USN-988-1: Linux kernel vulnerabilities
17 September 2010
Local root privilege escalations.
Releases
Packages
- linux - Support for ACPI (udeb)
- linux-source-2.6.15 - ACPI support modules (udeb)
Details
Ben Hawkes discovered that the Linux kernel did not correctly validate
memory ranges on 64bit kernels when allocating memory on behalf of 32bit
system calls. On a 64bit system, a local attacker could perform malicious
multicast getsockopt calls to gain root privileges. (CVE-2010-3081)
Ben Hawkes discovered that the Linux kernel did not correctly filter
registers on 64bit kernels when performing 32bit system calls. On a
64bit system, a local attacker could manipulate 32bit system calls to
gain root privileges. (Ubuntu 6.06 LTS and 8.04 LTS were not affected.)
(CVE-2010-3301)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 9.10
-
linux-image-2.6.31-22-server
-
2.6.31-22.65
-
linux-image-2.6.31-22-ia64
-
2.6.31-22.65
-
linux-image-2.6.31-22-generic-pae
-
2.6.31-22.65
-
linux-image-2.6.31-22-386
-
2.6.31-22.65
-
linux-image-2.6.31-22-powerpc
-
2.6.31-22.65
-
linux-image-2.6.31-22-sparc64
-
2.6.31-22.65
-
linux-image-2.6.31-22-sparc64-smp
-
2.6.31-22.65
-
linux-image-2.6.31-22-powerpc-smp
-
2.6.31-22.65
-
linux-image-2.6.31-22-virtual
-
2.6.31-22.65
-
linux-image-2.6.31-22-powerpc64-smp
-
2.6.31-22.65
-
linux-image-2.6.31-22-generic
-
2.6.31-22.65
-
linux-image-2.6.31-22-lpia
-
2.6.31-22.65
Ubuntu 9.04
-
linux-image-2.6.28-19-lpia
-
2.6.28-19.65
-
linux-image-2.6.28-19-versatile
-
2.6.28-19.65
-
linux-image-2.6.28-19-imx51
-
2.6.28-19.65
-
linux-image-2.6.28-19-generic
-
2.6.28-19.65
-
linux-image-2.6.28-19-server
-
2.6.28-19.65
-
linux-image-2.6.28-19-ixp4xx
-
2.6.28-19.65
-
linux-image-2.6.28-19-virtual
-
2.6.28-19.65
-
linux-image-2.6.28-19-iop32x
-
2.6.28-19.65
Ubuntu 8.04
-
linux-image-2.6.24-28-powerpc64-smp
-
2.6.24-28.79
-
linux-image-2.6.24-28-hppa32
-
2.6.24-28.79
-
linux-image-2.6.24-28-generic
-
2.6.24-28.79
-
linux-image-2.6.24-28-powerpc
-
2.6.24-28.79
-
linux-image-2.6.24-28-sparc64-smp
-
2.6.24-28.79
-
linux-image-2.6.24-28-itanium
-
2.6.24-28.79
-
linux-image-2.6.24-28-openvz
-
2.6.24-28.79
-
linux-image-2.6.24-28-virtual
-
2.6.24-28.79
-
linux-image-2.6.24-28-rt
-
2.6.24-28.79
-
linux-image-2.6.24-28-lpia
-
2.6.24-28.79
-
linux-image-2.6.24-28-hppa64
-
2.6.24-28.79
-
linux-image-2.6.24-28-mckinley
-
2.6.24-28.79
-
linux-image-2.6.24-28-server
-
2.6.24-28.79
-
linux-image-2.6.24-28-powerpc-smp
-
2.6.24-28.79
-
linux-image-2.6.24-28-386
-
2.6.24-28.79
-
linux-image-2.6.24-28-lpiacompat
-
2.6.24-28.79
-
linux-image-2.6.24-28-sparc64
-
2.6.24-28.79
-
linux-image-2.6.24-28-xen
-
2.6.24-28.79
Ubuntu 6.06
-
linux-image-2.6.15-55-hppa64
-
2.6.15-55.88
-
linux-image-2.6.15-55-mckinley
-
2.6.15-55.88
-
linux-image-2.6.15-55-powerpc-smp
-
2.6.15-55.88
-
linux-image-2.6.15-55-hppa32-smp
-
2.6.15-55.88
-
linux-image-2.6.15-55-686
-
2.6.15-55.88
-
linux-image-2.6.15-55-amd64-k8
-
2.6.15-55.88
-
linux-image-2.6.15-55-amd64-server
-
2.6.15-55.88
-
linux-image-2.6.15-55-386
-
2.6.15-55.88
-
linux-image-2.6.15-55-sparc64-smp
-
2.6.15-55.88
-
linux-image-2.6.15-55-k7
-
2.6.15-55.88
-
linux-image-2.6.15-55-sparc64
-
2.6.15-55.88
-
linux-image-2.6.15-55-server
-
2.6.15-55.88
-
linux-image-2.6.15-55-powerpc64-smp
-
2.6.15-55.88
-
linux-image-2.6.15-55-hppa32
-
2.6.15-55.88
-
linux-image-2.6.15-55-mckinley-smp
-
2.6.15-55.88
-
linux-image-2.6.15-55-server-bigiron
-
2.6.15-55.88
-
linux-image-2.6.15-55-itanium-smp
-
2.6.15-55.88
-
linux-image-2.6.15-55-amd64-xeon
-
2.6.15-55.88
-
linux-image-2.6.15-55-powerpc
-
2.6.15-55.88
-
linux-image-2.6.15-55-amd64-generic
-
2.6.15-55.88
-
linux-image-2.6.15-55-hppa64-smp
-
2.6.15-55.88
-
linux-image-2.6.15-55-itanium
-
2.6.15-55.88
Ubuntu 10.04
-
linux-image-2.6.32-24-powerpc-dbgsym
-
2.6.32-24.43
-
linux-image-2.6.32-24-386
-
2.6.32-24.43
-
linux-image-2.6.32-24-powerpc
-
2.6.32-24.43
-
linux-image-2.6.32-24-powerpc64-smp
-
2.6.32-24.43
-
linux-image-2.6.32-24-preempt-dbgsym
-
2.6.32-24.43
-
linux-image-2.6.32-24-sparc64-smp-dbgsym
-
2.6.32-24.43
-
linux-image-2.6.32-24-powerpc64-smp-dbgsym
-
2.6.32-24.43
-
linux-image-2.6.32-24-lpia
-
2.6.32-24.43
-
linux-image-2.6.32-24-generic-dbgsym
-
2.6.32-24.43
-
linux-image-2.6.32-24-sparc64-dbgsym
-
2.6.32-24.43
-
linux-image-2.6.32-24-ia64-dbgsym
-
2.6.32-24.43
-
linux-image-2.6.32-24-generic-pae
-
2.6.32-24.43
-
linux-image-2.6.32-24-lpia-dbgsym
-
2.6.32-24.43
-
linux-image-2.6.32-24-generic
-
2.6.32-24.43
-
linux-image-2.6.32-24-server
-
2.6.32-24.43
-
linux-image-2.6.32-24-preempt
-
2.6.32-24.43
-
linux-image-2.6.32-24-powerpc-smp-dbgsym
-
2.6.32-24.43
-
linux-image-2.6.32-24-386-dbgsym
-
2.6.32-24.43
-
linux-image-2.6.32-24-versatile
-
2.6.32-24.43
-
linux-image-2.6.32-24-virtual
-
2.6.32-24.43
-
linux-image-2.6.32-24-powerpc-smp
-
2.6.32-24.43
-
linux-image-2.6.32-24-generic-pae-dbgsym
-
2.6.32-24.43
-
linux-image-2.6.32-24-server-dbgsym
-
2.6.32-24.43
-
linux-image-2.6.32-24-ia64
-
2.6.32-24.43
-
linux-image-2.6.32-24-sparc64-smp
-
2.6.32-24.43
-
linux-image-2.6.32-24-sparc64
-
2.6.32-24.43
-
linux-image-2.6.32-24-versatile-dbgsym
-
2.6.32-24.43
After a standard system update you need to reboot your computer to make
all the necessary changes.