[USN-39-1] Linux amd64 kernel vulnerability
Date: Thu, 16 Dec 2004 18:08:30 +0100
From: Martin Pitt <martin.pitt@canonical.com.>
To: [email protected]
Subject: [USN-39-1] Linux amd64 kernel vulnerability
Cc: [email protected], [email protected]
--DocE+STaALJfprDB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Ubuntu Security Notice USN-39-1 December 16, 2004
linux-source-2.6.8.1 vulnerability
CAN-2004-1074, USN-30-1
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
linux-image-2.6.8.1-4-amd64-generic
linux-image-2.6.8.1-4-amd64-k8
linux-image-2.6.8.1-4-amd64-k8-smp
linux-image-2.6.8.1-4-amd64-xeon
The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.4. You need to reboot the computer after
performing a standard system upgrade to effect the necessary changes.
Details follow:
USN-30-1 fixed several flaws in the Linux ELF binary loader's handling
of setuid binaries. Unfortunately it was found that these patches were
not sufficient to prevent all possible attacks on 64-bit platforms, so
previous amd64 kernel images were still vulnerable to root privilege
escalation if setuid binaries were run under certain conditions.
This issue does not affect the i386 and powerpc platforms.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.4.diff.gz
Size/MD5: 3121806 c4f5a87be93f43d1dff60b934c45e219
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.4.dsc
Size/MD5: 2119 ff2c4eb0ccc7b31c9555cfb158e80791
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.4_all.deb
Size/MD5: 6160106 eba84d08c642c1e77b81ff7f6ba59bce
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.4_all.deb
Size/MD5: 1471212 53e389d5570151d8180c8f8fc2efb9a5
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.4_all.deb
Size/MD5: 36718974 24f7a7dee3160e1acee15cda0af2c737
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.4_all.deb
Size/MD5: 306716 d76608ed14aa0e8a92b105b6398a4ea4
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-generic_2.6.8.1-16.4_amd64.deb
Size/MD5: 247044 d57b5beebd227bb1fbb0e6f87ea4293a
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.4_amd64.deb
Size/MD5: 242524 82a5bfab29ef59f419ed154e51c02b84
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8_2.6.8.1-16.4_amd64.deb
Size/MD5: 246154 3c1c764b4dcabb41736c905b45814e9f
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-xeon_2.6.8.1-16.4_amd64.deb
Size/MD5: 240860 41b94009e290c2f8f45faef07735dc87
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.4_amd64.deb
Size/MD5: 3177582 5d58efcba744ad4af8e562cc3c75a118
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-generic_2.6.8.1-16.4_amd64.deb
Size/MD5: 14352734 9aec3005d1be37fccf792046adc08e19
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.4_amd64.deb
Size/MD5: 14827508 b0cc8adb3130d99a7afd58d12a495f6a
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8_2.6.8.1-16.4_amd64.deb
Size/MD5: 14860988 5d96d1182b9733c5069f767928cda214
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-xeon_2.6.8.1-16.4_amd64.deb
Size/MD5: 14681920 25058037610cd49a79ab241338d2781f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-386_2.6.8.1-16.4_i386.deb
Size/MD5: 275738 77840bf1a5d63454ba34657930c2e709
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686-smp_2.6.8.1-16.4_i386.deb
Size/MD5: 270292 eba9db32ff1179b79ed1a8635639b711
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686_2.6.8.1-16.4_i386.deb
Size/MD5: 273488 ef5ece125c45026ed288cb3975781811
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7-smp_2.6.8.1-16.4_i386.deb
Size/MD5: 270552 4cb34f75ec28a1f6b34a881ff8fb51b6
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7_2.6.8.1-16.4_i386.deb
Size/MD5: 273528 539b05ffce8bd8befe7eab1a20757c4f
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.4_i386.deb
Size/MD5: 3218272 90d463f676567aaa17739c2221622706
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-386_2.6.8.1-16.4_i386.deb
Size/MD5: 15495778 102cc433e269a1468d19fe978259b027
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686-smp_2.6.8.1-16.4_i386.deb
Size/MD5: 16344374 318bef20efd53ff699c64060f7e29336
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686_2.6.8.1-16.4_i386.deb
Size/MD5: 16508688 4433e3fb446418d2aa30b553b0824827
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7-smp_2.6.8.1-16.4_i386.deb
Size/MD5: 16446890 c8070012c44549c8427dca671ecd9ba7
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7_2.6.8.1-16.4_i386.deb
Size/MD5: 16572264 965edb3b14d0690849b12ce27431b250
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3-smp_2.6.8.1-16.4_powerpc.deb
Size/MD5: 211772 a958259d2ef2d6a587f197bf3e0c1870
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3_2.6.8.1-16.4_powerpc.deb
Size/MD5: 212700 10dc9c5c348a107a175e8a9a6c417477
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4-smp_2.6.8.1-16.4_powerpc.deb
Size/MD5: 211510 87252d9ba57836915084996e775a7314
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4_2.6.8.1-16.4_powerpc.deb
Size/MD5: 212298 0893ca1cf6e701eaa2cbbb09d1739e98
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc-smp_2.6.8.1-16.4_powerpc.deb
Size/MD5: 212266 4a8cbbe40426b1bcfca297f97baaac4b
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc_2.6.8.1-16.4_powerpc.deb
Size/MD5: 213806 e9dd3c5d2a26a202dc5b0661192ab67a
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.4_powerpc.deb
Size/MD5: 3295602 cbcc850991da1116f787c78922c4761f
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3-smp_2.6.8.1-16.4_powerpc.deb
Size/MD5: 16365204 4da1ca6719a3a8567897ba1f1eda5c0e
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3_2.6.8.1-16.4_powerpc.deb
Size/MD5: 15942836 3c0e20308d3cc2de1e8866cccbd084dc
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4-smp_2.6.8.1-16.4_powerpc.deb
Size/MD5: 16351878 830c8d196d84b56829222d7876c20465
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4_2.6.8.1-16.4_powerpc.deb
Size/MD5: 15922030 5dc6a15db1f37606a5d09bd598299c4c
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc-smp_2.6.8.1-16.4_powerpc.deb
Size/MD5: 16288232 76d9b94da2c671f2d57a116ebba9e288
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc_2.6.8.1-16.4_powerpc.deb
Size/MD5: 15977286 8de79bc4d289ea066777a94747a0291e
--DocE+STaALJfprDB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBwcEODecnbV4Fd/IRAme8AJ9dS3+8I0Cp+KR6OGu/jI9BKnZJlACfUfvX
hjqbocF1tt6ZwZ2XI+tQHvM=
=aLjf
-----END PGP SIGNATURE-----
--DocE+STaALJfprDB--