Canonical has released a security notice announcing the presence of kernel vulnerabilities in recent Ubuntu distributions. The vulnerability affects Ubuntu 6.06, 8.04, 8.10, 9.04 and 9.10 versions, but not Ubuntu 7.04 or Ubuntu 7.10 versions. The security notice mentions that corresponding versions of other desktop environment based distributions of the Ubuntu family, Kubuntu, Edubuntu and Xubuntu are also affected. As part of the advisory, Canonical has recommended an immediate update of the kernel to versions mentioned below:

• Ubuntu 6.06 update to linux-image-2.6.15-55.82
• Ubuntu 8.04 update to linux-image-2.6.24-27.65
• Ubuntu 8.10 update to linux-image-2.6.28-17.45
• Ubuntu 9.04 update to linux-image-2.6.28-18.59
• Ubuntu 9.10 update to linux-image-2.6.31-19.56

The vulnerabilities which affects various modules would cause amongst others, remote user being about to crash the system, gain root privileges and local attacker being able to consume all network traffic leading to denial of service.

The Common Vulnerabilities and Exposures(CVEs) which are referenced for the above security bulletin are:

• CVE-2009-4020
• CVE-2009-4021
• CVE-2009-4031
• CVE-2009-4138
• CVE-2009-4141
• CVE-2009-4308
• CVE-2009-4536
• CVE-2009-4538
• CVE-2010-0003
• CVE-2010-0006
• CVE-2010-0007
• CVE-2010-0291

The details of each of these CVEs can be obtained at Secunia Advisories.

Users of the above mentioned distributions are recommended to update their kernel images to to above mentioned versions. Please note that a reboot will be required following the update. Canonical also mentions that all third-party kernel modules will most likely require recompilation and reinstall following the update to the kernel.