USN-263-1: Linux kernel vulnerabilities

Releases

• Ubuntu 5.10
• Ubuntu 5.04
• Ubuntu 4.10

Details

A flaw was found in the module reference counting for loadable
protocol modules of netfilter. By performing particular socket
operations, a local attacker could exploit this to crash the kernel.
This flaw only affects Ubuntu 5.10. (CVE-2005-3359)

David Howells noticed a race condition in the add_key(), request_key()
and keyctl() functions. By modifying the length of string arguments
after the kernel determined their length, but before the kernel copied
them into kernel memory, a local attacker could either crash the
kernel or read random parts of kernel memory (which could potentially
contain sensitive data). (CVE-2006-0457)

An information disclosure vulnerability was discovered in the
ftruncate() function for the XFS file system. Under certain
conditions, this function could expose random unallocated blocks.
A local user could potentially exploit this to recover sensitive data
from previously deleted files. (CVE-2006-0554)

A local Denial of Service vulnerability was found in the NFS client
module. By opening a file on an NFS share with O_DIRECT and performing
some special operations on it, a local attacker could trigger a kernel
crash. (CVE-2006-0555)

The ELF binary loader did not sufficiently verify some addresses in
the ELF headers. By attempting to execute a specially crafted program,
a local attacker could exploit this to trigger a recursive loop of
kernel errors, which finally ended in a kernel crash. This only
affects the amd64 architecture on Intel processors (EMT64).
(CVE-2006-0741)

The die_if_kernel() function was incorrectly declared as "does never
return" on the ia64 platform. A local attacker could exploit this to
crash the kernel. Please note that ia64 is not an officially supported
platform. (CVE-2006-0742)

Oleg Nesterov discovered a race condition in the signal handling. On
multiprocessor (SMP) machines, a local attacker could exploit this to
create many unkillable processes, which could eventually lead to a
Denial of Service.

A memory leak was discovered in the handling of files which were
opened with the O_DIRECT flag. By repeatedly opening files in a
special way, a local attacker could eventually drain all available
kernel memory and render the machine unusable. This flaw only affects
Ubuntu 4.10.
(http://linux.bkbits.net:8080/linux-2.6/cset%404182a613oVsK0-8eCWpyYFrUf8rhLA)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10

• linux-patch-ubuntu-2.6.10 -
• linux-image-2.6.12-10-powerpc-smp -
• linux-patch-ubuntu-2.6.12 -
• linux-image-2.6.12-10-itanium-smp -
• linux-image-2.6.8.1-6-power3-smp -
• linux-image-2.6.8.1-6-amd64-k8-smp -
• linux-image-2.6.10-6-686 -
• linux-image-2.6.10-6-powerpc -
• linux-image-2.6.10-6-itanium -
• linux-image-2.6.10-6-power4-smp -
• linux-image-2.6.12-10-powerpc64-smp -
• linux-image-2.6.8.1-6-k7 -
• linux-image-2.6.8.1-6-powerpc -
• linux-image-2.6.12-10-amd64-generic -
• linux-image-2.6.12-10-iseries-smp -
• linux-image-2.6.12-10-k7-smp -
• linux-image-2.6.8.1-6-amd64-xeon -
• linux-image-2.6.12-10-amd64-xeon -
• linux-image-2.6.8.1-6-power4 -
• linux-image-2.6.8.1-6-amd64-k8 -
• linux-image-2.6.10-6-386 -
• linux-image-2.6.8.1-6-power3 -
• linux-image-2.6.12-10-itanium -
• linux-image-2.6.12-10-powerpc -
• linux-image-2.6.10-6-amd64-xeon -
• linux-image-2.6.12-10-mckinley -
• linux-image-2.6.10-6-itanium-smp -
• linux-image-2.6.10-6-powerpc-smp -
• linux-image-2.6.10-6-power4 -
• linux-image-2.6.8.1-6-power4-smp -
• linux-image-2.6.10-6-power3 -
• linux-image-2.6.8.1-6-386 -
• linux-image-2.6.8.1-6-powerpc-smp -
• linux-image-2.6.10-6-k7 -
• linux-image-2.6.12-10-amd64-k8-smp -
• linux-image-2.6.10-6-k7-smp -
• linux-image-2.6.12-10-686 -
• linux-image-2.6.10-6-mckinley -
• linux-image-2.6.12-10-686-smp -
• linux-image-2.6.10-6-686-smp -
• linux-image-2.6.8.1-6-amd64-generic -
• linux-image-2.6.10-6-power3-smp -
• linux-image-2.6.10-6-amd64-k8-smp -
• linux-image-2.6.12-10-k7 -
• linux-image-2.6.10-6-amd64-generic -
• linux-image-2.6.8.1-6-686 -
• linux-image-2.6.10-6-amd64-k8 -
• linux-image-2.6.12-10-mckinley-smp -
• linux-image-2.6.8.1-6-686-smp -
• linux-patch-debian-2.6.8.1 -
• linux-image-2.6.8.1-6-k7-smp -
• linux-image-2.6.12-10-386 -
• linux-image-2.6.10-6-mckinley-smp -
• linux-image-2.6.12-10-amd64-k8 -

Ubuntu 5.04

• linux-patch-ubuntu-2.6.10 -
• linux-image-2.6.12-10-powerpc-smp -
• linux-patch-ubuntu-2.6.12 -
• linux-image-2.6.12-10-itanium-smp -
• linux-image-2.6.8.1-6-power3-smp -
• linux-image-2.6.8.1-6-amd64-k8-smp -
• linux-image-2.6.10-6-686 -
• linux-image-2.6.10-6-powerpc -
• linux-image-2.6.10-6-itanium -
• linux-image-2.6.10-6-power4-smp -
• linux-image-2.6.12-10-powerpc64-smp -
• linux-image-2.6.8.1-6-k7 -
• linux-image-2.6.8.1-6-powerpc -
• linux-image-2.6.12-10-amd64-generic -
• linux-image-2.6.12-10-iseries-smp -
• linux-image-2.6.12-10-k7-smp -
• linux-image-2.6.8.1-6-amd64-xeon -
• linux-image-2.6.12-10-amd64-xeon -
• linux-image-2.6.8.1-6-power4 -
• linux-image-2.6.8.1-6-amd64-k8 -
• linux-image-2.6.10-6-386 -
• linux-image-2.6.8.1-6-power3 -
• linux-image-2.6.12-10-itanium -
• linux-image-2.6.12-10-powerpc -
• linux-image-2.6.10-6-amd64-xeon -
• linux-image-2.6.12-10-mckinley -
• linux-image-2.6.10-6-itanium-smp -
• linux-image-2.6.10-6-powerpc-smp -
• linux-image-2.6.10-6-power4 -
• linux-image-2.6.8.1-6-power4-smp -
• linux-image-2.6.10-6-power3 -
• linux-image-2.6.8.1-6-386 -
• linux-image-2.6.8.1-6-powerpc-smp -
• linux-image-2.6.10-6-k7 -
• linux-image-2.6.12-10-amd64-k8-smp -
• linux-image-2.6.10-6-k7-smp -
• linux-image-2.6.12-10-686 -
• linux-image-2.6.10-6-mckinley -
• linux-image-2.6.12-10-686-smp -
• linux-image-2.6.10-6-686-smp -
• linux-image-2.6.8.1-6-amd64-generic -
• linux-image-2.6.10-6-power3-smp -
• linux-image-2.6.10-6-amd64-k8-smp -
• linux-image-2.6.12-10-k7 -
• linux-image-2.6.10-6-amd64-generic -
• linux-image-2.6.8.1-6-686 -
• linux-image-2.6.10-6-amd64-k8 -
• linux-image-2.6.12-10-mckinley-smp -
• linux-image-2.6.8.1-6-686-smp -
• linux-patch-debian-2.6.8.1 -
• linux-image-2.6.8.1-6-k7-smp -
• linux-image-2.6.12-10-386 -
• linux-image-2.6.10-6-mckinley-smp -
• linux-image-2.6.12-10-amd64-k8 -

Ubuntu 4.10

• linux-patch-ubuntu-2.6.10 -
• linux-image-2.6.12-10-powerpc-smp -
• linux-patch-ubuntu-2.6.12 -
• linux-image-2.6.12-10-itanium-smp -
• linux-image-2.6.8.1-6-power3-smp -
• linux-image-2.6.8.1-6-amd64-k8-smp -
• linux-image-2.6.10-6-686 -
• linux-image-2.6.10-6-powerpc -
• linux-image-2.6.10-6-itanium -
• linux-image-2.6.10-6-power4-smp -
• linux-image-2.6.12-10-powerpc64-smp -
• linux-image-2.6.8.1-6-k7 -
• linux-image-2.6.8.1-6-powerpc -
• linux-image-2.6.12-10-amd64-generic -
• linux-image-2.6.12-10-iseries-smp -
• linux-image-2.6.12-10-k7-smp -
• linux-image-2.6.8.1-6-amd64-xeon -
• linux-image-2.6.12-10-amd64-xeon -
• linux-image-2.6.8.1-6-power4 -
• linux-image-2.6.8.1-6-amd64-k8 -
• linux-image-2.6.10-6-386 -
• linux-image-2.6.8.1-6-power3 -
• linux-image-2.6.12-10-itanium -
• linux-image-2.6.12-10-powerpc -
• linux-image-2.6.10-6-amd64-xeon -
• linux-image-2.6.12-10-mckinley -
• linux-image-2.6.10-6-itanium-smp -
• linux-image-2.6.10-6-powerpc-smp -
• linux-image-2.6.10-6-power4 -
• linux-image-2.6.8.1-6-power4-smp -
• linux-image-2.6.10-6-power3 -
• linux-image-2.6.8.1-6-386 -
• linux-image-2.6.8.1-6-powerpc-smp -
• linux-image-2.6.10-6-k7 -
• linux-image-2.6.12-10-amd64-k8-smp -
• linux-image-2.6.10-6-k7-smp -
• linux-image-2.6.12-10-686 -
• linux-image-2.6.10-6-mckinley -
• linux-image-2.6.12-10-686-smp -
• linux-image-2.6.10-6-686-smp -
• linux-image-2.6.8.1-6-amd64-generic -
• linux-image-2.6.10-6-power3-smp -
• linux-image-2.6.10-6-amd64-k8-smp -
• linux-image-2.6.12-10-k7 -
• linux-image-2.6.10-6-amd64-generic -
• linux-image-2.6.8.1-6-686 -
• linux-image-2.6.10-6-amd64-k8 -
• linux-image-2.6.12-10-mckinley-smp -
• linux-image-2.6.8.1-6-686-smp -
• linux-patch-debian-2.6.8.1 -
• linux-image-2.6.8.1-6-k7-smp -
• linux-image-2.6.12-10-386 -
• linux-image-2.6.10-6-mckinley-smp -
• linux-image-2.6.12-10-amd64-k8 -

In general, a standard system update will make all the necessary changes.

References

• CVE-2006-0742
• CVE-2006-0554
• CVE-2006-0555
• CVE-2006-0741
• CVE-2006-0457
• CVE-2005-3359