Jumat, 30 Januari 2009

download - Linux Kernel Vulnerabilities in Ubuntu 8.10. Update Today.

Fixes six kernel vulnerabilities

On January 29th the Ubuntu developers announced the availability of a new important security update for the Ubuntu 8.10 (Intrepid Ibex) operating system (also applies to Kubuntu, Edubuntu and Xubuntu). The update patches six security issues (see below for details) discovered in the Linux kernel packages of Ubuntu 8.10, that could "help" a local attacker execute malicious code, causing system crashes/hangs, leading to DoS (Denial of Service) attacks. Therefore, it is strongly recommended to update your system as soon as possible!

The following Linux kernel vulnerabilities have been fixed:

1. The ATM subsystem failed to manage socket counts. Because of this, a local attacker could hang the vulnerable system, leading to a DoS (Denial of Service) attack. This issue was discovered by Hugo Dias.

2. The inotify subsystem included watch removal race conditions. Because of this, a local attacker could hang the vulnerable system, leading to a DoS (Denial of Service) attack.

3. sendmsg failed to release the allocated memory, in some cases. Because of this, a local attacker could force a vulnerable system to run out of free memory, leading to a DoS (Denial of Service) attack. This issue was discovered by Dann Frazier.

4. PA-RISC stack unwinding was incorrectly handled. Because of this, a local attacker could crash the vulnerable system, leading to a DoS (Denial of Service) attack. This issue was discovered by Helge Deller.

5. The ATA subsystem failed to set timeouts. Because of this, a local attacker could hang the vulnerable system, leading to a DoS (Denial of Service) attack.

6. The ib700 watchdog timer was incorrectly checking the buffer sizes. Because of this, a local attacker could crash the vulnerable system by sending specially crafted ioctl to the device, leading to a DoS (Denial of Service) attack.

These Linux kernel vulnerabilities can be fixed if you update your system to the following specific packages:

linux-image-2.6.27-11-generic 2.6.27-11.27
linux-image-2.6.27-11-server 2.6.27-11.27
linux-image-2.6.27-11-virtual 2.6.27-11.27

Don't forget to reboot your computer after this update! You can verify the kernel version by typing the sudo dpkg -l linux-image-2.6.27-11-generic command in a terminal.

About Ubuntu:

Ubuntu (an African word meaning “Humanity to others”) is the ultimate operating system, developed by an entire open source community. Ubuntu is perfect for laptops, desktops and servers, and it includes all the software you need, from web browser, e-mail client and word processing, to games, programming tools and web server software. Ubuntu OS can be used at home, in a business environment, in public schools, hospitals, etc. The best part of all this is that Ubuntu is, and will always be, free of charge.

Get the latest version of Ubuntu right now from Softpedia. Don't forget to share it with your friends and family.

Tidak ada komentar:

Posting Komentar