--===============7225624046487291487== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o" Content-Disposition: inline
--IS0zKkzwUGydFO0o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-1111-1 May 05, 2011
linux-source-2.6.15 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.06 LTS
Summary:
Multiple flaws fixed in the Linux kernel.
Software Description: - linux-source-2.6.15: Linux kernel
Details:
Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If a system was using X.25, a remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4164)
Vegard Nossum discovered that memory garbage collection was not handled correctly for active sockets. A local attacker could exploit this to allocate all available kernel memory, leading to a denial of service. (CVE-2010-4249)
Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. If a local attacker were able to trigger certain kinds of kernel bugs, they could create a specially crafted process to gain root privileges. (CVE-2010-4258)
Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2010-4342)
Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. A local attacker could exploit this crash the system or gain root privileges. (CVE-2010-4527)
Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)
Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. If the dvb-ttpci module was loaded, a local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-0521)
Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2011-0695)
Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. (CVE-2011-1017)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 6.06 LTS: linux-image-2.6.15-57-386 2.6.15-57.97 linux-image-2.6.15-57-686 2.6.15-57.97 linux-image-2.6.15-57-amd64-generic 2.6.15-57.97 linux-image-2.6.15-57-amd64-k8 2.6.15-57.97 linux-image-2.6.15-57-amd64-server 2.6.15-57.97 linux-image-2.6.15-57-amd64-xeon 2.6.15-57.97 linux-image-2.6.15-57-hppa32 2.6.15-57.97 linux-image-2.6.15-57-hppa32-smp 2.6.15-57.97 linux-image-2.6.15-57-hppa64 2.6.15-57.97 linux-image-2.6.15-57-hppa64-smp 2.6.15-57.97 linux-image-2.6.15-57-itanium 2.6.15-57.97 linux-image-2.6.15-57-itanium-smp 2.6.15-57.97 linux-image-2.6.15-57-k7 2.6.15-57.97 linux-image-2.6.15-57-mckinley 2.6.15-57.97 linux-image-2.6.15-57-mckinley-smp 2.6.15-57.97 linux-image-2.6.15-57-powerpc 2.6.15-57.97 linux-image-2.6.15-57-powerpc-smp 2.6.15-57.97 linux-image-2.6.15-57-powerpc64-smp 2.6.15-57.97 linux-image-2.6.15-57-server 2.6.15-57.97 linux-image-2.6.15-57-server-bigiron 2.6.15-57.97 linux-image-2.6.15-57-sparc64 2.6.15-57.97 linux-image-2.6.15-57-sparc64-smp 2.6.15-57.97
After a standard system update you need to reboot your computer to make all the necessary changes.
References: CVE-2010-4164, CVE-2010-4249, CVE-2010-4258, CVE-2010-4342, CVE-2010-4527, CVE-2010-4529, CVE-2011-0521, CVE-2011-0695, CVE-2011-1017
Package Information: https://launchpad.net/ubuntu/+source/linux-source-2.6.15/2.6.15-57.97
--IS0zKkzwUGydFO0o Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Kees Cook <kees@outflux.net>
iQIcBAEBCgAGBQJNwxPhAAoJEIly9N/cbcAmkccQAJK3bKkyzgLeqT4w3HhRRbSp 0C0ljThS0e6Ut6pYmqoOuMkpdYpo39HhE0K1fc351Nr0fWUK4jBakyyqpVhWkW7D UW2zhUwvfYkSxfC3fXceGtgPqMvwzRJTJSI3RcxfbL9jPfHDFEP1VotJqZ5CYxnb NGCRkWesXAAQ6E77N/i0XauuBX2VNKiCByuLekt8avzNulpYFux8K+u/DhUTQ+Jm 1vm2J3S8gLbMx5vIBGy42mIq/V5KMhQMHPbHmojpo607g62qOL8UaNoxAlG2jOeq NW1CrQ9ul+xZ2CVha3C/wOn5MC3iA9vu5UjvnPMatEkr5JQeOeu2SbGcMK3FNhXg J/IdJKlIr0/iepodJf6cdL7e8QaRVHmp6wipSJrzUrz/85eT9waOVQiSaaQguS7P 2SWxftHsfI40JL4FlwUWwP6PHBNNpqbpa5FJvA0nVHKRbHCc54tUXP3QOVTgY99L ssxWiQcqoTEFrLwQIhhTFSySw2KGjiUviimjkdzFXAWa+jg1n/t0P6+DRVoIDZpN +XzB+PRQU92cmxZxhARvkbiKHI/4dCnjC1CqaBJn+obR3Tz9uKRe8KRva2I3ogQX SlKRaK8t4BBJOA6eouIMQ71iHVAZ3Sfn3V4rvcqXFIrMBj6IRmqW8uhFgdbi7DSb IwlWINfhxQDHUnV+NTAA =nSFr -----END PGP SIGNATURE-----
--IS0zKkzwUGydFO0o--
--===============7225624046487291487== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7225624046487291487==--
|