3

USN-864-1: Linux kernel vulnerabilities

view full story
linux-howto

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-2909, CVE-2009-2910, CVE-2009-3080, CVE-2009-3228, CVE-2009-3547, CVE-2009-3612, CVE-2009-3613, CVE-2009-3620, CVE-2009-3621, CVE-2009-3623, CVE-2009-3624, CVE-2009-3638, CVE-2009-3722, CVE-2009-3725, CVE-2009-3726, CVE-2009-3888, CVE-2009-3889, CVE-2009-3939, CVE-2009-4005, CVE-2009-4026, CVE-2009-4027 Description:  =========================================================== Ubuntu Security Notice USN-864-1 December 05, 2009 linux, linux-source-2.6.15 vulnerabilities CVE-2009-2909, CVE-2009-2910, CVE-2009-3080, CVE-2009-3228, CVE-2009-3547, CVE-2009-3612, CVE-2009-3613, CVE-2009-3620, CVE-2009-3621, CVE-2009-3623, CVE-2009-3624, CVE-2009-3638, CVE-2009-3722, CVE-2009-3725, CVE-2009-3726, CVE-2009-3888, CVE-2009-3889, CVE-2009-3939, CVE-2009-4005, CVE-2009-4026, CVE-2009-4027 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-55-386 2.6.15-55.81 linux-image-2.6.15-55-686 2.6.15-55.81 linux-image-2.6.15-55-amd64-generic 2.6.15-55.81 linux-image-2.6.15-55-amd64-k8 2.6.15-55.81 linux-image-2.6.15-55-amd64-server 2.6.15-55.81 linux-image-2.6.15-55-amd64-xeon 2.6.15-55.81 linux-image-2.6.15-55-hppa32 2.6.15-55.81 linux-image-2.6.15-55-hppa32-smp 2.6.15-55.81 linux-image-2.6.15-55-hppa64 2.6.15-55.81 linux-image-2.6.15-55-hppa64-smp 2.6.15-55.81 linux-image-2.6.15-55-itanium 2.6.15-55.81 linux-image-2.6.15-55-itanium-smp 2.6.15-55.81 linux-image-2.6.15-55-k7 2.6.15-55.81 linux-image-2.6.15-55-mckinley 2.6.15-55.81 linux-image-2.6.15-55-mckinley-smp 2.6.15-55.81 linux-image-2.6.15-55-powerpc 2.6.15-55.81 linux-image-2.6.15-55-powerpc-smp 2.6.15-55.81 linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.81 linux-image-2.6.15-55-server 2.6.15-55.81 linux-image-2.6.15-55-server-bigiron 2.6.15-55.81 linux-image-2.6.15-55-sparc64 2.6.15-55.81 linux-image-2.6.15-55-sparc64-smp 2.6.15-55.81 Ubuntu 8.04 LTS: linux-image-2.6.24-26-386 2.6.24-26.64 linux-image-2.6.24-26-generic 2.6.24-26.64 linux-image-2.6.24-26-hppa32 2.6.24-26.64 linux-image-2.6.24-26-hppa64 2.6.24-26.64 linux-image-2.6.24-26-itanium 2.6.24-26.64 linux-image-2.6.24-26-lpia 2.6.24-26.64 linux-image-2.6.24-26-lpiacompat 2.6.24-26.64 linux-image-2.6.24-26-mckinley 2.6.24-26.64 linux-image-2.6.24-26-openvz 2.6.24-26.64 linux-image-2.6.24-26-powerpc 2.6.24-26.64 linux-image-2.6.24-26-powerpc-smp 2.6.24-26.64 linux-image-2.6.24-26-powerpc64-smp 2.6.24-26.64 linux-image-2.6.24-26-rt 2.6.24-26.64 linux-image-2.6.24-26-server 2.6.24-26.64 linux-image-2.6.24-26-sparc64 2.6.24-26.64 linux-image-2.6.24-26-sparc64-smp 2.6.24-26.64 linux-image-2.6.24-26-virtual 2.6.24-26.64 linux-image-2.6.24-26-xen 2.6.24-26.64 usb-modules-2.6.24-26-sparc64-di 2.6.24-26.64 Ubuntu 8.10: linux-image-2.6.27-16-generic 2.6.27-16.44 linux-image-2.6.27-16-server 2.6.27-16.44 linux-image-2.6.27-16-virtual 2.6.27-16.44 Ubuntu 9.04: linux-image-2.6.28-17-generic 2.6.28-17.58 linux-image-2.6.28-17-imx51 2.6.28-17.58 linux-image-2.6.28-17-iop32x 2.6.28-17.58 linux-image-2.6.28-17-ixp4xx 2.6.28-17.58 linux-image-2.6.28-17-lpia 2.6.28-17.58 linux-image-2.6.28-17-server 2.6.28-17.58 linux-image-2.6.28-17-versatile 2.6.28-17.58 linux-image-2.6.28-17-virtual 2.6.28-17.58 Ubuntu 9.10: linux-image-2.6.31-16-386 2.6.31-16.52 linux-image-2.6.31-16-generic 2.6.31-16.52 linux-image-2.6.31-16-generic-pae 2.6.31-16.52 linux-image-2.6.31-16-ia64 2.6.31-16.52 linux-image-2.6.31-16-lpia 2.6.31-16.52 linux-image-2.6.31-16-powerpc 2.6.31-16.52 linux-image-2.6.31-16-powerpc-smp 2.6.31-16.52 linux-image-2.6.31-16-powerpc64-smp 2.6.31-16.52 linux-image-2.6.31-16-server 2.6.31-16.52 linux-image-2.6.31-16-sparc64 2.6.31-16.52 linux-image-2.6.31-16-sparc64-smp 2.6.31-16.52 linux-image-2.6.31-16-virtual 2.6.31-16.52 After a standard system upgrade you need to reboot your computer to effect the necessary changes. ATTENTION: Due to an unavoidable ABI change (except for Ubuntu 6.06) the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. Details follow: It was discovered that the AX.25 network subsystem did not correctly check integer signedness in certain setsockopt calls. A local attacker could exploit this to crash the system, leading to a denial of service. Ubuntu 9.10 was not affected. (CVE-2009-2909) Jan Beulich discovered that the kernel could leak register contents to 32-bit processes that were switched to 64-bit mode. A local attacker could run a specially crafted binary to read register values from an earlier process, leading to a loss of privacy. (CVE-2009-2910) Dave Jones discovered that the gdth SCSI driver did not correctly validate array indexes in certain ioctl calls. A local attacker could exploit this to crash the system or gain elevated privileges. (CVE-2009-3080) Eric Dumazet and Jiri Pirko discovered that the TC and CLS subsystems would leak kernel memory via uninitialized structure members. A local attacker could exploit this to read several bytes of kernel memory, leading to a loss of privacy. (CVE-2009-3228, CVE-2009-3612) Earl Chew discovered race conditions in pipe handling. A local attacker could exploit anonymous pipes via /proc/*/fd/ and crash the system or gain root privileges. (CVE-2009-3547) Dave Jones and Francois Romieu discovered that the r8169 network driver could be made to leak kernel memory. A remote attacker could send a large number of jumbo frames until the system memory was exhausted, leading to a denial of service. Ubuntu 9.10 was not affected. (CVE-2009-3613). Ben Hutchings discovered that the ATI Rage 128 video driver did not correctly validate initialization states. A local attacker could make specially crafted ioctl calls to crash the system or gain root privileges. (CVE-2009-3620) Tomoki Sekiyama discovered that Unix sockets did not correctly verify namespaces. A local attacker could exploit this to cause a system hang, leading to a denial of service. (CVE-2009-3621) J. Bruce Fields discovered that NFSv4 did not correctly use the credential cache. A local attacker using a mount with AUTH_NULL authentication could exploit this to crash the system or gain root privileges. Only Ubuntu 9.10 was affected. (CVE-2009-3623) Alexander Zangerl discovered that the kernel keyring did not correctly reference count. A local attacker could issue a series of specially crafted keyring calls to crash the system or gain root privileges. Only Ubuntu 9.10 was affected. (CVE-2009-3624) David Wagner discovered that KVM did not correctly bounds-check CPUID entries. A local attacker could exploit this to crash the system or possibly gain elevated privileges. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3638) Avi Kivity discovered that KVM did not correctly check privileges when accessing debug registers. A local attacker could exploit this to crash a host system from within a guest system, leading to a denial of service. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3722) Philip Reisner discovered that the connector layer for uvesafb, pohmelfs, dst, and dm did not correctly check capabilties. A local attacker could exploit this to crash the system or gain elevated privileges. Ubuntu 6.06 was not affected. (CVE-2009-3725) Trond Myklebust discovered that NFSv4 clients did not robustly verify attributes. A malicious remote NFSv4 server could exploit this to crash a client or gain root privileges. Ubuntu 9.10 was not affected. (CVE-2009-3726) Robin Getz discovered that NOMMU systems did not correctly validate NULL pointers in do_mmap_pgoff calls. A local attacker could attempt to allocate large amounts of memory to crash the system, leading to a denial of service. Only Ubuntu 6.06 and 9.10 were affected. (CVE-2009-3888) Joseph Malicki discovered that the MegaRAID SAS driver had world-writable option files. A local attacker could exploit these to disrupt the behavior of the controller, leading to a denial of service. (CVE-2009-3889, CVE-2009-3939) Roel Kluin discovered that the Hisax ISDN driver did not correctly check the size of packets. A remote attacker could send specially crafted packets to cause a system crash, leading to a denial of service. (CVE-2009-4005) Lennert Buytenhek discovered that certain 802.11 states were not handled correctly. A physically-proximate remote attacker could send specially crafted wireless traffic that would crash the system, leading to a denial of service. Only Ubuntu 9.10 was affected. (CVE-2009-4026, CVE-2009-4027) (Distributions)