From martin.pitt@canonical.com Thu Dec 16 14:54:07 2004 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com Date: Thu, 16 Dec 2004 18:08:30 +0100 Subject: [USN-39-1] Linux amd64 kernel vulnerability =========================================================== Ubuntu Security Notice USN-39-1 December 16, 2004 linux-source-2.6.8.1 vulnerability CAN-2004-1074, USN-30-1 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: linux-image-2.6.8.1-4-amd64-generic linux-image-2.6.8.1-4-amd64-k8 linux-image-2.6.8.1-4-amd64-k8-smp linux-image-2.6.8.1-4-amd64-xeon The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.4. You need to reboot the computer after performing a standard system upgrade to effect the necessary changes. Details follow: USN-30-1 fixed several flaws in the Linux ELF binary loader's handling of setuid binaries. Unfortunately it was found that these patches were not sufficient to prevent all possible attacks on 64-bit platforms, so previous amd64 kernel images were still vulnerable to root privilege escalation if setuid binaries were run under certain conditions. This issue does not affect the i386 and powerpc platforms. Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.4.diff.gz Size/MD5: 3121806 c4f5a87be93f43d1dff60b934c45e219 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.4.dsc Size/MD5: 2119 ff2c4eb0ccc7b31c9555cfb158e80791 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.4_all.deb Size/MD5: 6160106 eba84d08c642c1e77b81ff7f6ba59bce http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.4_all.deb Size/MD5: 1471212 53e389d5570151d8180c8f8fc2efb9a5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.4_all.deb Size/MD5: 36718974 24f7a7dee3160e1acee15cda0af2c737 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.4_all.deb Size/MD5: 306716 d76608ed14aa0e8a92b105b6398a4ea4 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-generic_2.6.8.1-16.4_amd64.deb Size/MD5: 247044 d57b5beebd227bb1fbb0e6f87ea4293a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.4_amd64.deb Size/MD5: 242524 82a5bfab29ef59f419ed154e51c02b84 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-k8_2.6.8.1-16.4_amd64.deb Size/MD5: 246154 3c1c764b4dcabb41736c905b45814e9f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-amd64-xeon_2.6.8.1-16.4_amd64.deb Size/MD5: 240860 41b94009e290c2f8f45faef07735dc87 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.4_amd64.deb Size/MD5: 3177582 5d58efcba744ad4af8e562cc3c75a118 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-generic_2.6.8.1-16.4_amd64.deb Size/MD5: 14352734 9aec3005d1be37fccf792046adc08e19 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8-smp_2.6.8.1-16.4_amd64.deb Size/MD5: 14827508 b0cc8adb3130d99a7afd58d12a495f6a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-k8_2.6.8.1-16.4_amd64.deb Size/MD5: 14860988 5d96d1182b9733c5069f767928cda214 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-amd64-xeon_2.6.8.1-16.4_amd64.deb Size/MD5: 14681920 25058037610cd49a79ab241338d2781f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-386_2.6.8.1-16.4_i386.deb Size/MD5: 275738 77840bf1a5d63454ba34657930c2e709 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686-smp_2.6.8.1-16.4_i386.deb Size/MD5: 270292 eba9db32ff1179b79ed1a8635639b711 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-686_2.6.8.1-16.4_i386.deb Size/MD5: 273488 ef5ece125c45026ed288cb3975781811 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7-smp_2.6.8.1-16.4_i386.deb Size/MD5: 270552 4cb34f75ec28a1f6b34a881ff8fb51b6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-k7_2.6.8.1-16.4_i386.deb Size/MD5: 273528 539b05ffce8bd8befe7eab1a20757c4f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.4_i386.deb Size/MD5: 3218272 90d463f676567aaa17739c2221622706 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-386_2.6.8.1-16.4_i386.deb Size/MD5: 15495778 102cc433e269a1468d19fe978259b027 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686-smp_2.6.8.1-16.4_i386.deb Size/MD5: 16344374 318bef20efd53ff699c64060f7e29336 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-686_2.6.8.1-16.4_i386.deb Size/MD5: 16508688 4433e3fb446418d2aa30b553b0824827 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7-smp_2.6.8.1-16.4_i386.deb Size/MD5: 16446890 c8070012c44549c8427dca671ecd9ba7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-k7_2.6.8.1-16.4_i386.deb Size/MD5: 16572264 965edb3b14d0690849b12ce27431b250 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3-smp_2.6.8.1-16.4_powerpc.deb Size/MD5: 211772 a958259d2ef2d6a587f197bf3e0c1870 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power3_2.6.8.1-16.4_powerpc.deb Size/MD5: 212700 10dc9c5c348a107a175e8a9a6c417477 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4-smp_2.6.8.1-16.4_powerpc.deb Size/MD5: 211510 87252d9ba57836915084996e775a7314 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-power4_2.6.8.1-16.4_powerpc.deb Size/MD5: 212298 0893ca1cf6e701eaa2cbbb09d1739e98 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc-smp_2.6.8.1-16.4_powerpc.deb Size/MD5: 212266 4a8cbbe40426b1bcfca297f97baaac4b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4-powerpc_2.6.8.1-16.4_powerpc.deb Size/MD5: 213806 e9dd3c5d2a26a202dc5b0661192ab67a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-4_2.6.8.1-16.4_powerpc.deb Size/MD5: 3295602 cbcc850991da1116f787c78922c4761f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3-smp_2.6.8.1-16.4_powerpc.deb Size/MD5: 16365204 4da1ca6719a3a8567897ba1f1eda5c0e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power3_2.6.8.1-16.4_powerpc.deb Size/MD5: 15942836 3c0e20308d3cc2de1e8866cccbd084dc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4-smp_2.6.8.1-16.4_powerpc.deb Size/MD5: 16351878 830c8d196d84b56829222d7876c20465 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-power4_2.6.8.1-16.4_powerpc.deb Size/MD5: 15922030 5dc6a15db1f37606a5d09bd598299c4c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc-smp_2.6.8.1-16.4_powerpc.deb Size/MD5: 16288232 76d9b94da2c671f2d57a116ebba9e288 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-4-powerpc_2.6.8.1-16.4_powerpc.deb Size/MD5: 15977286 8de79bc4d289ea066777a94747a0291e [ Part 2, "Digital signature" Application/PGP-SIGNATURE ] [ 196bytes. ] [ Unable to print this part. ]