Flubber Posted February 25, 2011 Report Share Posted February 25, 2011 Ubuntu Security Notice. Este vorba de Ubuntu 6.06 LTS, destul de vechi, dar daca foloseste cineva (motiv: sistem cu performanta scazuta?), se recomanda un update & upgrade.A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: linux-image-2.6.15-55-386 2.6.15-55.93 linux-image-2.6.15-55-686 2.6.15-55.93 linux-image-2.6.15-55-amd64-generic 2.6.15-55.93 linux-image-2.6.15-55-amd64-k8 2.6.15-55.93 linux-image-2.6.15-55-amd64-server 2.6.15-55.93 linux-image-2.6.15-55-amd64-xeon 2.6.15-55.93 linux-image-2.6.15-55-hppa32 2.6.15-55.93 linux-image-2.6.15-55-hppa32-smp 2.6.15-55.93 linux-image-2.6.15-55-hppa64 2.6.15-55.93 linux-image-2.6.15-55-hppa64-smp 2.6.15-55.93 linux-image-2.6.15-55-itanium 2.6.15-55.93 linux-image-2.6.15-55-itanium-smp 2.6.15-55.93 linux-image-2.6.15-55-k7 2.6.15-55.93 linux-image-2.6.15-55-mckinley 2.6.15-55.93 linux-image-2.6.15-55-mckinley-smp 2.6.15-55.93 linux-image-2.6.15-55-powerpc 2.6.15-55.93 linux-image-2.6.15-55-powerpc-smp 2.6.15-55.93 linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.93 linux-image-2.6.15-55-server 2.6.15-55.93 linux-image-2.6.15-55-server-bigiron 2.6.15-55.93 linux-image-2.6.15-55-sparc64 2.6.15-55.93 linux-image-2.6.15-55-sparc64-smp 2.6.15-55.93After a standard system update you need to reboot your computer to makeall the necessary changes.Details follow:Tavis Ormandy discovered that the Linux kernel did not properly implementexception fixup. A local attacker could exploit this to crash the kernel,leading to a denial of service. (CVE-2010-3086)Dan Rosenberg discovered that the Linux kernel TIPC implementationcontained multiple integer signedness errors. A local attacker couldexploit this to gain root privileges. (CVE-2010-3859)Dan Rosenberg discovered that the Linux kernel X.25 implementationincorrectly parsed facilities. A remote attacker could exploit this tocrash the kernel, leading to a denial of service. (CVE-2010-3873)Vasiliy Kulikov discovered that the Linux kernel X.25 implementation didnot correctly clear kernel memory. A local attacker could exploit this toread kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)Vasiliy Kulikov discovered that the Linux kernel sockets implementationdid not properly initialize certain structures. A local attacker couldexploit this to read kernel stack memory, leading to a loss of privacy.(CVE-2010-3876)Nelson Elhage discovered that the Linux kernel IPv4 implementation did notproperly audit certain bytecodes in netlink messages. A local attackercould exploit this to cause the kernel to hang, leading to a denial ofservice. (CVE-2010-3880)Dan Rosenberg discovered that the SiS video driver did not correctly clearkernel memory. A local attacker could exploit this to read kernel stackmemory, leading to a loss of privacy. (CVE-2010-4078)Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driverdid not correctly clear kernel memory. A local attacker could exploit thisto read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080,CVE-2010-4081)Dan Rosenberg discovered that the semctl syscall did not correctly clearkernel memory. A local attacker could exploit this to read kernel stackmemory, leading to a loss of privacy. (CVE-2010-4083)James Bottomley discovered that the ICP vortex storage array controllerdriver did not validate certain sizes. A local attacker on a 64bit systemcould exploit this to crash the kernel, leading to a denial of service.(CVE-2010-4157)Dan Rosenberg discovered that the Linux kernel L2TP implementationcontained multiple integer signedness errors. A local attacker couldexploit this to to crash the kernel, or possibly gain root privileges.(CVE-2010-4160)Via RSS. Quote Link to comment Share on other sites More sharing options...