Your submission was sent successfully! Close

USN-395-1: Linux kernel vulnerabilities

14 December 2006

Linux kernel vulnerabilities



Mark Dowd discovered that the netfilter iptables module did not
correcly handle fragmented packets. By sending specially crafted
packets, a remote attacker could exploit this to bypass firewall
rules. This has only be fixed for Ubuntu 6.10; the corresponding fix
for Ubuntu 5.10 and 6.06 will follow soon. (CVE-2006-4572)

Dmitriy Monakhov discovered an information leak in the
__block_prepare_write() function. During error recovery, this function
did not properly clear memory buffers which could allow local users to
read portions of unlinked files. This only affects Ubuntu 5.10.

ADLab Venustech Info Ltd discovered that the ATM network driver
referenced an already released pointer in some circumstances. By
sending specially crafted packets to a host over ATM, a remote
attacker could exploit this to crash that host. This does not affect
Ubuntu 6.10. (CVE-2006-4997)

Matthias Andree discovered that the NFS locking management daemon
(lockd) did not correctly handle mixing of 'lock' and 'nolock' option
mounts on the same client. A remote attacker could exploit this to
crash lockd and thus rendering the NFS imports inaccessible. This only
affects Ubuntu 5.10. (CVE-2006-5158)

The task switching code did not save and restore EFLAGS of processes.
By starting a specially crafted executable, a local attacker could
exploit this to eventually crash many other running processes. This
does not affect Ubuntu 6.10. (CVE-2006-5173)

James Morris discovered that the ip6fl_get_n() function incorrectly
handled flow labels. A local attacker could exploit this to crash the
kernel. (CVE-2006-5619)

Fabio Massimo Di Nitto discovered that the sys_get_robust_list and
sys_set_robust_list system calls lacked proper lock handling on the
powerpc platform. A local attacker could exploit this to create
unkillable processes, drain all available CPU/memory, and render the
machine unrebootable. This only affects Ubuntu 6.10. (CVE-2006-5648)

Fabio Massimo Di Nitto discovered a flaw in the alignment check
exception handling on the powerpc platform. A local attacker could
exploit this to cause a kernel panic and crash the machine.

Certain corrupted squashfs file system images caused a memory
allocation to be freed twice. By mounting a specially crafted squashfs
file system, a local attacker could exploit this to crash the kernel.
This does not affect Ubuntu 5.10. (CVE-2006-5701)

An integer overflow was found in the get_fdb_entries() function of the
network bridging code. By executing a specially crafted ioctl, a local
attacker could exploit this to execute arbitrary code with root
privileges. (CVE-2006-5751)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.10
  • linux-image-2.6.17-10-powerpc-smp -
  • linux-image-2.6.17-10-386 -
  • linux-image-2.6.17-10-sparc64-smp -
  • linux-image-2.6.17-10-sparc64 -
  • linux-image-2.6.17-10-generic -
  • linux-image-2.6.17-10-powerpc -
  • linux-image-2.6.17-10-server-bigiron -
  • linux-image-2.6.17-10-powerpc64-smp -
  • linux-image-2.6.17-10-server -
Ubuntu 6.06
  • linux-image-2.6.15-27-powerpc-smp - 2.6.15-27.50
  • linux-image-2.6.15-27-amd64-xeon - 2.6.15-27.50
  • linux-source-2.6.15 - 2.6.15-27.50
  • linux-image-2.6.15-27-k7 - 2.6.15-27.50
  • linux-image-2.6.15-27-sparc64 - 2.6.15-27.50
  • linux-image-2.6.15-27-686 - 2.6.15-27.50
  • linux-image-2.6.15-27-amd64-k8 - 2.6.15-27.50
  • linux-image-2.6.15-27-powerpc - 2.6.15-27.50
  • linux-image-2.6.15-27-server-bigiron - 2.6.15-27.50
  • linux-image-2.6.15-27-amd64-generic - 2.6.15-27.50
  • linux-image-2.6.15-27-386 - 2.6.15-27.50
  • linux-image-2.6.15-27-powerpc64-smp - 2.6.15-27.50
  • linux-image-2.6.15-27-sparc64-smp - 2.6.15-27.50
  • linux-image-2.6.15-27-server - 2.6.15-27.50
  • linux-image-2.6.15-27-amd64-server - 2.6.15-27.50
Ubuntu 5.10
  • linux-image-2.6.12-10-amd64-k8-smp - 2.6.12-10.42
  • linux-image-2.6.12-10-686 - 2.6.12-10.42
  • linux-image-2.6.12-10-amd64-generic - 2.6.12-10.42
  • linux-image-2.6.12-10-686-smp - 2.6.12-10.42
  • linux-patch-ubuntu-2.6.12 - 2.6.12-10.42
  • linux-image-2.6.12-10-k7-smp - 2.6.12-10.42
  • linux-image-2.6.12-10-amd64-k8 - 2.6.12-10.42
  • linux-image-2.6.12-10-sparc64-smp - 2.6.12-10.42
  • linux-image-2.6.12-10-amd64-xeon - 2.6.12-10.42
  • linux-image-2.6.12-10-k7 - 2.6.12-10.42
  • linux-image-2.6.12-10-sparc64 - 2.6.12-10.42
  • linux-image-2.6.12-10-powerpc - 2.6.12-10.42
  • linux-image-2.6.12-10-386 - 2.6.12-10.42
  • linux-image-2.6.12-10-powerpc64-smp - 2.6.12-10.42
  • linux-image-2.6.12-10-powerpc-smp - 2.6.12-10.42

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Related notices

  • USN-416-1: linux-image-2.6.12-10-amd64-k8, linux-image-2.6.17-11-generic, linux-image-2.6.12-10-k7-smp, linux-image-2.6.17-11-powerpc64-smp, linux-image-2.6.17-11-server, linux-image-2.6.12-10-amd64-generic, linux-image-2.6.12-10-686-smp, linux-image-2.6.17-11-sparc64, linux-image-2.6.15-28-386, linux-image-2.6.15-28-amd64-generic, linux-image-2.6.17-11-powerpc, linux-image-2.6.15-28-powerpc64-smp, linux-image-2.6.17-11-386, linux-image-2.6.12-10-amd64-xeon, linux-patch-ubuntu-2.6.12, linux-image-2.6.15-28-amd64-k8, linux-image-2.6.12-10-powerpc, linux-image-2.6.15-28-686, linux-image-2.6.15-28-sparc64, linux-image-2.6.17-11-server-bigiron, linux-image-2.6.12-10-686, linux-image-2.6.12-10-amd64-k8-smp, linux-image-2.6.17-11-sparc64-smp, linux-image-2.6.12-10-powerpc64-smp, linux-image-2.6.15-28-powerpc, linux-image-2.6.17-11-powerpc-smp, linux-image-2.6.15-28-powerpc-smp, linux-image-2.6.15-28-amd64-server, linux-image-2.6.15-28-server-bigiron, linux-image-2.6.15-28-server, linux-image-2.6.15-28-k7, linux-image-2.6.15-28-sparc64-smp, linux-image-2.6.12-10-386, linux-image-2.6.12-10-k7, linux-image-2.6.15-28-amd64-xeon, linux-image-2.6.12-10-powerpc-smp