USN-714-1: Linux kernel vulnerabilities

Releases

• Ubuntu 8.04
• Ubuntu 7.10
• Ubuntu 6.06

Packages

• linux -
• linux-source-2.6.15 -
• linux-source-2.6.22 -

Details

Hugo Dias discovered that the ATM subsystem did not correctly manage socket
counts. A local attacker could exploit this to cause a system hang, leading
to a denial of service. (CVE-2008-5079)

It was discovered that the libertas wireless driver did not correctly
handle beacon and probe responses. A physically near-by attacker could
generate specially crafted wireless network traffic and cause a denial of
service. Ubuntu 6.06 was not affected. (CVE-2008-5134)

It was discovered that the inotify subsystem contained watch removal race
conditions. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2008-5182)

Dann Frazier discovered that in certain situations sendmsg did not
correctly release allocated memory. A local attacker could exploit this to
force the system to run out of free memory, leading to a denial of service.
Ubuntu 6.06 was not affected. (CVE-2008-5300)

It was discovered that the ATA subsystem did not correctly set timeouts. A
local attacker could exploit this to cause a system hang, leading to a
denial of service. (CVE-2008-5700)

It was discovered that the ib700 watchdog timer did not correctly check
buffer sizes. A local attacker could send a specially crafted ioctl to the
device to cause a system crash, leading to a denial of service.
(CVE-2008-5702)

It was discovered that in certain situations the network scheduler did not
correctly handle very large levels of traffic. A local attacker could
produce a high volume of UDP traffic resulting in a system hang, leading to
a denial of service. Ubuntu 8.04 was not affected. (CVE-2008-5713)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.04

• linux-image-2.6.24-23-virtual - 2.6.24-23.48
• linux-image-2.6.24-23-server - 2.6.24-23.48
• linux-image-2.6.24-23-mckinley - 2.6.24-23.48
• linux-image-2.6.24-23-sparc64-smp - 2.6.24-23.48
• linux-image-2.6.24-23-xen - 2.6.24-23.48
• linux-image-2.6.24-23-powerpc-smp - 2.6.24-23.48
• linux-image-2.6.24-23-lpiacompat - 2.6.24-23.48
• linux-image-2.6.24-23-sparc64 - 2.6.24-23.48
• linux-image-2.6.24-23-rt - 2.6.24-23.48
• linux-image-2.6.24-23-openvz - 2.6.24-23.48
• linux-image-2.6.24-23-lpia - 2.6.24-23.48
• linux-image-2.6.24-23-hppa64 - 2.6.24-23.48
• linux-image-2.6.24-23-386 - 2.6.24-23.48
• linux-image-2.6.24-23-powerpc - 2.6.24-23.48
• linux-image-2.6.24-23-powerpc64-smp - 2.6.24-23.48
• linux-image-2.6.24-23-itanium - 2.6.24-23.48
• linux-image-2.6.24-23-hppa32 - 2.6.24-23.48
• linux-image-2.6.24-23-generic - 2.6.24-23.48

Ubuntu 7.10

• linux-image-2.6.22-16-mckinley - 2.6.22-16.61
• linux-image-2.6.22-16-powerpc64-smp - 2.6.22-16.61
• linux-image-2.6.22-16-virtual - 2.6.22-16.61
• linux-image-2.6.22-16-cell - 2.6.22-16.61
• linux-image-2.6.22-16-hppa64 - 2.6.22-16.61
• linux-image-2.6.22-16-sparc64-smp - 2.6.22-16.61
• linux-image-2.6.22-16-generic - 2.6.22-16.61
• linux-image-2.6.22-16-lpia - 2.6.22-16.61
• linux-image-2.6.22-16-powerpc-smp - 2.6.22-16.61
• linux-image-2.6.22-16-386 - 2.6.22-16.61
• linux-image-2.6.22-16-hppa32 - 2.6.22-16.61
• linux-image-2.6.22-16-rt - 2.6.22-16.61
• linux-image-2.6.22-16-xen - 2.6.22-16.61
• linux-image-2.6.22-16-powerpc - 2.6.22-16.61
• linux-image-2.6.22-16-itanium - 2.6.22-16.61
• linux-image-2.6.22-16-lpiacompat - 2.6.22-16.61
• linux-image-2.6.22-16-ume - 2.6.22-16.61
• linux-image-2.6.22-16-sparc64 - 2.6.22-16.61
• linux-image-2.6.22-16-server - 2.6.22-16.61

Ubuntu 6.06

• linux-image-2.6.15-53-powerpc64-smp - 2.6.15-53.75
• linux-image-2.6.15-53-powerpc - 2.6.15-53.75
• linux-image-2.6.15-53-amd64-xeon - 2.6.15-53.75
• linux-image-2.6.15-53-386 - 2.6.15-53.75
• linux-image-2.6.15-53-amd64-generic - 2.6.15-53.75
• linux-image-2.6.15-53-686 - 2.6.15-53.75
• linux-image-2.6.15-53-hppa64 - 2.6.15-53.75
• linux-image-2.6.15-53-sparc64 - 2.6.15-53.75
• linux-image-2.6.15-53-amd64-server - 2.6.15-53.75
• linux-image-2.6.15-53-amd64-k8 - 2.6.15-53.75
• linux-image-2.6.15-53-hppa64-smp - 2.6.15-53.75
• linux-image-2.6.15-53-sparc64-smp - 2.6.15-53.75
• linux-image-2.6.15-53-itanium-smp - 2.6.15-53.75
• linux-image-2.6.15-53-hppa32 - 2.6.15-53.75
• linux-image-2.6.15-53-hppa32-smp - 2.6.15-53.75
• linux-image-2.6.15-53-mckinley - 2.6.15-53.75
• linux-image-2.6.15-53-powerpc-smp - 2.6.15-53.75
• linux-image-2.6.15-53-server-bigiron - 2.6.15-53.75
• linux-image-2.6.15-53-mckinley-smp - 2.6.15-53.75
• linux-image-2.6.15-53-server - 2.6.15-53.75
• linux-image-2.6.15-53-itanium - 2.6.15-53.75
• linux-image-2.6.15-53-k7 - 2.6.15-53.75

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

References

• CVE-2008-5134
• CVE-2008-5713
• CVE-2008-5079
• CVE-2008-5182
• CVE-2008-5300
• CVE-2008-5700
• CVE-2008-5702

Related notices

• USN-715-1: linux, linux-image-2.6.27-11-generic, linux-image-2.6.27-11-virtual, linux-image-2.6.27-11-server