<<< Date Index >>>     <<< Thread Index >>>

[USN-60-0] Linux kernel vulnerabilities



===========================================================
Ubuntu Security Notice USN-60-0            January 14, 2005
linux-source-2.6.8.1 vulnerabilities
CAN-2005-0001
http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-4-386
linux-image-2.6.8.1-4-686
linux-image-2.6.8.1-4-686-smp
linux-image-2.6.8.1-4-amd64-generic
linux-image-2.6.8.1-4-amd64-k8
linux-image-2.6.8.1-4-amd64-k8-smp
linux-image-2.6.8.1-4-amd64-xeon
linux-image-2.6.8.1-4-k7
linux-image-2.6.8.1-4-k7-smp
linux-image-2.6.8.1-4-power3
linux-image-2.6.8.1-4-power3-smp
linux-image-2.6.8.1-4-power4
linux-image-2.6.8.1-4-power4-smp
linux-image-2.6.8.1-4-powerpc
linux-image-2.6.8.1-4-powerpc-smp
linux-patch-debian-2.6.8.1

The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.10.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

CAN-2005-0001:

  Paul Starzetz discovered a race condition in the Linux page fault
  handler code. This allowed an unprivileged user to gain root
  privileges on multiprocessor machines under some circumstances.
  This also affects the Hyper-Threading mode on Pentium 4 processors.

http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html:

  Brad Spengler discovered that some device drivers used
  copy_from_user() (a function to copy data from userspace tools into
  kernel memory) with insufficient input validation. This potentially
  allowed users and/or malicious hardware to overwrite kernel memory
  which could result in a crash (Denial of Service) or even root
  privilege escalation.

Additionally, this update corrects the SMB file system driver.
USN-30-1 fixed some vulnerabilities in this driver (see CAN-2004-0883,
CAN-2004-0949). However, it was found that these new validation checks
were too strict, which cause some valid operations to fail.


  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.10.diff.gz
      Size/MD5:  3124783 7baba6f520b34239295eec86ceeadb57
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.10.dsc
      Size/MD5:     2121 78646f13bd7c123b1e1e1aee212a19b0
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
      Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.10_all.deb
      Size/MD5:  6157246 2557a8f542a6e9ccc5bbbe537a09f24d
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.10_all.deb
      Size/MD5:  1480818 7095633ace504dd73613917c5e4d821b
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.10_all.deb
      Size/MD5: 36717852 f5e6d31457d3d01b36d9c3d097a245bf
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.10_all.deb
      Size/MD5:   307276 785cc9563aeb987ac56d04c5860c4583

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-generic_2.6.8.1-16.10_amd64.deb
      Size/MD5:   247434 6588a9beca0665c21bce6e0c35ef5eef
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.10_amd64.deb
      Size/MD5:   242972 ef0192b74166eda7c85faae0f961a2cb
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8_2.6.8.1-16.10_amd64.deb
      Size/MD5:   246506 fa75cfaa15ba3ff9c5b11f4945a4c5ec
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-xeon_2.6.8.1-16.10_amd64.deb
      Size/MD5:   241342 decfc1908a591a25b4e9e1be8f0e3649
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.10_amd64.deb
      Size/MD5:  3178078 1251cdcd9878ff7bdce13488ad574d8f
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-generic_2.6.8.1-16.10_amd64.deb
      Size/MD5: 14353334 8d4512da15329f410b45c67cbd42bf0b
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.10_amd64.deb
      Size/MD5: 14828790 e3d54c2f7c767aebc1a063cc27af0811
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8_2.6.8.1-16.10_amd64.deb
      Size/MD5: 14861886 6122cebafa9bff7fb91671970c556cfe
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-xeon_2.6.8.1-16.10_amd64.deb
      Size/MD5: 14684698 3f5b386a6e40f80516f9e59db20c6692

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-386_2.6.8.1-16.10_i386.deb
      Size/MD5:   276196 fe47ff520d0d798cbaa81dcc2b1f6e86
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686-smp_2.6.8.1-16.10_i386.deb
      Size/MD5:   270874 cbe52b86d908e1255272d175f9f651d1
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686_2.6.8.1-16.10_i386.deb
      Size/MD5:   274050 5a2535d1895d13f7adb5f919f07dcb8a
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7-smp_2.6.8.1-16.10_i386.deb
      Size/MD5:   271178 faec7f6dca98fb4ddb29973f5171c64a
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7_2.6.8.1-16.10_i386.deb
      Size/MD5:   274106 f8a767051d9d65afb6743930b393245b
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.10_i386.deb
      Size/MD5:  3218786 f9647906a4382578efd19a510f2e9941
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-386_2.6.8.1-16.10_i386.deb
      Size/MD5: 15495688 e7c081897718ab829beb87aa032e6f01
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686-smp_2.6.8.1-16.10_i386.deb
      Size/MD5: 16344846 d47cd6269296488515904a9f4a644e78
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686_2.6.8.1-16.10_i386.deb
      Size/MD5: 16511876 c2a701f2502e20973578a5a0f863c41c
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7-smp_2.6.8.1-16.10_i386.deb
      Size/MD5: 16446858 182c5641b7f9b3b4b2a4e78fb5a934d0
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7_2.6.8.1-16.10_i386.deb
      Size/MD5: 16573412 e3f3c2326e434cc5137ccd324fd269a5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3-smp_2.6.8.1-16.10_powerpc.deb
      Size/MD5:   212200 e55327823c7403f3a51e232be3914a8d
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3_2.6.8.1-16.10_powerpc.deb
      Size/MD5:   212922 0ad9bd97d8ac7a6f8241da8df3d5fcc6
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4-smp_2.6.8.1-16.10_powerpc.deb
      Size/MD5:   211924 06b25a4fe260d751a0e5be41889a0995
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4_2.6.8.1-16.10_powerpc.deb
      Size/MD5:   212686 fe70bb59a88058a20e8037fe534434a0
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc-smp_2.6.8.1-16.10_powerpc.deb
      Size/MD5:   212592 59067dc10494c585f5d9020875fba9b2
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc_2.6.8.1-16.10_powerpc.deb
      Size/MD5:   214104 363a3e0b5f3921c8b7af2c1afddeab29
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.10_powerpc.deb
      Size/MD5:  3296108 aabb6a794c2a1af565627706373bc574
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3-smp_2.6.8.1-16.10_powerpc.deb
      Size/MD5: 16366144 618e5fc502020f41e04e7bd892d8d275
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3_2.6.8.1-16.10_powerpc.deb
      Size/MD5: 15943176 0a5197aa75406791e30c5106e60e03ba
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4-smp_2.6.8.1-16.10_powerpc.deb
      Size/MD5: 16353386 36091d4d463c74a680b6124dd63a46bc
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4_2.6.8.1-16.10_powerpc.deb
      Size/MD5: 15925318 96e7fa989818b59c8d567f014545901c
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc-smp_2.6.8.1-16.10_powerpc.deb
      Size/MD5: 16288048 b50e240bf758725c9fdebd1c2dce903c
    
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc_2.6.8.1-16.10_powerpc.deb
      Size/MD5: 15975940 c7b20be7720832a8714101336f20db3c

Attachment: signature.asc
Description: Digital signature