Ubuntu Linux Critical Kernel Vulnerabilities Fix Available
Canonical Ltd has issued updates for its Kernel package to plug multiple security holes. A security issue affects the following Ubuntu releases:
=> Ubuntu 6.06 LTS
=> Ubuntu 7.04
=> Ubuntu 7.10
=> Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
Description
IPsec protocol stack did not correctly handle fragmented ESP packets. A remote attacker could exploit this to crash the system, leading to a denial of service.(CVE-2007-6282)
The 64bit kernel did not correctly handle hrtimer updates. A local attacker could request a large expiration value and cause the system to hang, leading to a denial of service. (CVE-2007-6712)
The ia32 emulation under 64bit kernels did not fully clear uninitialized data. A local attacker could read private kernel memory, leading to a loss of privacy. (CVE-2008-0598)
A race condition was discovered between ptrace and utrace in the kernel. A
local attacker could exploit this to crash the system, leading to a denial
of service. (CVE-2008-2365)
The copy_to_user routine in the kernel did not correctly clear memory destination addresses when running on 64bit kernels. A local attacker could exploit this to gain access to sensitive kernel memory, leading to a loss of privacy. (CVE-2008-2729)
The PPP over L2TP routines in the kernel did not correctly handle certain messages. A remote attacker could send a specially crafted packet that could crash the system or execute arbitrary code. (CVE-2008-2750)
Gabriel Campana discovered that SCTP routines did not correctly check for large addresses. A local user could exploit this to allocate all available memory, leading to a denial of service. (CVE-2008-2826)
How do I update Kernel package?
Open terminal and type the following two commands:
$ sudo apt-get update
$ sudo apt-get upgrade
After a standard system upgrade you need to reboot your computer to effect the necessary changes:
$ sudo reboot
E-mail this to a Friend
Printable Version
You may also be interested in other helpful articles:
- Security Alert: Ubuntu Linux kernel vulnerabilities
- Debian Linux Kernel v2.6.18 Local / Remote Packages Fix Overflow Conditions Bug
- Security: mt-daapd DAAP audio server
- Ksplice: Patch The Linux Kernel Without Rebooting System
- Ubuntu Linux Critical OpenSSL and Ruby Vulnerabilities Fix Released
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: arbitrary code, attacker, available memory, canonical ltd, CVE-2007-6282, CVE-2007-6712, CVE-2008-0598, CVE-2008-1615, CVE-2008-1673, CVE-2008-2136, CVE-2008-2137, CVE-2008-2148, CVE-2008-2358, CVE-2008-2365, CVE-2008-2729, CVE-2008-2750, CVE-2008-2826, denial of service, destination addresses, emulation, kernel memory, kernel package, open terminal, protocol stack, ptrace, security holes, security issue, Ubuntu Linux
i want a linux downloads this page