Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 8.04 LTS USN-1236-1 Moderate: Linux Kernel Flaws and Threats

Calendar Oct 20, 2011 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate remote access local access ubuntu linux kernel system flaw
Multiple kernel flaws have been fixed. 
=========================================================================Ubuntu Security Notice USN-1236-1
October 20, 2011

linux vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 8.04 LTS

Summary:

Multiple kernel flaws have been fixed.

Software Description:
- linux: Linux kernel

Details:

It was discovered that the Auerswald usb driver incorrectly handled lengths
of the USB string descriptors. A local attacker with physical access could
insert a specially crafted USB device and gain root privileges.
(CVE-2009-4067)

It was discovered that the Stream Control Transmission Protocol (SCTP)
implementation incorrectly calculated lengths. If the net.sctp.addip_enable
variable was turned on, a remote attacker could send specially crafted
traffic to crash the system. (CVE-2011-1573)

Vasiliy Kulikov discovered that taskstats did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2494)

Vasiliy Kulikov discovered that /proc/PID/io did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2495)

Dan Kaminsky discovered that the kernel incorrectly handled random sequence
number generation. An attacker could use this flaw to possibly predict
sequence numbers and inject packets. (CVE-2011-3188)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 8.04 LTS:
  linux-image-2.6.24-29-386       2.6.24-29.95
  linux-image-2.6.24-29-generic   2.6.24-29.95
  linux-image-2.6.24-29-hppa32    2.6.24-29.95
  linux-image-2.6.24-29-hppa64    2.6.24-29.95
  linux-image-2.6.24-29-itanium   2.6.24-29.95
  linux-image-2.6.24-29-lpia      2.6.24-29.95
  linux-image-2.6.24-29-lpiacompat  2.6.24-29.95
  linux-image-2.6.24-29-mckinley  2.6.24-29.95
  linux-image-2.6.24-29-openvz    2.6.24-29.95
  linux-image-2.6.24-29-powerpc   2.6.24-29.95
  linux-image-2.6.24-29-powerpc-smp  2.6.24-29.95
  linux-image-2.6.24-29-powerpc64-smp  2.6.24-29.95
  linux-image-2.6.24-29-rt        2.6.24-29.95
  linux-image-2.6.24-29-server    2.6.24-29.95
  linux-image-2.6.24-29-sparc64   2.6.24-29.95
  linux-image-2.6.24-29-sparc64-smp  2.6.24-29.95
  linux-image-2.6.24-29-virtual   2.6.24-29.95
  linux-image-2.6.24-29-xen       2.6.24-29.95

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-1236-1
  CVE-2009-4067, CVE-2011-1573, CVE-2011-2494, CVE-2011-2495,
  CVE-2011-3188

Package Information:
  https://launchpad.net/ubuntu/+source/linux/2.6.24-29.95

Ubuntu 8.04 LTS USN-1236-1 Moderate: Linux Kernel Flaws and Threats

ubuntu
Calendar Grey October 20, 2011
Dist Ubuntu Esm H88
Numerous vulnerabilities patched in Debian 10 reveal critical security issues necessitating immediate upgrades.
Multiple kernel flaws have been fixed.

Summary

Topics%20covered

Topics Covered

security advisory moderate remote access local access ubuntu linux kernel system flaw

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 8.04 LTS: linux-image-2.6.24-29-386 2.6.24-29.95 linux-image-2.6.24-29-generic 2.6.24-29.95 linux-image-2.6.24-29-hppa32 2.6.24-29.95 linux-image-2.6.24-29-hppa64 2.6.24-29.95 linux-image-2.6.24-29-itanium 2.6.24-29.95 linux-image-2.6.24-29-lpia 2.6.24-29.95 linux-image-2.6.24-29-lpiacompat 2.6.24-29.95 linux-image-2.6.24-29-mckinley 2.6.24-29.95 linux-image-2.6.24-29-openvz 2.6.24-29.95 linux-image-2.6.24-29-powerpc 2.6.24-29.95 linux-image-2.6.24-29-powerpc-smp 2.6.24-29.95 linux-image-2.6.24-29-powerpc64-smp 2.6.24-29.95 linux-image-2.6.24-29-rt 2.6.24-29.95 linux-image-2.6.24-29-server 2.6.24-29.95 linux-image-2.6.24-29-sparc64 2.6.24-29.95 linux-image-2.6.24-29-sparc64-smp 2.6.24-29.95 linux-image-2.6.24-29-virtual 2.6.24-29.95 linux-image-2.6.24-29-xen 2.6.24-29.95 After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1236-1

CVE-2009-4067, CVE-2011-1573, CVE-2011-2494, CVE-2011-2495,

CVE-2011-3188

Severity
important
Lowest
Low
Medium
High
Critical

October 20, 2011

Topics%20covered

Topics Covered

security advisory moderate remote access local access ubuntu linux kernel system flaw

Package Information

https://launchpad.net/ubuntu/+source/linux/2.6.24-29.95

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here