Kernel Vulnerabilities in Ubuntu 6.06, 8.04, 8.10 and 9.04

Canonical announced on July 28th the availability of a new Linux kernel security update for the following Ubuntu distributions: 6.06 LTS, 8.04 LTS, 8.10 and 9.04 (also applies to Kubuntu, Edubuntu and Xubuntu). The update patches 4 important security issues (see below for details) discovered in the Linux kernel packages by various hackers. Therefore, it is strongly recommended to update your system as soon as possible!

The following Linux kernel vulnerabilities were discovered:

1. The RTL8169 network driver failed to validate buffer sizes. Because of this, a remote attacker on the LAN (Local Area Network) could crash the affected system or gain elevated privileges. The issue was discovered by Michael Tokarev and affects all the aforementioned Ubuntu systems.

2. The kernel failed to clear various personality flags when setuid processes were executed. Because of this, other vulnerabilities could become exploitable if a local attacker mapped the NULL memory page. The issue was discovered by Julien Tinnes and Tavis Ormandy and affects only Ubuntu 8.04 LTS, 8.10 and 9.04 users.

3. KVM failed to validate the page table root. This could lead to a DoS attack and crash the affected system. The issue was discovered by Matt T. Yourst and affects only Ubuntu 8.04 LTS, 8.10 and 9.04 users.

4. eCryptfs failed to validate various buffer sizes. Because of this, a local attacker could crash the affected system or gain elevated privileges. The issue was discovered by Ramon de Carvalho Valle and affects only Ubuntu 8.04 LTS, 8.10 and 9.04 users.

The above Linux kernel vulnerabilities can be fixed if you update your system today to the following specific packages:

• For Ubuntu 6.06 LTS, users should update their kernel packages to linux-image-2.6.15-54.78

• For Ubuntu 8.04 LTS, users should update their kernel packages to linux-image-2.6.24-24.57

• For Ubuntu 8.10, users should update their kernel packages to linux-image-2.6.27-14.37

• For Ubuntu 9.04, users should update their kernel packages to linux-image-2.6.28-14.47

Don't forget to reboot your computer after this update! You can verify the kernel version by typing the sudo dpkg -l linux-image-2.6.28-14-generic command in a terminal (the example is for Ubuntu 9.04 users ONLY).

ATTENTION: Due to an unavoidable ABI change, the kernel packages have a new version number, which will force you to reinstall or recompile all third-party kernel modules you might have installed. For example, after the upgrade to the above version of your kernel package, a piece of software such as VirtualBox will NOT work anymore, therefore you must recompile its kernel module by issuing a specific command in the terminal. Moreover, if you use the linux-restricted-modules package, you have to update it as well to get modules that work with the new Linux kernel version.

Get the latest stable version of Ubuntu right now from Softpedia. Don't forget to share it with your friends and family!