USN-47-1: Linux kernel vulnerabilities
Posted on: 12/23/2004 05:16 AM

An updated kernel package has been released for Ubuntu Linux 4.10

==========================================================
Ubuntu Security Notice USN-47-1 December 23, 2004
linux-source-2.6.8.1 vulnerabilities
http://lists.netsys.com/pipermail/full-disclosure/2004-December/030011.html
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-4-386
linux-image-2.6.8.1-4-686
linux-image-2.6.8.1-4-686-smp
linux-image-2.6.8.1-4-amd64-generic
linux-image-2.6.8.1-4-amd64-k8
linux-image-2.6.8.1-4-amd64-k8-smp
linux-image-2.6.8.1-4-amd64-xeon
linux-image-2.6.8.1-4-k7
linux-image-2.6.8.1-4-k7-smp
linux-image-2.6.8.1-4-power3
linux-image-2.6.8.1-4-power3-smp
linux-image-2.6.8.1-4-power4
linux-image-2.6.8.1-4-power4-smp
linux-image-2.6.8.1-4-powerpc
linux-image-2.6.8.1-4-powerpc-smp

The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.5. You need to reboot the computer after doing a standard system upgrade to effect the necessary changes.

Details follow:

Georgi Guninski discovered two Denial of Service vulnerabilities in the Linux kernel.

An integer overflow in the vc_resize() function caused the memory allocation for the new screen being too short, thus causing a buffer overflow and a kernel crash.

There was also a memory leak in the ip_options_get() function. Calling ip_cmsg_send() very often would gradually exhaust memory.

Note: The original advisory (see URL above) also mentions a "ip_options_get integer overflow". This was already fixed in USN-38-1 (known as CAN-2004-1016).

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.5.diff.gz
Size/MD5: 3123334 d7a3634a7139758ecc0f5a0dbbb29ef2
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.5.dsc
Size/MD5: 1981 68671156b865baab309269c3fd080ca9
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.5_all.deb
Size/MD5: 6161580 f433a82382d1fbba3c96812b38fe58db
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.5_all.deb
Size/MD5: 1472240 0f2665773cf070f4ddc42cc77453bf2c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.5_all.deb
Size/MD5: 36717112 8d5fa2c345279e74ec75040e6a146b08
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.5_all.deb
Size/MD5: 306836 1319cea25c4fddbf9e360895a099721c

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-generic_2.6.8.1-16.5_amd64.deb
Size/MD5: 247126 4e685fd7ad6f4a9d45748421ffeca3f3
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.5_amd64.deb
Size/MD5: 242652 8e7c2a39923255281b033fa78b19ad52
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8_2.6.8.1-16.5_amd64.deb
Size/MD5: 246192 8df8b12706511e0b6f239ec13124f96b
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-xeon_2.6.8.1-16.5_amd64.deb
Size/MD5: 241166 7867551ef24da00c7438ae33fdafc529
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.5_amd64.deb
Size/MD5: 3177688 c40945672004fef7691c4165c4d5241c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-generic_2.6.8.1-16.5_amd64.deb
Size/MD5: 14352924 0d4270aa409bcb2ded722b7b370e7939
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.5_amd64.deb
Size/MD5: 14827756 7b723ef0e66dc38c3f03efcd2252b5e0
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8_2.6.8.1-16.5_amd64.deb
Size/MD5: 14861110 69eb4d9270f729ee268d8d929750771c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-xeon_2.6.8.1-16.5_amd64.deb
Size/MD5: 14680104 c355cf90c5a3ead96e30a5c77ee46500

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-386_2.6.8.1-16.5_i386.deb
Size/MD5: 275848 7f0118b997b752596e2aeca307a852d9
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686-smp_2.6.8.1-16.5_i386.deb
Size/MD5: 270434 005ee0b62cbfdd73638e83e617e3b6a6
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686_2.6.8.1-16.5_i386.deb
Size/MD5: 273676 9b3b9bd2af291b33fc0d935e48d0b7a5
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7-smp_2.6.8.1-16.5_i386.deb
Size/MD5: 270924 4e0233fa9b043c3eaabf0f2f5c7e1e61
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7_2.6.8.1-16.5_i386.deb
Size/MD5: 273658 eddcbdeaa3161aedb69642c3d734905c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.5_i386.deb
Size/MD5: 3218274 cf558c97e570560ea6c34545fffcafc6
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-386_2.6.8.1-16.5_i386.deb
Size/MD5: 15495552 c74bd1e9f1de14af34b942e3f6479016
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686-smp_2.6.8.1-16.5_i386.deb
Size/MD5: 16344414 d9ba499c886b3bfbb1e2be287aa6e122
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686_2.6.8.1-16.5_i386.deb
Size/MD5: 16509784 7b20e5fbc804d737208fea155e468a20
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7-smp_2.6.8.1-16.5_i386.deb
Size/MD5: 16446628 b9312c77ce6e9c63994ed35f85cb0f3b
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7_2.6.8.1-16.5_i386.deb
Size/MD5: 16572214 86783b3d3dc5b07fb736ffa1028235eb

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3-smp_2.6.8.1-16.5_powerpc.deb
Size/MD5: 211822 e65803533cc1d5c51b2a410fd9c5cfe4
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3_2.6.8.1-16.5_powerpc.deb
Size/MD5: 212626 d2243871347cb3b5255010756a460aac
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4-smp_2.6.8.1-16.5_powerpc.deb
Size/MD5: 211652 1ecd860f9b13dcc0cdc30a656577f602
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4_2.6.8.1-16.5_powerpc.deb
Size/MD5: 212354 60d82bdb2dc1feb3649d465d64226c8d
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc-smp_2.6.8.1-16.5_powerpc.deb
Size/MD5: 212282 d5fe841e0ea11b1999f5c1a8d66339f1
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc_2.6.8.1-16.5_powerpc.deb
Size/MD5: 213872 02f0845a7bbe951869619d703ec6c68c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.5_powerpc.deb
Size/MD5: 3295926 98bad75561e8a21eee0231678a6186b3
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3-smp_2.6.8.1-16.5_powerpc.deb
Size/MD5: 16365334 3a62029e7d42a4b59d93cdba13fbbce9
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3_2.6.8.1-16.5_powerpc.deb
Size/MD5: 15942648 5eeb0c701107adc8cc5e5d41e8505133
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4-smp_2.6.8.1-16.5_powerpc.deb
Size/MD5: 16351052 c858fd5db92bc6c2d599243049667d95
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4_2.6.8.1-16.5_powerpc.deb
Size/MD5: 15921960 abcf6b1e43a5153888530106ef6b27b6
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc-smp_2.6.8.1-16.5_powerpc.deb
Size/MD5: 16288522 3877efda049610da6a0aea0b7afec4cf
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc_2.6.8.1-16.5_powerpc.deb
Size/MD5: 15976844 e13c0c2cbb49c95dd9fd78191858add0


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_47_1_linux_kernel_vulnerabilities.html)