=========================================================== Ubuntu Security Notice USN-60-0 January 14, 2005 linux-source-2.6.8.1 vulnerabilities CAN-2005-0001 http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: linux-image-2.6.8.1-4-386 linux-image-2.6.8.1-4-686 linux-image-2.6.8.1-4-686-smp linux-image-2.6.8.1-4-amd64-generic linux-image-2.6.8.1-4-amd64-k8 linux-image-2.6.8.1-4-amd64-k8-smp linux-image-2.6.8.1-4-amd64-xeon linux-image-2.6.8.1-4-k7 linux-image-2.6.8.1-4-k7-smp linux-image-2.6.8.1-4-power3 linux-image-2.6.8.1-4-power3-smp linux-image-2.6.8.1-4-power4 linux-image-2.6.8.1-4-power4-smp linux-image-2.6.8.1-4-powerpc linux-image-2.6.8.1-4-powerpc-smp linux-patch-debian-2.6.8.1 The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.10. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: CAN-2005-0001: Paul Starzetz discovered a race condition in the Linux page fault handler code. This allowed an unprivileged user to gain root privileges on multiprocessor machines under some circumstances. This also affects the Hyper-Threading mode on Pentium 4 processors. http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html: Brad Spengler discovered that some device drivers used copy_from_user() (a function to copy data from userspace tools into kernel memory) with insufficient input validation. This potentially allowed users and/or malicious hardware to overwrite kernel memory which could result in a crash (Denial of Service) or even root privilege escalation. Additionally, this update corrects the SMB file system driver. USN-30-1 fixed some vulnerabilities in this driver (see CAN-2004-0883, CAN-2004-0949). However, it was found that these new validation checks were too strict, which cause some valid operations to fail. Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.10.diff.gz Size/MD5: 3124783 7baba6f520b34239295eec86ceeadb57 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.10.dsc Size/MD5: 2121 78646f13bd7c123b1e1e1aee212a19b0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.10_all.deb Size/MD5: 6157246 2557a8f542a6e9ccc5bbbe537a09f24d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.10_all.deb Size/MD5: 1480818 7095633ace504dd73613917c5e4d821b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.10_all.deb Size/MD5: 36717852 f5e6d31457d3d01b36d9c3d097a245bf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.10_all.deb Size/MD5: 307276 785cc9563aeb987ac56d04c5860c4583 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-generic_2.6.8.1-16.10_amd64.deb Size/MD5: 247434 6588a9beca0665c21bce6e0c35ef5eef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.10_amd64.deb Size/MD5: 242972 ef0192b74166eda7c85faae0f961a2cb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8_2.6.8.1-16.10_amd64.deb Size/MD5: 246506 fa75cfaa15ba3ff9c5b11f4945a4c5ec http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-xeon_2.6.8.1-16.10_amd64.deb Size/MD5: 241342 decfc1908a591a25b4e9e1be8f0e3649 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.10_amd64.deb Size/MD5: 3178078 1251cdcd9878ff7bdce13488ad574d8f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-generic_2.6.8.1-16.10_amd64.deb Size/MD5: 14353334 8d4512da15329f410b45c67cbd42bf0b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.10_amd64.deb Size/MD5: 14828790 e3d54c2f7c767aebc1a063cc27af0811 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8_2.6.8.1-16.10_amd64.deb Size/MD5: 14861886 6122cebafa9bff7fb91671970c556cfe http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-xeon_2.6.8.1-16.10_amd64.deb Size/MD5: 14684698 3f5b386a6e40f80516f9e59db20c6692 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-386_2.6.8.1-16.10_i386.deb Size/MD5: 276196 fe47ff520d0d798cbaa81dcc2b1f6e86 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686-smp_2.6.8.1-16.10_i386.deb Size/MD5: 270874 cbe52b86d908e1255272d175f9f651d1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686_2.6.8.1-16.10_i386.deb Size/MD5: 274050 5a2535d1895d13f7adb5f919f07dcb8a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7-smp_2.6.8.1-16.10_i386.deb Size/MD5: 271178 faec7f6dca98fb4ddb29973f5171c64a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7_2.6.8.1-16.10_i386.deb Size/MD5: 274106 f8a767051d9d65afb6743930b393245b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.10_i386.deb Size/MD5: 3218786 f9647906a4382578efd19a510f2e9941 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-386_2.6.8.1-16.10_i386.deb Size/MD5: 15495688 e7c081897718ab829beb87aa032e6f01 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686-smp_2.6.8.1-16.10_i386.deb Size/MD5: 16344846 d47cd6269296488515904a9f4a644e78 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686_2.6.8.1-16.10_i386.deb Size/MD5: 16511876 c2a701f2502e20973578a5a0f863c41c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7-smp_2.6.8.1-16.10_i386.deb Size/MD5: 16446858 182c5641b7f9b3b4b2a4e78fb5a934d0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7_2.6.8.1-16.10_i386.deb Size/MD5: 16573412 e3f3c2326e434cc5137ccd324fd269a5 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3-smp_2.6.8.1-16.10_powerpc.deb Size/MD5: 212200 e55327823c7403f3a51e232be3914a8d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3_2.6.8.1-16.10_powerpc.deb Size/MD5: 212922 0ad9bd97d8ac7a6f8241da8df3d5fcc6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4-smp_2.6.8.1-16.10_powerpc.deb Size/MD5: 211924 06b25a4fe260d751a0e5be41889a0995 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4_2.6.8.1-16.10_powerpc.deb Size/MD5: 212686 fe70bb59a88058a20e8037fe534434a0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc-smp_2.6.8.1-16.10_powerpc.deb Size/MD5: 212592 59067dc10494c585f5d9020875fba9b2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc_2.6.8.1-16.10_powerpc.deb Size/MD5: 214104 363a3e0b5f3921c8b7af2c1afddeab29 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.10_powerpc.deb Size/MD5: 3296108 aabb6a794c2a1af565627706373bc574 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3-smp_2.6.8.1-16.10_powerpc.deb Size/MD5: 16366144 618e5fc502020f41e04e7bd892d8d275 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3_2.6.8.1-16.10_powerpc.deb Size/MD5: 15943176 0a5197aa75406791e30c5106e60e03ba http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4-smp_2.6.8.1-16.10_powerpc.deb Size/MD5: 16353386 36091d4d463c74a680b6124dd63a46bc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4_2.6.8.1-16.10_powerpc.deb Size/MD5: 15925318 96e7fa989818b59c8d567f014545901c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc-smp_2.6.8.1-16.10_powerpc.deb Size/MD5: 16288048 b50e240bf758725c9fdebd1c2dce903c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc_2.6.8.1-16.10_powerpc.deb Size/MD5: 15975940 c7b20be7720832a8714101336f20db3c
Attachment:
signature.asc
Description: Digital signature