Kernel Vulnerabilities Detected In Recent Ubuntu Distributions
By on February 6th, 2010

Canonical has released a security notice announcing the presence of kernel vulnerabilities in recent Ubuntu distributions. The vulnerability affects Ubuntu 6.06, 8.04, 8.10, 9.04 and 9.10 versions, but not Ubuntu 7.04 or Ubuntu 7.10 versions. The security notice mentions that corresponding versions of other desktop environment based distributions of the Ubuntu family, Kubuntu, Edubuntu and Xubuntu are also affected. As part of the advisory, Canonical has recommended an immediate update of the kernel to versions mentioned below:

  • Ubuntu 6.06 update to linux-image-2.6.15-55.82
  • Ubuntu 8.04 update to linux-image-2.6.24-27.65
  • Ubuntu 8.10 update to linux-image-2.6.28-17.45
  • Ubuntu 9.04 update to linux-image-2.6.28-18.59
  • Ubuntu 9.10 update to linux-image-2.6.31-19.56

The vulnerabilities which affects various modules would cause amongst others, remote user being about to crash the system, gain root privileges and local attacker being able to consume all network traffic leading to denial of service.

The Common Vulnerabilities and Exposures(CVEs) which are referenced for the above security bulletin are:

  • CVE-2009-4020
  • CVE-2009-4021
  • CVE-2009-4031
  • CVE-2009-4138
  • CVE-2009-4141
  • CVE-2009-4308
  • CVE-2009-4536
  • CVE-2009-4538
  • CVE-2010-0003
  • CVE-2010-0006
  • CVE-2010-0007
  • CVE-2010-0291

The details of each of these CVEs can be obtained at Secunia Advisories.

Users of the above mentioned distributions are recommended to update their kernel images to to above mentioned versions. Please note that a reboot will be required following the update. Canonical also mentions that all third-party kernel modules will most likely require recompilation and reinstall following the update to the kernel.

Tags: , ,
Author: Sathya Bhat Google Profile for Sathya Bhat
Sathyajith aka "Sathya" or "cpg" loves working on computers, and actively participates in many online communities. Sathya is a Community Moderator on Super User, a collaboratively maintained Q&A site which is part of the Stack Exchange network. Sathya also contributes to and is a Super Moderator at Chip India Forums. While not writing SQL queries or coding in PL/SQL, Sathya is also a gamer, a Linux enthusiast, and maintains a blog on Linux & OpenSource. You can reach Sathya on twitter.

Sathya Bhat has written and can be contacted at sathya@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN