-6-itanium-smp -
  • linux-image-2.6.10-6-powerpc-smp -
  • linux-image-2.6.10-6-power4 -
  • linux-image-2.6.8.1-6-power4-smp -
  • linux-image-2.6.10-6-power3 -
  • linux-image-2.6.8.1-6-386 -
  • linux-image-2.6.8.1-6-powerpc-smp -
  • linux-image-2.6.10-6-k7 -
  • linux-image-2.6.12-10-amd64-k8-smp -
  • linux-image-2.6.10-6-k7-smp -
  • linux-image-2.6.12-10-686 -
  • linux-image-2.6.10-6-mckinley -
  • linux-image-2.6.12-10-686-smp -
  • linux-image-2.6.10-6-686-smp -
  • linux-image-2.6.8.1-6-amd64-generic -
  • linux-image-2.6.10-6-power3-smp -
  • linux-image-2.6.10-6-amd64-k8-smp -
  • linux-image-2.6.12-10-k7 -
  • linux-image-2.6.10-6-amd64-generic -
  • linux-image-2.6.8.1-6-686 -
  • linux-image-2.6.10-6-amd64-k8 -
  • linux-image-2.6.8.1-6-686-smp -
  • linux-patch-debian-2.6.8.1 -
  • linux-image-2.6.8.1-6-k7-smp -
  • linux-image-2.6.12-10-386 -
  • linux-image-2.6.10-6-mckinley-smp -
  • linux-image-2.6.12-10-amd64-k8 -
Ubuntu 5.04
  • linux-patch-ubuntu-2.6.10 -
  • linux-image-2.6.12-10-powerpc-smp -
  • linux-patch-ubuntu-2.6.12 -
  • linux-image-2.6.8.1-6-power3-smp -
  • linux-image-2.6.8.1-6-amd64-k8-smp -
  • linux-image-2.6.10-6-686 -
  • linux-image-2.6.10-6-powerpc -
  • linux-image-2.6.10-6-itanium -
  • linux-image-2.6.10-6-power4-smp -
  • linux-image-2.6.12-10-powerpc64-smp -
  • linux-image-2.6.8.1-6-k7 -
  • linux-image-2.6.8.1-6-powerpc -
  • linux-image-2.6.12-10-amd64-generic -
  • linux-image-2.6.12-10-iseries-smp -
  • linux-image-2.6.12-10-k7-smp -
  • linux-image-2.6.8.1-6-amd64-xeon -
  • linux-image-2.6.12-10-amd64-xeon -
  • linux-image-2.6.8.1-6-power4 -
  • linux-image-2.6.8.1-6-amd64-k8 -
  • linux-image-2.6.10-6-386 -
  • linux-image-2.6.8.1-6-power3 -
  • linux-image-2.6.12-10-powerpc -
  • linux-image-2.6.10-6-amd64-xeon -
  • linux-image-2.6.10-6-itanium-smp -
  • linux-image-2.6.10-6-powerpc-smp -
  • linux-image-2.6.10-6-power4 -
  • linux-image-2.6.8.1-6-power4-smp -
  • linux-image-2.6.10-6-power3 -
  • linux-image-2.6.8.1-6-386 -
  • linux-image-2.6.8.1-6-powerpc-smp -
  • linux-image-2.6.10-6-k7 -
  • linux-image-2.6.12-10-amd64-k8-smp -
  • linux-image-2.6.10-6-k7-smp -
  • linux-image-2.6.12-10-686 -
  • linux-image-2.6.10-6-mckinley -
  • linux-image-2.6.12-10-686-smp -
  • linux-image-2.6.10-6-686-smp -
  • linux-image-2.6.8.1-6-amd64-generic -
  • linux-image-2.6.10-6-power3-smp -
  • linux-image-2.6.10-6-amd64-k8-smp -
  • linux-image-2.6.12-10-k7 -
  • linux-image-2.6.10-6-amd64-generic -
  • linux-image-2.6.8.1-6-686 -
  • linux-image-2.6.10-6-amd64-k8 -
  • linux-image-2.6.8.1-6-686-smp -
  • linux-patch-debian-2.6.8.1 -
  • linux-image-2.6.8.1-6-k7-smp -
  • linux-image-2.6.12-10-386 -
  • linux-image-2.6.10-6-mckinley-smp -
  • linux-image-2.6.12-10-amd64-k8 -
Ubuntu 4.10
  • linux-patch-ubuntu-2.6.10 -
  • linux-image-2.6.12-10-powerpc-smp -
  • linux-patch-ubuntu-2.6.12 -
  • linux-image-2.6.8.1-6-power3-smp -
  • linux-image-2.6.8.1-6-amd64-k8-smp -
  • linux-image-2.6.10-6-686 -
  • linux-image-2.6.10-6-powerpc -
  • linux-image-2.6.10-6-itanium -
  • linux-image-2.6.10-6-power4-smp -
  • linux-image-2.6.12-10-powerpc64-smp -
  • linux-image-2.6.8.1-6-k7 -
  • linux-image-2.6.8.1-6-powerpc -
  • linux-image-2.6.12-10-amd64-generic -
  • linux-image-2.6.12-10-iseries-smp -
  • linux-image-2.6.12-10-k7-smp -
  • linux-image-2.6.8.1-6-amd64-xeon -
  • linux-image-2.6.12-10-amd64-xeon -
  • linux-image-2.6.8.1-6-power4 -
  • linux-image-2.6.8.1-6-amd64-k8 -
  • linux-image-2.6.10-6-386 -
  • linux-image-2.6.8.1-6-power3 -
  • linux-image-2.6.12-10-powerpc -
  • linux-image-2.6.10-6-amd64-xeon -
  • linux-image-2.6.10-6-itanium-smp -
  • linux-image-2.6.10-6-powerpc-smp -
  • linux-image-2.6.10-6-power4 -
  • linux-image-2.6.8.1-6-power4-smp -
  • linux-image-2.6.10-6-power3 -
  • linux-image-2.6.8.1-6-386 -
  • linux-image-2.6.8.1-6-powerpc-smp -
  • linux-image-2.6.10-6-k7 -
  • linux-image-2.6.12-10-amd64-k8-smp -
  • linux-image-2.6.10-6-k7-smp -
  • linux-image-2.6.12-10-686 -
  • linux-image-2.6.10-6-mckinley -
  • linux-image-2.6.12-10-686-smp -
  • linux-image-2.6.10-6-686-smp -
  • linux-image-2.6.8.1-6-amd64-generic -
  • linux-image-2.6.10-6-power3-smp -
  • linux-image-2.6.10-6-amd64-k8-smp -
  • linux-image-2.6.12-10-k7 -
  • linux-image-2.6.10-6-amd64-generic -
  • linux-image-2.6.8.1-6-686 -
  • linux-image-2.6.10-6-amd64-k8 -
  • linux-image-2.6.8.1-6-686-smp -
  • linux-patch-debian-2.6.8.1 -
  • linux-image-2.6.8.1-6-k7-smp -
  • linux-image-2.6.12-10-386 -
  • linux-image-2.6.10-6-mckinley-smp -
  • linux-image-2.6.12-10-amd64-k8 -

In general, a standard system update will make all the necessary changes.