[Note] Ubuntu detects kernel security vulnerabilities that affect all versions

Source: Internet
Author: User
Tags xen hypervisor
On July 6, November 27, Ubuntu developers released important security updates for versions 6.06LTS, 7.10, 8.04LTS, and 8.10, and patches fixed nine kernel security issues, therefore, we strongly recommend that Ubuntu users upgrade their systems as soon as possible. list of kernel Security Vulnerabilities 1. theXenhypervisorblockdrivercouldn 'taccuratelyvalidateincomingreque

In November 27, the Ubuntu developer6.06 LTS, 7.10, 8.04 LTS, and 8.10 released important security updates and patches fixed nine kernel security issues.Therefore, we strongly recommend that Ubuntu users upgrade their systems as soon as possible.

List of kernel Security Vulnerabilities 1. the Xen hypervisor block driver couldn't accurately validate incoming requests. therefore, a user with root privileges cocould crash a system and cause a DoS (Denial of Service) attack by executing malicious I/O requests. this issue affects only Ubuntu 7.10. 2. the i915 video driver couldn't accurately validate memory addresses. therefore, an attacker cocould remap memory and cause a system Crash, leading to a DoS (Denial of Service) attack. ubuntu 6.06 LTS, 7.10 and 8.04 LTS users are not affected by this issue. ubuntu 8.10 users shocould update their systems to correct this vulnerability! 3. when files were created in the setgid directories, the Linux kernel package couldn't accurately strip permissions. because of this, a local user cocould gain extra group privileges. this issue was discovered by David Watson and it affects only Ubuntu 6.06 LTS users! 4. when file splice requests were handled, the Linux kernel package couldn't accurately reject the "append" flag. therefore, a local attacker cocould create changes to random locations in a file by bypassing the append mode. this issue was discovered by Olaf Kirch and Miklos Szeredi, and affects only Ubuntu 7.10 and 8.04 LTS users! 5. the SCTP stack couldn't accurately handle INIT-ACK. because of this, a remote user cocould send specially crafted SCTP traffic and crash the system, leading to a DoS (Denial of Service) attack. this issue affects only Ubuntu 8.10 users! 6. the SCTP stack couldn't accurately handle the length of bad packets. because of this, a remote user cocould send specially crafted SCTP traffic and crash the system, leading to a DoS (Denial of Service) attack. this issue affects only Ubuntu 8.10 users! 7. the HFS + filesystem had several flaws. because of this, a user cocould be tricked to mount a malicious HFS + filesystem, which cocould lead to a DoS (Denial of Service) attack and crash the system. this issue was discovered by Eric Sesterhenn, and affects all Ubuntu users! 8. the Unix Socket handler couldn't accurately process the SCM_RIGHTS message. therefore, a local attacker cocould create a malicious socket request and crash the system, leading to a DoS (Denial of Service) attack. this issue affects all Ubuntu users! 9. the i2c audio driver couldn't accurately validate several function pointers. therefore, a local users cocould obtain root privileges and crash the system, leading to a DoS (Denial of Service) attack. this issue affects all Ubuntu users! Ubuntu 6.06 LTS upgrade kernel to linux-image-2.6.15-53.74Ubuntu 7.10 upgrade kernel to linux-image-2.6.22-16.60Ubuntu 8.04 LTS upgrade kernel to LTS linux-image-2.6.24-22.45Ubuntu 8.10 upgrade kernel to linux-image-2.6.27-9.19

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.