Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Ubuntu 8.04 LTS: USN-1133-1 Critical Kernel Flaw Denial Of Service

Calendar May 24, 2011 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service critical advisory kernel flaw ubuntu crash issue local attacker
Multiple flaws in the Linux kernel. 
=========================================================================Ubuntu Security Notice USN-1133-1
May 24, 2011

linux vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 8.04 LTS

Summary:

Multiple flaws in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

Nelson Elhage discovered that Econet did not correctly handle AUN packets
over UDP. A local attacker could send specially crafted traffic to crash
the system, leading to a denial of service. (CVE-2010-4342)

Dan Rosenberg discovered that the OSS subsystem did not handle name
termination correctly. A local attacker could exploit this crash the system
or gain root privileges. (CVE-2010-4527)

Dan Rosenberg discovered that IRDA did not correctly check the size of
buffers. On non-x86 systems, a local attacker could exploit this to read
kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)

Dan Carpenter discovered that the TTPCI DVB driver did not check certain
values during an ioctl. If the dvb-ttpci module was loaded, a local
attacker could exploit this to crash the system, leading to a denial of
service, or possibly gain root privileges. (CVE-2011-0521)

Dan Rosenberg discovered that XFS did not correctly initialize memory. A
local attacker could make crafted ioctl calls to leak portions of kernel
stack memory, leading to a loss of privacy. (CVE-2011-0711)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 8.04 LTS:
  linux-image-2.6.24-29-386       2.6.24-29.89
  linux-image-2.6.24-29-generic   2.6.24-29.89
  linux-image-2.6.24-29-hppa32    2.6.24-29.89
  linux-image-2.6.24-29-hppa64    2.6.24-29.89
  linux-image-2.6.24-29-itanium   2.6.24-29.89
  linux-image-2.6.24-29-lpia      2.6.24-29.89
  linux-image-2.6.24-29-lpiacompat  2.6.24-29.89
  linux-image-2.6.24-29-mckinley  2.6.24-29.89
  linux-image-2.6.24-29-openvz    2.6.24-29.89
  linux-image-2.6.24-29-powerpc   2.6.24-29.89
  linux-image-2.6.24-29-powerpc-smp  2.6.24-29.89
  linux-image-2.6.24-29-powerpc64-smp  2.6.24-29.89
  linux-image-2.6.24-29-rt        2.6.24-29.89
  linux-image-2.6.24-29-server    2.6.24-29.89
  linux-image-2.6.24-29-sparc64   2.6.24-29.89
  linux-image-2.6.24-29-sparc64-smp  2.6.24-29.89
  linux-image-2.6.24-29-virtual   2.6.24-29.89
  linux-image-2.6.24-29-xen       2.6.24-29.89

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  CVE-2010-4342, CVE-2010-4527, CVE-2010-4529, CVE-2011-0521,
  CVE-2011-0711

Package Information:
  https://launchpad.net/ubuntu/+source/linux/2.6.24-29.89

Ubuntu 8.04 LTS: USN-1133-1 Critical Kernel Flaw Denial Of Service

ubuntu
Calendar Grey May 24, 2011
Dist Ubuntu Esm H88
Multiple Linux kernel flaws in Ubuntu 8.04 LTS require immediate user updates for security.
Multiple flaws in the Linux kernel.

Summary

Topics%20covered

Topics Covered

security advisory denial of service critical advisory kernel flaw ubuntu crash issue local attacker

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 8.04 LTS: linux-image-2.6.24-29-386 2.6.24-29.89 linux-image-2.6.24-29-generic 2.6.24-29.89 linux-image-2.6.24-29-hppa32 2.6.24-29.89 linux-image-2.6.24-29-hppa64 2.6.24-29.89 linux-image-2.6.24-29-itanium 2.6.24-29.89 linux-image-2.6.24-29-lpia 2.6.24-29.89 linux-image-2.6.24-29-lpiacompat 2.6.24-29.89 linux-image-2.6.24-29-mckinley 2.6.24-29.89 linux-image-2.6.24-29-openvz 2.6.24-29.89 linux-image-2.6.24-29-powerpc 2.6.24-29.89 linux-image-2.6.24-29-powerpc-smp 2.6.24-29.89 linux-image-2.6.24-29-powerpc64-smp 2.6.24-29.89 linux-image-2.6.24-29-rt 2.6.24-29.89 linux-image-2.6.24-29-server 2.6.24-29.89 linux-image-2.6.24-29-sparc64 2.6.24-29.89 linux-image-2.6.24-29-sparc64-smp 2.6.24-29.89 linux-image-2.6.24-29-virtual 2.6.24-29.89 linux-image-2.6.24-29-xen 2.6.24-29.89 After a standard system update you need to reboot your computer to make all the necessary changes.

References

CVE-2010-4342, CVE-2010-4527, CVE-2010-4529, CVE-2011-0521,

CVE-2011-0711

Severity
critical
Lowest
Low
Medium
High
Critical

May 24, 2011

Topics%20covered

Topics Covered

security advisory denial of service critical advisory kernel flaw ubuntu crash issue local attacker

Package Information

https://launchpad.net/ubuntu/+source/linux/2.6.24-29.89

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here