当前时区为 UTC + 8 小时



发表新帖 回复这个主题  [ 3 篇帖子 ] 
作者 内容
1 楼 
 文章标题 : 转:Ubuntu 6.06, 8.04, 8.10 内核安全更新20090702
帖子发表于 : 2009-07-02 23:40 
头像

注册: 2007-12-17 21:41
帖子: 773
送出感谢: 67
接收感谢: 22
转:Ubuntu 6.06, 8.04, 8.10 内核安全更新20090702
主要解决了15处安全隐患

原文出处:
http://news.softpedia.com/news/New-Kern ... 5673.shtml
-----------------------------------------
New Kernel Vulnerabilities Affect Ubuntu 6.06, 8.04, 8.10 and 9.04 OSes

All Ubuntu users should update their systems as soon as possible


By Marius Nestor, Linux Editor

2nd of July 2009, 11:00 GMT

Adjust text size:

Ubuntu wallpaper
Enlarge picture
Earlier today, Canonical has announced the availability of a major security update for the following Ubuntu distributions: 6.06 LTS, 8.04 LTS, 8.10 and 9.04 (also applies to Kubuntu, Edubuntu and Xubuntu). The update patches no more than 15 security issues (see below for details) discovered in the Linux kernel packages by various hackers. Therefore, it is strongly recommended to update your system as soon as possible!

The following Linux kernel vulnerabilities will be fixed:

1. When root_squash was active, NFS clients could create device nodes. This could lead to loss of privacy. The issue was discovered by Igor Zhbanov, and affects only Ubuntu 8.10 and 9.04 users.

2. SELinux failed to handle various network checks if compat_net=1 was enabled. Because of this, network checks could be bypassed by a local attacker. The issue was discovered by Dan Carpenter, and affects only Ubuntu 8.10 and 9.04 users.

3. Memory was incorrectly initialized in AGP subsystem, which could lead to loss of privacy. The issue was discovered by Shaohua Li.

4. The VMX implementation of KVM failed to handle various registers. This could lead to a DoS attack and crash the affected system. The issue was discovered by Benjamin Gilbert, and affects only Ubuntu 8.04 LTS, 8.10 and 9.04 users (32-bit versions).

5. The Amateur Radio X.25 Packet Layer Protocol failed to validate various fields, which could lead to loss of privacy. The issue was discovered by Thomas Pollet.

6. NFS failed to handle long filenames. This could lead to a DoS attack and crash the affected system. The issue was discovered by Trond Myklebust, and affects only Ubuntu 6.06 LTS users.

7. The Linux kernel failed to handle CAP_KILL and it could lead to a DoS attack. The issue was discovered by Oleg Nesterov.

8. Signal handling was incorrectly limited to process namespaces, which could lead to a DoS attack. The issue was discovered by Daniel Hokka Zakrisson, and affects only Ubuntu 8.04 LTS users.

9. Support for network namespace in IPv6 was incorrectly handled. This could lead to a DoS attack and crash the affected system. The issue was discovered by Pavel Emelyanov, and affects only Ubuntu 8.10 and 9.04 users.

10. The e1000 network driver failed to validate various fields. This could lead to a DoS attack and crash the affected system. The issue was discovered by Neil Horman.

11. CIFS failed to check the lengths when various mount requests were handled. Because of this, restricted applications could be executed. This could lead to a DoS attack and crash the affected system. The issue was discovered by Pavan Naregundi.

12. NFSv4 failed to handle execute permissions. The issue was discovered by Simon Vallet and Frank Filz.

13. Buffer overflows were discovered in the code of the CIFS client. This could lead to a system crash. The issue was discovered by Jeff Layton and Suresh Jayaraman.

14. On Sparc architecture, the /proc/iomem was incorrectly initialized. This could lead to a DoS attack and crash the affected system. The issue was discovered by Mikulas Patocka, and affects only Ubuntu 8.04 LTS, 8.10 and 9.04 users.

15. OCFS2 failed to handle various splice operations. This could lead to a DoS attack and hang the affected system. The issue was discovered by Miklos Szeredi, and affects only Ubuntu 8.04 LTS, 8.10 and 9.04 users.

The above Linux kernel vulnerabilities can be fixed if you update your system today to the following specific packages:

• For Ubuntu 6.06 LTS, users should update their kernel packages to linux-image-2.6.15-54.77

• For Ubuntu 8.04 LTS, users should update their kernel packages to linux-image-2.6.24-24.55

• For Ubuntu 8.10, users should update their kernel packages to linux-image-2.6.27-14.35

• For Ubuntu 9.04, users should update their kernel packages to linux-image-2.6.28-13.45

Don't forget to reboot your computer after this update! You can verify the kernel version by typing the sudo dpkg -l linux-image-2.6.28-13-generic command in a terminal (the example is for Ubuntu 9.04 users ONLY).

ATTENTION: Due to an unavoidable ABI change, the kernel packages have a new version number, which will force you to reinstall or recompile all third-party kernel modules you might have installed. For example, after the upgrade to the above version of your kernel package, a piece of software such as VirtualBox will NOT work anymore, therefore you must recompile its kernel module by issuing a specific command in the terminal. Moreover, if you use the linux-restricted-modules package, you have to update it as well to get modules that work with the new Linux kernel version.

Get the latest version of Ubuntu right now from Softpedia. Don't forget to share it with your friends and family!


_________________
* 日本人说:就算我们不拜靖国神社,韩国人也不会买我们的东西;
就算我们拜靖国神社,中国人照样买我们的东西。

* 历史不相信眼泪。能挡住狼的不是篱笆,而是棍子和猎枪。
--------------
Careone <emacslocale^126.com>
https://sourceforge.net/projects/emacslocale/files/


页首
 用户资料  
 
2 楼 
 文章标题 : Re: 转:Ubuntu 6.06, 8.04, 8.10 内核安全更新20090702
帖子发表于 : 2009-07-03 0:03 
头像

注册: 2008-09-07 14:21
帖子: 441
地址: 长沙
送出感谢: 0 次
接收感谢: 0 次
E文不太好。看起来好吃力。


_________________
    8e3817551427c5412c735f5821b6e231f59b336112239bf8f5cb3f383eaa55d7


页首
 用户资料  
 
3 楼 
 文章标题 : Re: 转:Ubuntu 6.06, 8.04, 8.10 内核安全更新20090702
帖子发表于 : 2009-07-03 13:48 
头像

注册: 2007-12-17 18:07
帖子: 1285
地址: 西安
送出感谢: 1
接收感谢: 1
:em06 先顶下吧。呵呵。


页首
 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 3 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 2 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
本站点为公益性站点,用于推广开源自由软件,由 DiaHosting VPSBudgetVM VPS 提供服务。
我们认为:软件应可免费取得,软件工具在各种语言环境下皆可使用,且不会有任何功能上的差异;
人们应有定制和修改软件的自由,且方式不受限制,只要他们自认为合适。

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
简体中文语系由 王笑宇 翻译