USN-914-1: Linux kernel vulnerabilities

Releases

• Ubuntu 9.10
• Ubuntu 9.04
• Ubuntu 8.10
• Ubuntu 8.04
• Ubuntu 6.06

Packages

• linux -
• linux-ec2 -
• linux-fsl-imx51 -
• linux-mvl-dove -
• linux-source-2.6.15 -

Details

Mathias Krause discovered that the Linux kernel did not correctly handle
missing ELF interpreters. A local attacker could exploit this to cause the
system to crash, leading to a denial of service. (CVE-2010-0307)

Marcelo Tosatti discovered that the Linux kernel's hardware virtualization
did not correctly handle reading the /dev/port special device. A local
attacker in a guest operating system could issue a specific read that
would cause the host system to crash, leading to a denial of service.
(CVE-2010-0309)

Sebastian Krahmer discovered that the Linux kernel did not correctly
handle netlink connector messages. A local attacker could exploit this
to consume kernel memory, leading to a denial of service. (CVE-2010-0410)

Ramon de Carvalho Valle discovered that the Linux kernel did not correctly
validate certain memory migration calls. A local attacker could exploit
this to read arbitrary kernel memory or cause a system crash, leading
to a denial of service. (CVE-2010-0415)

Jermome Marchand and Mikael Pettersson discovered that the Linux kernel
did not correctly handle certain futex operations. A local attacker could
exploit this to cause a system crash, leading to a denial of service.
(CVE-2010-0622, CVE-2010-0623)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10

• linux-image-2.6.31-305-ec2 - 2.6.31-305.13
• linux-image-2.6.31-20-lpia - 2.6.31-20.58
• linux-image-2.6.31-20-powerpc64-smp - 2.6.31-20.58
• linux-image-2.6.31-20-386 - 2.6.31-20.58
• linux-image-2.6.31-20-sparc64-smp - 2.6.31-20.58
• linux-image-2.6.31-20-powerpc-smp - 2.6.31-20.58
• linux-image-2.6.31-20-powerpc - 2.6.31-20.58
• linux-image-2.6.31-20-sparc64 - 2.6.31-20.58
• linux-image-2.6.31-20-generic-pae - 2.6.31-20.58
• linux-image-2.6.31-20-virtual - 2.6.31-20.58
• linux-image-2.6.31-20-server - 2.6.31-20.58
• linux-image-2.6.31-109-imx51 - 2.6.31-109.25
• linux-image-2.6.31-212-dove - 2.6.31-212.26
• linux-image-2.6.31-20-ia64 - 2.6.31-20.58
• linux-image-2.6.31-212-dove-z0 - 2.6.31-212.26
• linux-image-2.6.31-20-generic - 2.6.31-20.58

Ubuntu 9.04

• linux-image-2.6.28-18-generic - 2.6.28-18.60
• linux-image-2.6.28-18-server - 2.6.28-18.60
• linux-image-2.6.28-18-iop32x - 2.6.28-18.60
• linux-image-2.6.28-18-ixp4xx - 2.6.28-18.60
• linux-image-2.6.28-18-lpia - 2.6.28-18.60
• linux-image-2.6.28-18-virtual - 2.6.28-18.60
• linux-image-2.6.28-18-imx51 - 2.6.28-18.60
• linux-image-2.6.28-18-versatile - 2.6.28-18.60

Ubuntu 8.10

• linux-image-2.6.27-17-generic - 2.6.27-17.46
• linux-image-2.6.27-17-virtual - 2.6.27-17.46
• linux-image-2.6.27-17-server - 2.6.27-17.46

Ubuntu 8.04

• linux-image-2.6.24-27-itanium - 2.6.24-27.68
• linux-image-2.6.24-27-sparc64 - 2.6.24-27.68
• linux-image-2.6.24-27-lpia - 2.6.24-27.68
• linux-image-2.6.24-27-hppa32 - 2.6.24-27.68
• linux-image-2.6.24-27-powerpc - 2.6.24-27.68
• linux-image-2.6.24-27-lpiacompat - 2.6.24-27.68
• linux-image-2.6.24-27-powerpc-smp - 2.6.24-27.68
• linux-image-2.6.24-27-386 - 2.6.24-27.68
• linux-image-2.6.24-27-mckinley - 2.6.24-27.68
• linux-image-2.6.24-27-sparc64-smp - 2.6.24-27.68
• linux-image-2.6.24-27-xen - 2.6.24-27.68
• linux-image-2.6.24-27-generic - 2.6.24-27.68
• linux-image-2.6.24-27-virtual - 2.6.24-27.68
• linux-image-2.6.24-27-server - 2.6.24-27.68
• linux-image-2.6.24-27-rt - 2.6.24-27.68
• linux-image-2.6.24-27-openvz - 2.6.24-27.68
• linux-image-2.6.24-27-powerpc64-smp - 2.6.24-27.68
• linux-image-2.6.24-27-hppa64 - 2.6.24-27.68

Ubuntu 6.06

• linux-image-2.6.15-55-hppa64 - 2.6.15-55.83
• linux-image-2.6.15-55-mckinley - 2.6.15-55.83
• linux-image-2.6.15-55-powerpc-smp - 2.6.15-55.83
• linux-image-2.6.15-55-hppa32-smp - 2.6.15-55.83
• linux-image-2.6.15-55-686 - 2.6.15-55.83
• linux-image-2.6.15-55-amd64-k8 - 2.6.15-55.83
• linux-image-2.6.15-55-amd64-server - 2.6.15-55.83
• linux-image-2.6.15-55-386 - 2.6.15-55.83
• linux-image-2.6.15-55-sparc64-smp - 2.6.15-55.83
• linux-image-2.6.15-55-k7 - 2.6.15-55.83
• linux-image-2.6.15-55-sparc64 - 2.6.15-55.83
• linux-image-2.6.15-55-server - 2.6.15-55.83
• linux-image-2.6.15-55-powerpc64-smp - 2.6.15-55.83
• linux-image-2.6.15-55-hppa32 - 2.6.15-55.83
• linux-image-2.6.15-55-mckinley-smp - 2.6.15-55.83
• linux-image-2.6.15-55-server-bigiron - 2.6.15-55.83
• linux-image-2.6.15-55-itanium-smp - 2.6.15-55.83
• linux-image-2.6.15-55-amd64-xeon - 2.6.15-55.83
• linux-image-2.6.15-55-powerpc - 2.6.15-55.83
• linux-image-2.6.15-55-amd64-generic - 2.6.15-55.83
• linux-image-2.6.15-55-hppa64-smp - 2.6.15-55.83
• linux-image-2.6.15-55-itanium - 2.6.15-55.83

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

References

• CVE-2010-0307
• CVE-2010-0309
• CVE-2010-0410
• CVE-2010-0415
• CVE-2010-0622
• CVE-2010-0623