Ubuntu has released updated packages to correct multiple vulnerabilities identified in Kernel.
The first issue is due to an error in the "sys_set_mempolicy()" function that does not properly handle negative arguments, which could be exploited by local attackers to cause a denial of service.
The second flaw is due to a race condition error in the handling of shared memory mappings with CLONE_VM, which could be exploited by local attackers to cause a denial of service.
The third vulnerability is due to a race condition error in the handling of traced processes, which could be exploited by local attackers to cause a denial of service.
The fourth issue is due to an error in the "ioremap" module (amd64 platform) that does not properly handle certain IO mapping operations, which could be exploited by local attackers to cause a denial of service or disclose sensitive information.
The fifth flaw resides in the HFS and HFS+ file system drivers that do not properly verify that the file system that was attempted to be mounted really was HFS/HFS+, which could be exploited by a malicious user to cause a kernel crash.
The sixth flaw is due to a race condition in the "ebtables" netfilter module on multiprocessor machines (SMP), which could be exploited by remote attackers to cause a denial of service.
The seventh issue is due to a memory leak in the system call auditing code, which could be exploited by local attackers to cause a denial of service.
Credits
Vulnerabilities reported by Steve Herrel and Robert Derr
ChangeLog
2005-10-10 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
