Ubuntu发现影响所有版本内核安全漏洞 - 开源中国社区
Ubuntu发现影响所有版本内核安全漏洞
红薯 2008年11月30日

Ubuntu发现影响所有版本内核安全漏洞

红薯 红薯 发布于2008年11月30日 收藏 0 评论 0

【腾讯云】如何快速搭建微信小程序?>>>  

11月27日,Ubuntu开发者为6.06 LTS, 7.10, 8.04 LTS以及8.10这几个版本发布了重要安全更新,补丁修复了9个内核安全安全问题,因此强烈建议Ubuntu用户尽快升级自己的系统。

下面是内核安全漏洞列表:

1. The Xen hypervisor block driver couldn't accurately validate incoming requests. Therefore, a user with root privileges could crash a system and cause a DoS (Denial of Service) attack by executing malicious I/O requests. This issue affects only Ubuntu 7.10.
 
2. The i915 video driver couldn't accurately validate memory addresses. Therefore, an attacker could remap memory and cause a system crash, leading to a DoS (Denial of Service) attack. Ubuntu 6.06 LTS, 7.10 and 8.04 LTS users are not affected by this issue. Ubuntu 8.10 users should update their systems to correct this vulnerability!
 
3. When files were created in the setgid directories, the Linux kernel package couldn't accurately strip permissions. Because of this, a local user could gain extra group privileges. This issue was discovered by David Watson and it affects only Ubuntu 6.06 LTS users!
 
4. When file splice requests were handled, the Linux kernel package couldn't accurately reject the "append" flag. Therefore, a local attacker could create changes to random locations in a file by bypassing the append mode. This issue was discovered by Olaf Kirch and Miklos Szeredi, and affects only Ubuntu 7.10 and 8.04 LTS users!
 
5. The SCTP stack couldn't accurately handle INIT-ACK. Because of this, a remote user could send specially crafted SCTP traffic and crash the system, leading to a DoS (Denial of Service) attack. This issue affects only Ubuntu 8.10 users!
 
6. The SCTP stack couldn't accurately handle the length of bad packets. Because of this, a remote user could send specially crafted SCTP traffic and crash the system, leading to a DoS (Denial of Service) attack. This issue affects only Ubuntu 8.10 users!
 
7. The HFS+ filesystem had several flaws. Because of this, a user could be tricked to mount a malicious HFS+ filesystem, which could lead to a DoS (Denial of Service) attack and crash the system. This issue was discovered by Eric Sesterhenn, and affects all Ubuntu users!
 
8. The Unix Socket handler couldn't accurately process the SCM_RIGHTS message. Therefore, a local attacker could create a malicious socket request and crash the system, leading to a DoS (Denial of Service) attack. This issue affects all Ubuntu users!
 
9. The i2c audio driver couldn't accurately validate several function pointers. Therefore, a local users could obtain root privileges and crash the system, leading to a DoS (Denial of Service) attack. This issue affects all Ubuntu users!
 
Ubuntu 6.06 LTS 要将内核升级到linux-image-2.6.15-53.74
Ubuntu 7.10 要将内核升级到  linux-image-2.6.22-16.60
Ubuntu 8.04 LTS 要将内核升级到 LTS linux-image-2.6.24-22.45
Ubuntu 8.10 要将内核升级到 linux-image-2.6.27-9.19

以上内容来自 cnBeta.
本站文章除注明转载外,均为本站原创或编译。欢迎任何形式的转载,但请务必注明出处,尊重他人劳动共创开源社区。
转载请注明:文章转载自 开源中国社区 [http://www.oschina.net]
本文标题:Ubuntu发现影响所有版本内核安全漏洞
分享
评论(0)
最新评论
顶部