Fixes six kernel vulnerabilities.

Jan 30, 2009 08:53 GMT  ·  By

On January 29th the Ubuntu developers announced the availability of a new important security update for the Ubuntu 8.10 (Intrepid Ibex) operating system (also applies to Kubuntu, Edubuntu and Xubuntu). The update patches six security issues (see below for details) discovered in the Linux kernel packages of Ubuntu 8.10, that could "help" a local attacker execute malicious code, causing system crashes/hangs, leading to DoS (Denial of Service) attacks. Therefore, it is strongly recommended to update your system as soon as possible!

The following Linux kernel vulnerabilities have been fixed:

1. The ATM subsystem failed to manage socket counts. Because of this, a local attacker could hang the vulnerable system, leading to a DoS (Denial of Service) attack. This issue was discovered by Hugo Dias.

2. The inotify subsystem included watch removal race conditions. Because of this, a local attacker could hang the vulnerable system, leading to a DoS (Denial of Service) attack.

3. sendmsg failed to release the allocated memory, in some cases. Because of this, a local attacker could force a vulnerable system to run out of free memory, leading to a DoS (Denial of Service) attack. This issue was discovered by Dann Frazier.

4. PA-RISC stack unwinding was incorrectly handled. Because of this, a local attacker could crash the vulnerable system, leading to a DoS (Denial of Service) attack. This issue was discovered by Helge Deller.

5. The ATA subsystem failed to set timeouts. Because of this, a local attacker could hang the vulnerable system, leading to a DoS (Denial of Service) attack.

6. The ib700 watchdog timer was incorrectly checking the buffer sizes. Because of this, a local attacker could crash the vulnerable system by sending specially crafted ioctl to the device, leading to a DoS (Denial of Service) attack.

These Linux kernel vulnerabilities can be fixed if you update your system to the following specific packages:

linux-image-2.6.27-11-generic 2.6.27-11.27 linux-image-2.6.27-11-server 2.6.27-11.27 linux-image-2.6.27-11-virtual 2.6.27-11.27

Don't forget to reboot your computer after this update! You can verify the kernel version by typing the sudo dpkg -l linux-image-2.6.27-11-generic command in a terminal. ATTENTION: Due to an unavoidable ABI change, the kernel packages have a new version number, which will force you to reinstall or recompile all third-party kernel modules you might have installed. For example, after the upgrade to the above version of your kernel package, a software such as VirtualBox will NOT work anymore, therefore you must recompile its kernel module by issuing a specific command (sudo /etc/init.d/vboxdrv setup) in the terminal.

Get the latest version of Ubuntu right now from Softpedia. Don't forget to share it with your friends and family.