Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

[USN-47-1] Linux kernel vulnerabilities: msg#00011

linux.ubuntu.security.announce

Subject: [USN-47-1] Linux kernel vulnerabilities

===========================================================
Ubuntu Security Notice USN-47-1 December 23, 2004
linux-source-2.6.8.1 vulnerabilities
http://lists.netsys.com/pipermail/full-disclosure/2004-December/030011.html
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-4-386
linux-image-2.6.8.1-4-686
linux-image-2.6.8.1-4-686-smp
linux-image-2.6.8.1-4-amd64-generic
linux-image-2.6.8.1-4-amd64-k8
linux-image-2.6.8.1-4-amd64-k8-smp
linux-image-2.6.8.1-4-amd64-xeon
linux-image-2.6.8.1-4-k7
linux-image-2.6.8.1-4-k7-smp
linux-image-2.6.8.1-4-power3
linux-image-2.6.8.1-4-power3-smp
linux-image-2.6.8.1-4-power4
linux-image-2.6.8.1-4-power4-smp
linux-image-2.6.8.1-4-powerpc
linux-image-2.6.8.1-4-powerpc-smp

The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.5. You need to reboot the computer after doing a
standard system upgrade to effect the necessary changes.

Details follow:

Georgi Guninski discovered two Denial of Service vulnerabilities in
the Linux kernel.

An integer overflow in the vc_resize() function caused the memory
allocation for the new screen being too short, thus causing a buffer
overflow and a kernel crash.

There was also a memory leak in the ip_options_get() function. Calling
ip_cmsg_send() very often would gradually exhaust memory.

Note: The original advisory (see URL above) also mentions a
"ip_options_get integer overflow". This was already fixed in USN-38-1
(known as CAN-2004-1016).

Source archives:


http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.5.diff.gz
Size/MD5: 3123334 d7a3634a7139758ecc0f5a0dbbb29ef2

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.5.dsc
Size/MD5: 1981 68671156b865baab309269c3fd080ca9

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84

Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.5_all.deb
Size/MD5: 6161580 f433a82382d1fbba3c96812b38fe58db

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.5_all.deb
Size/MD5: 1472240 0f2665773cf070f4ddc42cc77453bf2c

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.5_all.deb
Size/MD5: 36717112 8d5fa2c345279e74ec75040e6a146b08

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.5_all.deb
Size/MD5: 306836 1319cea25c4fddbf9e360895a099721c

amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-generic_2.6.8.1-16.5_amd64.deb
Size/MD5: 247126 4e685fd7ad6f4a9d45748421ffeca3f3

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.5_amd64.deb
Size/MD5: 242652 8e7c2a39923255281b033fa78b19ad52

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8_2.6.8.1-16.5_amd64.deb
Size/MD5: 246192 8df8b12706511e0b6f239ec13124f96b

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-xeon_2.6.8.1-16.5_amd64.deb
Size/MD5: 241166 7867551ef24da00c7438ae33fdafc529

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.5_amd64.deb
Size/MD5: 3177688 c40945672004fef7691c4165c4d5241c

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-generic_2.6.8.1-16.5_amd64.deb
Size/MD5: 14352924 0d4270aa409bcb2ded722b7b370e7939

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.5_amd64.deb
Size/MD5: 14827756 7b723ef0e66dc38c3f03efcd2252b5e0

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8_2.6.8.1-16.5_amd64.deb
Size/MD5: 14861110 69eb4d9270f729ee268d8d929750771c

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-xeon_2.6.8.1-16.5_amd64.deb
Size/MD5: 14680104 c355cf90c5a3ead96e30a5c77ee46500

i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-386_2.6.8.1-16.5_i386.deb
Size/MD5: 275848 7f0118b997b752596e2aeca307a852d9

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686-smp_2.6.8.1-16.5_i386.deb
Size/MD5: 270434 005ee0b62cbfdd73638e83e617e3b6a6

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686_2.6.8.1-16.5_i386.deb
Size/MD5: 273676 9b3b9bd2af291b33fc0d935e48d0b7a5

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7-smp_2.6.8.1-16.5_i386.deb
Size/MD5: 270924 4e0233fa9b043c3eaabf0f2f5c7e1e61

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7_2.6.8.1-16.5_i386.deb
Size/MD5: 273658 eddcbdeaa3161aedb69642c3d734905c

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.5_i386.deb
Size/MD5: 3218274 cf558c97e570560ea6c34545fffcafc6

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-386_2.6.8.1-16.5_i386.deb
Size/MD5: 15495552 c74bd1e9f1de14af34b942e3f6479016

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686-smp_2.6.8.1-16.5_i386.deb
Size/MD5: 16344414 d9ba499c886b3bfbb1e2be287aa6e122

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686_2.6.8.1-16.5_i386.deb
Size/MD5: 16509784 7b20e5fbc804d737208fea155e468a20

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7-smp_2.6.8.1-16.5_i386.deb
Size/MD5: 16446628 b9312c77ce6e9c63994ed35f85cb0f3b

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7_2.6.8.1-16.5_i386.deb
Size/MD5: 16572214 86783b3d3dc5b07fb736ffa1028235eb

powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3-smp_2.6.8.1-16.5_powerpc.deb
Size/MD5: 211822 e65803533cc1d5c51b2a410fd9c5cfe4

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3_2.6.8.1-16.5_powerpc.deb
Size/MD5: 212626 d2243871347cb3b5255010756a460aac

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4-smp_2.6.8.1-16.5_powerpc.deb
Size/MD5: 211652 1ecd860f9b13dcc0cdc30a656577f602

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4_2.6.8.1-16.5_powerpc.deb
Size/MD5: 212354 60d82bdb2dc1feb3649d465d64226c8d

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc-smp_2.6.8.1-16.5_powerpc.deb
Size/MD5: 212282 d5fe841e0ea11b1999f5c1a8d66339f1

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc_2.6.8.1-16.5_powerpc.deb
Size/MD5: 213872 02f0845a7bbe951869619d703ec6c68c

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.5_powerpc.deb
Size/MD5: 3295926 98bad75561e8a21eee0231678a6186b3

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3-smp_2.6.8.1-16.5_powerpc.deb
Size/MD5: 16365334 3a62029e7d42a4b59d93cdba13fbbce9

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3_2.6.8.1-16.5_powerpc.deb
Size/MD5: 15942648 5eeb0c701107adc8cc5e5d41e8505133

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4-smp_2.6.8.1-16.5_powerpc.deb
Size/MD5: 16351052 c858fd5db92bc6c2d599243049667d95

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4_2.6.8.1-16.5_powerpc.deb
Size/MD5: 15921960 abcf6b1e43a5153888530106ef6b27b6

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc-smp_2.6.8.1-16.5_powerpc.deb
Size/MD5: 16288522 3877efda049610da6a0aea0b7afec4cf

http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc_2.6.8.1-16.5_powerpc.deb
Size/MD5: 15976844 e13c0c2cbb49c95dd9fd78191858add0

Attachment: signature.asc
Description: Digital signature
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [USN-46-1] TIFF library vulnerability, Martin Pitt
Next by Date:  [USN-48-1] xpdf, tetex-bin vulnerabilities, Martin Pitt
Previous by Thread:  [USN-46-1] TIFF library vulnerability, Martin Pitt
Next by Thread:  [USN-48-1] xpdf, tetex-bin vulnerabilities, Martin Pitt
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
version-control...    qnx.openqnx.dev...    redhat.rhn.user...    ietf.openpgp/20...    mail.mutt.user/...    web.microformat...    java.sync4j.use...    education.ezpro...    user-groups.blu...    solaris.manager...    org.fitug.debat...    technology.erps...    politics.activi...    linux.redhat.fe...    bug-tracking.ma...    xfce.user/2004-...    hams/2004-11/ms...    kde.users.pim/2...    culture.cooking...    freebsd.devel.x...    gnu.m4.adhoc/20...    ngpt.user/2002-...    apple.fink.deve...   
Home | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation