Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés
Date : Mon, 20 Sep 2010 16:19:24 +0200
Type : VULN
Sujet : CERT-Renater : 2010/VULN365 (Ubuntu: Linux kernel vulnerabilities)
====================================================================                                   CERT-Renater

                        Note d'Information No. 2010/VULN365
_____________________________________________________________________

DATE                      : 20/09/2010

HARDWARE PLATFORM(S)      : 64 bit architectures.

OPERATING SYSTEM(S)       : Ubuntu, Kubuntu, Edubuntu, Xubuntu running linux kernel version 2.6.x.

======================================================================
http://www.ubuntu.com/usn/usn-988-1
______________________________________________________________________
	
===========================================================
Ubuntu Security Notice USN-988-1         September 17, 2010
linux, linux-source-2.6.15 vulnerabilities
CVE-2010-3081, CVE-2010-3301
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  linux-image-2.6.15-55-386       2.6.15-55.88
  linux-image-2.6.15-55-686       2.6.15-55.88
  linux-image-2.6.15-55-amd64-generic  2.6.15-55.88
  linux-image-2.6.15-55-amd64-k8  2.6.15-55.88
  linux-image-2.6.15-55-amd64-server  2.6.15-55.88
  linux-image-2.6.15-55-amd64-xeon  2.6.15-55.88
  linux-image-2.6.15-55-hppa32    2.6.15-55.88
  linux-image-2.6.15-55-hppa32-smp  2.6.15-55.88
  linux-image-2.6.15-55-hppa64    2.6.15-55.88
  linux-image-2.6.15-55-hppa64-smp  2.6.15-55.88
  linux-image-2.6.15-55-itanium   2.6.15-55.88
  linux-image-2.6.15-55-itanium-smp  2.6.15-55.88
  linux-image-2.6.15-55-k7        2.6.15-55.88
  linux-image-2.6.15-55-mckinley  2.6.15-55.88
  linux-image-2.6.15-55-mckinley-smp  2.6.15-55.88
  linux-image-2.6.15-55-powerpc   2.6.15-55.88
  linux-image-2.6.15-55-powerpc-smp  2.6.15-55.88
  linux-image-2.6.15-55-powerpc64-smp  2.6.15-55.88
  linux-image-2.6.15-55-server    2.6.15-55.88
  linux-image-2.6.15-55-server-bigiron  2.6.15-55.88
  linux-image-2.6.15-55-sparc64   2.6.15-55.88
  linux-image-2.6.15-55-sparc64-smp  2.6.15-55.88

Ubuntu 8.04 LTS:
  linux-image-2.6.24-28-386       2.6.24-28.79
  linux-image-2.6.24-28-generic   2.6.24-28.79
  linux-image-2.6.24-28-hppa32    2.6.24-28.79
  linux-image-2.6.24-28-hppa64    2.6.24-28.79
  linux-image-2.6.24-28-itanium   2.6.24-28.79
  linux-image-2.6.24-28-lpia      2.6.24-28.79
  linux-image-2.6.24-28-lpiacompat  2.6.24-28.79
  linux-image-2.6.24-28-mckinley  2.6.24-28.79
  linux-image-2.6.24-28-openvz    2.6.24-28.79
  linux-image-2.6.24-28-powerpc   2.6.24-28.79
  linux-image-2.6.24-28-powerpc-smp  2.6.24-28.79
  linux-image-2.6.24-28-powerpc64-smp  2.6.24-28.79
  linux-image-2.6.24-28-rt        2.6.24-28.79
  linux-image-2.6.24-28-server    2.6.24-28.79
  linux-image-2.6.24-28-sparc64   2.6.24-28.79
  linux-image-2.6.24-28-sparc64-smp  2.6.24-28.79
  linux-image-2.6.24-28-virtual   2.6.24-28.79
  linux-image-2.6.24-28-xen       2.6.24-28.79

Ubuntu 9.04:
  linux-image-2.6.28-19-generic   2.6.28-19.65
  linux-image-2.6.28-19-imx51     2.6.28-19.65
  linux-image-2.6.28-19-iop32x    2.6.28-19.65
  linux-image-2.6.28-19-ixp4xx    2.6.28-19.65
  linux-image-2.6.28-19-lpia      2.6.28-19.65
  linux-image-2.6.28-19-server    2.6.28-19.65
  linux-image-2.6.28-19-versatile  2.6.28-19.65
  linux-image-2.6.28-19-virtual   2.6.28-19.65

Ubuntu 9.10:
  linux-image-2.6.31-22-386       2.6.31-22.65
  linux-image-2.6.31-22-generic   2.6.31-22.65
  linux-image-2.6.31-22-generic-pae  2.6.31-22.65
  linux-image-2.6.31-22-ia64      2.6.31-22.65
  linux-image-2.6.31-22-lpia      2.6.31-22.65
  linux-image-2.6.31-22-powerpc   2.6.31-22.65
  linux-image-2.6.31-22-powerpc-smp  2.6.31-22.65
  linux-image-2.6.31-22-powerpc64-smp  2.6.31-22.65
  linux-image-2.6.31-22-server    2.6.31-22.65
  linux-image-2.6.31-22-sparc64   2.6.31-22.65
  linux-image-2.6.31-22-sparc64-smp  2.6.31-22.65
  linux-image-2.6.31-22-virtual   2.6.31-22.65

Ubuntu 10.04 LTS:
  linux-image-2.6.32-24-386       2.6.32-24.43
  linux-image-2.6.32-24-386-dbgsym  2.6.32-24.43
  linux-image-2.6.32-24-generic   2.6.32-24.43
  linux-image-2.6.32-24-generic-dbgsym  2.6.32-24.43
  linux-image-2.6.32-24-generic-pae  2.6.32-24.43
  linux-image-2.6.32-24-generic-pae-dbgsym  2.6.32-24.43
  linux-image-2.6.32-24-ia64      2.6.32-24.43
  linux-image-2.6.32-24-ia64-dbgsym  2.6.32-24.43
  linux-image-2.6.32-24-lpia      2.6.32-24.43
  linux-image-2.6.32-24-lpia-dbgsym  2.6.32-24.43
  linux-image-2.6.32-24-powerpc   2.6.32-24.43
  linux-image-2.6.32-24-powerpc-dbgsym  2.6.32-24.43
  linux-image-2.6.32-24-powerpc-smp  2.6.32-24.43
  linux-image-2.6.32-24-powerpc-smp-dbgsym  2.6.32-24.43
  linux-image-2.6.32-24-powerpc64-smp  2.6.32-24.43
  linux-image-2.6.32-24-powerpc64-smp-dbgsym  2.6.32-24.43
  linux-image-2.6.32-24-preempt   2.6.32-24.43
  linux-image-2.6.32-24-preempt-dbgsym  2.6.32-24.43
  linux-image-2.6.32-24-server    2.6.32-24.43
  linux-image-2.6.32-24-server-dbgsym  2.6.32-24.43
  linux-image-2.6.32-24-sparc64   2.6.32-24.43
  linux-image-2.6.32-24-sparc64-dbgsym  2.6.32-24.43
  linux-image-2.6.32-24-sparc64-smp  2.6.32-24.43
  linux-image-2.6.32-24-sparc64-smp-dbgsym  2.6.32-24.43
  linux-image-2.6.32-24-versatile  2.6.32-24.43
  linux-image-2.6.32-24-versatile-dbgsym  2.6.32-24.43
  linux-image-2.6.32-24-virtual   2.6.32-24.43

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

Ben Hawkes discovered that the Linux kernel did not correctly validate
memory ranges on 64bit kernels when allocating memory on behalf of 32bit
system calls. On a 64bit system, a local attacker could perform malicious
multicast getsockopt calls to gain root privileges. (CVE-2010-3081)

Ben Hawkes discovered that the Linux kernel did not correctly filter
registers on 64bit kernels when performing 32bit system calls. On a
64bit system, a local attacker could manipulate 32bit system calls to
gain root privileges. (CVE-2010-3301)

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================