Movatterモバイル変換

[0]ホーム
URL:

Home page logo
bugtraq logo

Bugtraqmailing list archives

PreviousBy DateNext
PreviousBy ThreadNext

[USN-60-0] Linux kernel vulnerabilities

From: Martin Pitt <martin.pitt () canonical com>
Date: Fri, 14 Jan 2005 15:30:14 +0100
===========================================================Ubuntu Security Notice USN-60-0            January 14, 2005linux-source-2.6.8.1 vulnerabilitiesCAN-2005-0001http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html===========================================================A security issue affects the following Ubuntu releases:Ubuntu 4.10 (Warty Warthog)The following packages are affected:linux-image-2.6.8.1-4-386linux-image-2.6.8.1-4-686linux-image-2.6.8.1-4-686-smplinux-image-2.6.8.1-4-amd64-genericlinux-image-2.6.8.1-4-amd64-k8linux-image-2.6.8.1-4-amd64-k8-smplinux-image-2.6.8.1-4-amd64-xeonlinux-image-2.6.8.1-4-k7linux-image-2.6.8.1-4-k7-smplinux-image-2.6.8.1-4-power3linux-image-2.6.8.1-4-power3-smplinux-image-2.6.8.1-4-power4linux-image-2.6.8.1-4-power4-smplinux-image-2.6.8.1-4-powerpclinux-image-2.6.8.1-4-powerpc-smplinux-patch-debian-2.6.8.1The problem can be corrected by upgrading the affected package toversion 2.6.8.1-16.10.  In general, a standard system upgrade issufficient to effect the necessary changes.Details follow:CAN-2005-0001:  Paul Starzetz discovered a race condition in the Linux page fault  handler code. This allowed an unprivileged user to gain root  privileges on multiprocessor machines under some circumstances.  This also affects the Hyper-Threading mode on Pentium 4 processors.http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html:  Brad Spengler discovered that some device drivers used  copy_from_user() (a function to copy data from userspace tools into  kernel memory) with insufficient input validation. This potentially  allowed users and/or malicious hardware to overwrite kernel memory  which could result in a crash (Denial of Service) or even root  privilege escalation.Additionally, this update corrects the SMB file system driver.USN-30-1 fixed some vulnerabilities in this driver (see CAN-2004-0883,CAN-2004-0949). However, it was found that these new validation checkswere too strict, which cause some valid operations to fail.  Source archives:http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.10.diff.gz      Size/MD5:  3124783 7baba6f520b34239295eec86ceeadb57http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.10.dsc      Size/MD5:     2121 78646f13bd7c123b1e1e1aee212a19b0http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz      Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84  Architecture independent packages:http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.10_all.deb      Size/MD5:  6157246 2557a8f542a6e9ccc5bbbe537a09f24dhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.10_all.deb      Size/MD5:  1480818 7095633ace504dd73613917c5e4d821bhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.10_all.deb      Size/MD5: 36717852 f5e6d31457d3d01b36d9c3d097a245bfhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.10_all.deb      Size/MD5:   307276 785cc9563aeb987ac56d04c5860c4583  amd64 architecture (Athlon64, Opteron, EM64T Xeon)http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-generic_2.6.8.1-16.10_amd64.deb      Size/MD5:   247434 6588a9beca0665c21bce6e0c35ef5eefhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.10_amd64.deb      Size/MD5:   242972 ef0192b74166eda7c85faae0f961a2cbhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8_2.6.8.1-16.10_amd64.deb      Size/MD5:   246506 fa75cfaa15ba3ff9c5b11f4945a4c5echttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-xeon_2.6.8.1-16.10_amd64.deb      Size/MD5:   241342 decfc1908a591a25b4e9e1be8f0e3649http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.10_amd64.deb      Size/MD5:  3178078 1251cdcd9878ff7bdce13488ad574d8fhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-generic_2.6.8.1-16.10_amd64.deb      Size/MD5: 14353334 8d4512da15329f410b45c67cbd42bf0bhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.10_amd64.deb      Size/MD5: 14828790 e3d54c2f7c767aebc1a063cc27af0811http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8_2.6.8.1-16.10_amd64.deb      Size/MD5: 14861886 6122cebafa9bff7fb91671970c556cfehttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-xeon_2.6.8.1-16.10_amd64.deb      Size/MD5: 14684698 3f5b386a6e40f80516f9e59db20c6692  i386 architecture (x86 compatible Intel/AMD)http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-386_2.6.8.1-16.10_i386.deb      Size/MD5:   276196 fe47ff520d0d798cbaa81dcc2b1f6e86http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686-smp_2.6.8.1-16.10_i386.deb      Size/MD5:   270874 cbe52b86d908e1255272d175f9f651d1http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686_2.6.8.1-16.10_i386.deb      Size/MD5:   274050 5a2535d1895d13f7adb5f919f07dcb8ahttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7-smp_2.6.8.1-16.10_i386.deb      Size/MD5:   271178 faec7f6dca98fb4ddb29973f5171c64ahttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7_2.6.8.1-16.10_i386.deb      Size/MD5:   274106 f8a767051d9d65afb6743930b393245bhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.10_i386.deb      Size/MD5:  3218786 f9647906a4382578efd19a510f2e9941http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-386_2.6.8.1-16.10_i386.deb      Size/MD5: 15495688 e7c081897718ab829beb87aa032e6f01http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686-smp_2.6.8.1-16.10_i386.deb      Size/MD5: 16344846 d47cd6269296488515904a9f4a644e78http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686_2.6.8.1-16.10_i386.deb      Size/MD5: 16511876 c2a701f2502e20973578a5a0f863c41chttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7-smp_2.6.8.1-16.10_i386.deb      Size/MD5: 16446858 182c5641b7f9b3b4b2a4e78fb5a934d0http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7_2.6.8.1-16.10_i386.deb      Size/MD5: 16573412 e3f3c2326e434cc5137ccd324fd269a5  powerpc architecture (Apple Macintosh G3/G4/G5)http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3-smp_2.6.8.1-16.10_powerpc.deb      Size/MD5:   212200 e55327823c7403f3a51e232be3914a8dhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3_2.6.8.1-16.10_powerpc.deb      Size/MD5:   212922 0ad9bd97d8ac7a6f8241da8df3d5fcc6http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4-smp_2.6.8.1-16.10_powerpc.deb      Size/MD5:   211924 06b25a4fe260d751a0e5be41889a0995http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4_2.6.8.1-16.10_powerpc.deb      Size/MD5:   212686 fe70bb59a88058a20e8037fe534434a0http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc-smp_2.6.8.1-16.10_powerpc.deb      Size/MD5:   212592 59067dc10494c585f5d9020875fba9b2http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc_2.6.8.1-16.10_powerpc.deb      Size/MD5:   214104 363a3e0b5f3921c8b7af2c1afddeab29http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.10_powerpc.deb      Size/MD5:  3296108 aabb6a794c2a1af565627706373bc574http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3-smp_2.6.8.1-16.10_powerpc.deb      Size/MD5: 16366144 618e5fc502020f41e04e7bd892d8d275http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3_2.6.8.1-16.10_powerpc.deb      Size/MD5: 15943176 0a5197aa75406791e30c5106e60e03bahttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4-smp_2.6.8.1-16.10_powerpc.deb      Size/MD5: 16353386 36091d4d463c74a680b6124dd63a46bchttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4_2.6.8.1-16.10_powerpc.deb      Size/MD5: 15925318 96e7fa989818b59c8d567f014545901chttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc-smp_2.6.8.1-16.10_powerpc.deb      Size/MD5: 16288048 b50e240bf758725c9fdebd1c2dce903chttp://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc_2.6.8.1-16.10_powerpc.deb      Size/MD5: 15975940 c7b20be7720832a8714101336f20db3c

Attachment:signature.asc
Description: Digital signature

PreviousBy DateNext
PreviousBy ThreadNext

Current thread:

[8]ページ先頭
©2009-2026 Movatter.jp