On Tuesday, Canonical released a kernel patch to address security issues in the 6.06, 7.04, 7.10 and 8.04 releases of Ubuntu, Edubuntu and Xubuntu. The vulnerability could allow an attacker to execute arbitrary code as root, or crash the system, leading to a denial of service.
Ubuntu gets a kernel patch. (IMG:Ubuntu)
The updates address flaws that are described in CVE-2008-2812, CVE-2008-2931, CVE-2008-3272, and CVE-2008-3275.
“It was discovered that there were multiple NULL-pointer function dereferences in the Linux kernel terminal handling code,” explained Ubuntu Security Notice USN-637-1. The flaw isn’t a remote vulnerability but if an attacker gained access to the system, they would have complete access to exploit it.
In addition to the kernel vulnerability, the update release fixes a few minor flaws such as a problem with the do_change_type routine that did not correctly validate administrative users, and a problem discovered in the OSS interface through ALSA that was not correctly validating device numbers.
A third fix addresses an issue where new directory entries could be added to an already deleted directory. “A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service,” the advisory reports.
Finally, a bug known to cause infinite loops in the writev syscall was also patched through the release.
There are currently no comments for this article. Be the first to comment! (no registration required)
Advertising
There are currently no comments for this article. Be the first to comment! (no registration required)