≡ Menu

CVE-2008-2729

Canonical Ltd has issued updates for its Kernel package to plug multiple security holes. A security issue affects the following Ubuntu releases:

=> Ubuntu 6.06 LTS
=> Ubuntu 7.04
=> Ubuntu 7.10
=> Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

Description

IPsec protocol stack did not correctly handle fragmented ESP packets. A remote attacker could exploit this to crash the system, leading to a denial of service.(CVE-2007-6282)

The 64bit kernel did not correctly handle hrtimer updates. A local attacker could request a large expiration value and cause the system to hang, leading to a denial of service. (CVE-2007-6712)

The ia32 emulation under 64bit kernels did not fully clear uninitialized data. A local attacker could read private kernel memory, leading to a loss of privacy. (CVE-2008-0598)

A race condition was discovered between ptrace and utrace in the kernel. A
local attacker could exploit this to crash the system, leading to a denial
of service. (CVE-2008-2365)

The copy_to_user routine in the kernel did not correctly clear memory destination addresses when running on 64bit kernels. A local attacker could exploit this to gain access to sensitive kernel memory, leading to a loss of privacy. (CVE-2008-2729)

The PPP over L2TP routines in the kernel did not correctly handle certain messages. A remote attacker could send a specially crafted packet that could crash the system or execute arbitrary code. (CVE-2008-2750)

Gabriel Campana discovered that SCTP routines did not correctly check for large addresses. A local user could exploit this to allocate all available memory, leading to a denial of service. (CVE-2008-2826)

How do I update Kernel package?

Open terminal and type the following two commands:
$ sudo apt-get update
$ sudo apt-get upgrade

After a standard system upgrade you need to reboot your computer to effect the necessary changes:
$ sudo reboot

Security Update for Red Hat Linux Kernel

Red Hat has issued a security update for its Kernel that fixes issues related to following packages. This update has been rated as having important security impact on RHEL 4.x / 5.x, and you are recommended to update system as soon as possible.

=> Updated GFS-kernel, gnbd-kernel,dlm-kernel, cmirror-kernel, cman-kernel, Virtualization_Guide, Cluster_Administration, and lobal_File_System packages that fix module loading and others issues under RHEL 4.x and 5.x available now.

How do I update my system?

Simply type the following two commands:
# yum update
Sample output:

Loading "rhnplugin" plugin
Loading "security" plugin
rhel-x86_64-server-vt-5   100% |=========================| 1.2 kB    00:00
rhel-x86_64-server-5      100% |=========================| 1.2 kB    00:00
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package kernel.x86_64 0:2.6.18-92.1.6.el5 set to be installed
---> Package kernel-devel.x86_64 0:2.6.18-92.1.6.el5 set to be installed
---> Package kernel-headers.x86_64 0:2.6.18-92.1.6.el5 set to be updated
---> Package Deployment_Guide-en-US.noarch 0:5.2-11 set to be updated
--> Finished Dependency Resolution
--> Running transaction check
---> Package kernel.x86_64 0:2.6.18-53.1.21.el5 set to be erased
---> Package kernel.x86_64 0:2.6.18-92.1.6.el5 set to be installed
---> Package kernel-devel.x86_64 0:2.6.18-92.1.6.el5 set to be installed
---> Package kernel-headers.x86_64 0:2.6.18-92.1.6.el5 set to be updated
---> Package Deployment_Guide-en-US.noarch 0:5.2-11 set to be updated
---> Package kernel-devel.x86_64 0:2.6.18-53.1.21.el5 set to be erased
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 kernel                  x86_64     2.6.18-92.1.6.el5  rhel-x86_64-server-5   16 M
 kernel-devel            x86_64     2.6.18-92.1.6.el5  rhel-x86_64-server-5  5.0 M
Updating:
 Deployment_Guide-en-US  noarch     5.2-11           rhel-x86_64-server-5  3.5 M
 kernel-headers          x86_64     2.6.18-92.1.6.el5  rhel-x86_64-server-5  880 k
Removing:
 kernel                  x86_64     2.6.18-53.1.21.el5  installed          75 M
 kernel-devel            x86_64     2.6.18-53.1.21.el5  installed          15 M
Transaction Summary
=============================================================================
Install      2 Package(s)
Update       2 Package(s)
Remove       2 Package(s)
Total download size: 25 M
Is this ok [y/N]: y