CERT RENATER
Nous contacter
- Mail : cert@support.renater.fr
- Web : Pages du CERT
- Tél : 01.53.94.20.44
- Fax : 01.53.94.20.31
==================================================================== CERT-Renater Note d'Information No. 2010/VULN365 _____________________________________________________________________ DATE : 20/09/2010 HARDWARE PLATFORM(S) : 64 bit architectures. OPERATING SYSTEM(S) : Ubuntu, Kubuntu, Edubuntu, Xubuntu running linux kernel version 2.6.x. ====================================================================== http://www.ubuntu.com/usn/usn-988-1 ______________________________________________________________________ =========================================================== Ubuntu Security Notice USN-988-1 September 17, 2010 linux, linux-source-2.6.15 vulnerabilities CVE-2010-3081, CVE-2010-3301 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-55-386 2.6.15-55.88 linux-image-2.6.15-55-686 2.6.15-55.88 linux-image-2.6.15-55-amd64-generic 2.6.15-55.88 linux-image-2.6.15-55-amd64-k8 2.6.15-55.88 linux-image-2.6.15-55-amd64-server 2.6.15-55.88 linux-image-2.6.15-55-amd64-xeon 2.6.15-55.88 linux-image-2.6.15-55-hppa32 2.6.15-55.88 linux-image-2.6.15-55-hppa32-smp 2.6.15-55.88 linux-image-2.6.15-55-hppa64 2.6.15-55.88 linux-image-2.6.15-55-hppa64-smp 2.6.15-55.88 linux-image-2.6.15-55-itanium 2.6.15-55.88 linux-image-2.6.15-55-itanium-smp 2.6.15-55.88 linux-image-2.6.15-55-k7 2.6.15-55.88 linux-image-2.6.15-55-mckinley 2.6.15-55.88 linux-image-2.6.15-55-mckinley-smp 2.6.15-55.88 linux-image-2.6.15-55-powerpc 2.6.15-55.88 linux-image-2.6.15-55-powerpc-smp 2.6.15-55.88 linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.88 linux-image-2.6.15-55-server 2.6.15-55.88 linux-image-2.6.15-55-server-bigiron 2.6.15-55.88 linux-image-2.6.15-55-sparc64 2.6.15-55.88 linux-image-2.6.15-55-sparc64-smp 2.6.15-55.88 Ubuntu 8.04 LTS: linux-image-2.6.24-28-386 2.6.24-28.79 linux-image-2.6.24-28-generic 2.6.24-28.79 linux-image-2.6.24-28-hppa32 2.6.24-28.79 linux-image-2.6.24-28-hppa64 2.6.24-28.79 linux-image-2.6.24-28-itanium 2.6.24-28.79 linux-image-2.6.24-28-lpia 2.6.24-28.79 linux-image-2.6.24-28-lpiacompat 2.6.24-28.79 linux-image-2.6.24-28-mckinley 2.6.24-28.79 linux-image-2.6.24-28-openvz 2.6.24-28.79 linux-image-2.6.24-28-powerpc 2.6.24-28.79 linux-image-2.6.24-28-powerpc-smp 2.6.24-28.79 linux-image-2.6.24-28-powerpc64-smp 2.6.24-28.79 linux-image-2.6.24-28-rt 2.6.24-28.79 linux-image-2.6.24-28-server 2.6.24-28.79 linux-image-2.6.24-28-sparc64 2.6.24-28.79 linux-image-2.6.24-28-sparc64-smp 2.6.24-28.79 linux-image-2.6.24-28-virtual 2.6.24-28.79 linux-image-2.6.24-28-xen 2.6.24-28.79 Ubuntu 9.04: linux-image-2.6.28-19-generic 2.6.28-19.65 linux-image-2.6.28-19-imx51 2.6.28-19.65 linux-image-2.6.28-19-iop32x 2.6.28-19.65 linux-image-2.6.28-19-ixp4xx 2.6.28-19.65 linux-image-2.6.28-19-lpia 2.6.28-19.65 linux-image-2.6.28-19-server 2.6.28-19.65 linux-image-2.6.28-19-versatile 2.6.28-19.65 linux-image-2.6.28-19-virtual 2.6.28-19.65 Ubuntu 9.10: linux-image-2.6.31-22-386 2.6.31-22.65 linux-image-2.6.31-22-generic 2.6.31-22.65 linux-image-2.6.31-22-generic-pae 2.6.31-22.65 linux-image-2.6.31-22-ia64 2.6.31-22.65 linux-image-2.6.31-22-lpia 2.6.31-22.65 linux-image-2.6.31-22-powerpc 2.6.31-22.65 linux-image-2.6.31-22-powerpc-smp 2.6.31-22.65 linux-image-2.6.31-22-powerpc64-smp 2.6.31-22.65 linux-image-2.6.31-22-server 2.6.31-22.65 linux-image-2.6.31-22-sparc64 2.6.31-22.65 linux-image-2.6.31-22-sparc64-smp 2.6.31-22.65 linux-image-2.6.31-22-virtual 2.6.31-22.65 Ubuntu 10.04 LTS: linux-image-2.6.32-24-386 2.6.32-24.43 linux-image-2.6.32-24-386-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-generic 2.6.32-24.43 linux-image-2.6.32-24-generic-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-generic-pae 2.6.32-24.43 linux-image-2.6.32-24-generic-pae-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-ia64 2.6.32-24.43 linux-image-2.6.32-24-ia64-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-lpia 2.6.32-24.43 linux-image-2.6.32-24-lpia-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-powerpc 2.6.32-24.43 linux-image-2.6.32-24-powerpc-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-powerpc-smp 2.6.32-24.43 linux-image-2.6.32-24-powerpc-smp-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-powerpc64-smp 2.6.32-24.43 linux-image-2.6.32-24-powerpc64-smp-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-preempt 2.6.32-24.43 linux-image-2.6.32-24-preempt-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-server 2.6.32-24.43 linux-image-2.6.32-24-server-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-sparc64 2.6.32-24.43 linux-image-2.6.32-24-sparc64-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-sparc64-smp 2.6.32-24.43 linux-image-2.6.32-24-sparc64-smp-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-versatile 2.6.32-24.43 linux-image-2.6.32-24-versatile-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-virtual 2.6.32-24.43 After a standard system update you need to reboot your computer to make all the necessary changes. Details follow: Ben Hawkes discovered that the Linux kernel did not correctly validate memory ranges on 64bit kernels when allocating memory on behalf of 32bit system calls. On a 64bit system, a local attacker could perform malicious multicast getsockopt calls to gain root privileges. (CVE-2010-3081) Ben Hawkes discovered that the Linux kernel did not correctly filter registers on 64bit kernels when performing 32bit system calls. On a 64bit system, a local attacker could manipulate 32bit system calls to gain root privileges. (CVE-2010-3301) ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================