=========================================================== Ubuntu Security Notice USN-30-1 November 18, 2004 linux-source-2.6.8.1 vulnerabilities CAN-2004-0883, CAN-2004-0949, and others =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: linux-image-2.6.8.1-3-386 linux-image-2.6.8.1-3-686 linux-image-2.6.8.1-3-686-smp linux-image-2.6.8.1-3-amd64-generic linux-image-2.6.8.1-3-amd64-k8 linux-image-2.6.8.1-3-amd64-k8-smp linux-image-2.6.8.1-3-amd64-xeon linux-image-2.6.8.1-3-k7 linux-image-2.6.8.1-3-k7-smp linux-image-2.6.8.1-3-power3 linux-image-2.6.8.1-3-power3-smp linux-image-2.6.8.1-3-power4 linux-image-2.6.8.1-3-power4-smp linux-image-2.6.8.1-3-powerpc linux-image-2.6.8.1-3-powerpc-smp The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.1. You need to reboot the computer after doing a standard system upgrade to effect the necessary changes. Details follow: CAN-2004-0883, CAN-2004-0949: During an audit of the smb file system implementation within Linux, several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. To exploit any of these vulnerabilities, an attacker needs control over the answers of the connected Samba server. This could be achieved by man-in-the-middle attacks or by taking over the Samba server with e. g. the recently disclosed vulnerability in Samba 3.x (see CAN-2004-0882). While any of these vulnerabilities can be easily used as remote denial of service exploits against Linux systems, it is unclear if it is possible for a skilled local or remote attacker to use any of the possible buffer overflows for arbitrary code execution in kernel space. So these bugs may theoretically lead to privilege escalation and total compromise of the whole system. http://isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt: Several flaws have been found in the Linux ELF binary loader's handling of setuid binaries. Nowadays ELF is the standard format for Linux executables and libraries. setuid binaries are programs that have the "setuid" file permission bit set; they allow to execute a program under a user id different from the calling user and are mostly used to allow executing a program with root privileges to normal users. The vulnerabilities that were fixed in these updated kernel packages could lead Denial of Service attacks. They also might lead to execution of arbitrary code and privilege escalation on some platforms if an attacker is able to run setuid programs under some special system conditions (like very little remaining memory). Another flaw could allow an attacker to read supposedly unreadable, but executable suid binaries. The attacker can then use this to seek faults within the executable. http://marc.theaimsgroup.com/?l=linux-kernel&m=109776571411003&w=2: Bernard Gagnon discovered a memory leak in the mmap raw packet socket implementation. When a client application (in ELF format) core dumps, a region of memory stays allocated as a ring buffer. This could be exploited by a malicious user who repeatedly crashes certain types of applications until the memory is exhausted, thus causing a Denial of Service. Reverted 486 emulation patch: Ubuntu kernels for the i386 platforms are compiled using the i486 instruction set for performance reasons. Former Ubuntu kernels contained code which emulated the missing instructions on real 386 processors. However, several actual and potential security flaws have been discovered in the code, and it was found to be unsupportable. It might be possible to exploit these vulnerabilities also on i486 and higher processors. Therefore support for real i386 processors has ceased. This updated kernel will only run on i486 and newer processors. Other architectures supported by Ubuntu (amd64, powerpc) are not affected. Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.1.diff.gz Size/MD5: 3083854 6c6205802319f9774bacae96e0215e9b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.1.dsc Size/MD5: 2119 bd3ecefdb8236a927ca0af02b575dc2d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.1_all.deb Size/MD5: 6158782 88fdd5612e0c91ea71e97640a0fb7b9a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.1_all.deb Size/MD5: 1438690 7a1c68e4b85dd8b00faaf559a343d925 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.1_all.deb Size/MD5: 36716930 7b97d784e561b7cde26191882b6764b6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.1_all.deb Size/MD5: 305728 74735830ea74efa3d062eb48d945a629 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-amd64-generic_2.6.8.1-16.1_amd64.deb Size/MD5: 246130 a3b83c36daa55bd5da928aa9f0eeaa73 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-amd64-k8-smp_2.6.8.1-16.1_amd64.deb Size/MD5: 241556 c52eb545c7d02dfb3daed6963d63de23 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-amd64-k8_2.6.8.1-16.1_amd64.deb Size/MD5: 245240 dcaee9f4c01adc03b6412a1572ee0bbd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-amd64-xeon_2.6.8.1-16.1_amd64.deb Size/MD5: 239834 cd9d74ff5e7f7f788c6a61776392c6e7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3_2.6.8.1-16.1_amd64.deb Size/MD5: 3176044 b5ccdb3732f81d90e4514ec88272b655 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-amd64-generic_2.6.8.1-16.1_amd64.deb Size/MD5: 14349546 a2ca8332e99848a722832debbc54656f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-amd64-k8-smp_2.6.8.1-16.1_amd64.deb Size/MD5: 14824052 194df314c04b0dff5533447ee3e60813 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-amd64-k8_2.6.8.1-16.1_amd64.deb Size/MD5: 14858776 77f4c1b4c34097b54b2fcee760ea0060 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-amd64-xeon_2.6.8.1-16.1_amd64.deb Size/MD5: 14677266 55505fd066b07f357d635bb1afc3d782 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-386_2.6.8.1-16.1_i386.deb Size/MD5: 274702 f41d70a42ee38c74d49ef24f5c1d46cc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-686-smp_2.6.8.1-16.1_i386.deb Size/MD5: 269116 fcf51ea7fa6358593a95ce16c0e6b566 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-686_2.6.8.1-16.1_i386.deb Size/MD5: 272350 8e3d25985b2f7578bcd0f792681a6d59 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-k7-smp_2.6.8.1-16.1_i386.deb Size/MD5: 269372 f590ae7dd326f071c7ea478c8ea942bb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-k7_2.6.8.1-16.1_i386.deb Size/MD5: 272512 b0127d780e15371c4ad80c43f3aaaa74 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3_2.6.8.1-16.1_i386.deb Size/MD5: 3216814 4eaa3e0d0a82754264b5f38b5f4b1647 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-386_2.6.8.1-16.1_i386.deb Size/MD5: 15495148 2ac9ddfda9c306b52edd9f96769ee043 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-686-smp_2.6.8.1-16.1_i386.deb Size/MD5: 16341528 f71d56afae0ced2a45eb7625cf022077 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-686_2.6.8.1-16.1_i386.deb Size/MD5: 16504398 5a7638e3f39fb22de05a2fd1a7ccbf4b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-k7-smp_2.6.8.1-16.1_i386.deb Size/MD5: 16444912 3bd7f0ce55842a1b8f4f3edf69bbc697 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-k7_2.6.8.1-16.1_i386.deb Size/MD5: 16573874 2219c9c8ca315eaba1b03bb578c14076 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-power3-smp_2.6.8.1-16.1_powerpc.deb Size/MD5: 210954 ac4d9d11672d6a2e0552d652f1269ff4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-power3_2.6.8.1-16.1_powerpc.deb Size/MD5: 211752 e016ad7c0e83124384a8c9147fa88e80 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-power4-smp_2.6.8.1-16.1_powerpc.deb Size/MD5: 210808 a1d0ad910a32770e4966c4b7e7dc2a74 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-power4_2.6.8.1-16.1_powerpc.deb Size/MD5: 211446 05ce6bd870c4fb39c5d679b0ba8ba2d7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-powerpc-smp_2.6.8.1-16.1_powerpc.deb Size/MD5: 211396 f927cb7855cea529445b8f2708ca2ac0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-powerpc_2.6.8.1-16.1_powerpc.deb Size/MD5: 213070 0a0a0612917b8a47521f80ccfb8b3b24 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3_2.6.8.1-16.1_powerpc.deb Size/MD5: 3294420 034e87b6d1147de130a0a57e18f86461 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-power3-smp_2.6.8.1-16.1_powerpc.deb Size/MD5: 16362792 3fad8b328bf30241e429c0d144818747 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-power3_2.6.8.1-16.1_powerpc.deb Size/MD5: 15938436 150a04e8bbc4a6d17a18153748f090dc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-power4-smp_2.6.8.1-16.1_powerpc.deb Size/MD5: 16344302 07c06af308187dc284ba32aa76962d46 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-power4_2.6.8.1-16.1_powerpc.deb Size/MD5: 15917192 702c4de81e48ff65c5c434379d2eb770 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-powerpc-smp_2.6.8.1-16.1_powerpc.deb Size/MD5: 16284782 242eced9657e4929022631395d122025 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-powerpc_2.6.8.1-16.1_powerpc.deb Size/MD5: 15966616 b412f10fcdcb6e6ade95d7a7203bf7ba
Attachment:
signature.asc
Description: Digital signature