USN-751-1: Linux kernel vulnerabilities

6 April 2009

Linux kernel vulnerabilities

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

Details

NFS did not correctly handle races between fcntl and interrupts. A local
attacker on an NFS mount could consume unlimited kernel memory, leading to
a denial of service. Ubuntu 8.10 was not affected. (CVE-2008-4307)

Sparc syscalls did not correctly check mmap regions. A local attacker
could cause a system panic, leading to a denial of service. Ubuntu 8.10
was not affected. (CVE-2008-6107)

In certain situations, cloned processes were able to send signals to parent
processes, crossing privilege boundaries. A local attacker could send
arbitrary signals to parent processes, leading to a denial of service.
(CVE-2009-0028)

The kernel keyring did not free memory correctly. A local attacker could
consume unlimited kernel memory, leading to a denial of service.
(CVE-2009-0031)

The SCTP stack did not correctly validate FORWARD-TSN packets. A remote
attacker could send specially crafted SCTP traffic causing a system crash,
leading to a denial of service. (CVE-2009-0065)

The eCryptfs filesystem did not correctly handle certain VFS return codes.
A local attacker with write-access to an eCryptfs filesystem could cause a
system crash, leading to a denial of service. (CVE-2009-0269)

The Dell platform device did not correctly validate user parameters. A
local attacker could perform specially crafted reads to crash the system,
leading to a denial of service. (CVE-2009-0322)

The page fault handler could consume stack memory. A local attacker could
exploit this to crash the system or gain root privileges with a Kprobe
registered. Only Ubuntu 8.10 was affected. (CVE-2009-0605)

Network interfaces statistics for the SysKonnect FDDI driver did not check
capabilities. A local user could reset statistics, potentially interfering
with packet accounting systems. (CVE-2009-0675)

The getsockopt function did not correctly clear certain parameters. A local
attacker could read leaked kernel memory, leading to a loss of privacy.
(CVE-2009-0676)

The ext4 filesystem did not correctly clear group descriptors when
resizing. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2009-0745)

The ext4 filesystem did not correctly validate certain fields. A local
attacker could mount a malicious ext4 filesystem, causing a system
crash, leading to a denial of service. (CVE-2009-0746, CVE-2009-0747,
CVE-2009-0748)

The syscall interface did not correctly validate parameters when crossing
the 64-bit/32-bit boundary. A local attacker could bypass certain syscall
restricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835)

The shared memory subsystem did not correctly handle certain shmctl calls
when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since
CONFIG_SHMEM is enabled by default. (CVE-2009-0859)

The virtual consoles did not correctly handle certain UTF-8 sequences. A
local attacker on the physical console could exploit this to cause a system
crash, leading to a denial of service. (CVE-2009-1046)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.10
Ubuntu 8.04
Ubuntu 7.10

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Related notices