Ubuntu
linux-source-2.6.15 package

[CVE-2008-3272, -3496, -3534, -3535] Multiple vulnerabilities in the Linux kernel

Bug #256632 reported by Till Ulen
258
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Declined for Feisty by Kees Cook
Declined for Gutsy by Kees Cook
Dapper
Invalid
Undecided
Unassigned
Hardy
Fix Released
Undecided
Unassigned
Intrepid
Fix Released
Undecided
Unassigned
linux-source-2.6.15 (Ubuntu)
Invalid
Undecided
Unassigned
Declined for Feisty by Kees Cook
Declined for Gutsy by Kees Cook
Dapper
Fix Released
Undecided
Unassigned
Hardy
Invalid
Undecided
Unassigned
Intrepid
Invalid
Undecided
Unassigned

Bug Description

CVE-2008-3272 preliminary description:

"The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3272

CVE-2008-3496 description:

"Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3496

CVE-2008-3534 description:

"The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3534

CVE-2008-3535 description:

"Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3535

Tags: cft-2.6.27
Revision history for this message
Till Ulen (tillulen) wrote :

Adding CVE references: CVE-2008-3272, CVE-2008-3496, CVE-2008-3534, CVE-2008-3535

Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

The Ubuntu Kernel Team is planning to move to the 2.6.27 kernel for the upcoming Intrepid Ibex 8.10 release. As a result, the kernel team would appreciate it if you could please test this newer 2.6.27 Ubuntu kernel. There are one of two ways you should be able to test:

1) If you are comfortable installing packages on your own, the linux-image-2.6.27-* package is currently available for you to install and test.

--or--

2) The upcoming Alpha5 for Intrepid Ibex 8.10 will contain this newer 2.6.27 Ubuntu kernel. Alpha5 is set to be released Thursday Sept 4. Please watch http://www.ubuntu.com/testing for Alpha5 to be announced. You should then be able to test via a LiveCD.

Please let us know immediately if this newer 2.6.27 kernel resolves the bug reported here or if the issue remains. More importantly, please open a new bug report for each new bug/regression introduced by the 2.6.27 kernel and tag the bug report with 'linux-2.6.27'. Also, please specifically note if the issue does or does not appear in the 2.6.26 kernel. Thanks again, we really appreicate your help and feedback.

Revision history for this message
Neil Munro (neilmunro-deactivatedaccount) wrote :

The Intrepid Ibex 8.10 Beta release was most recently announced - http://www.ubuntu.com/testing/intrepid/beta . It contains the 2.6.27 Ubuntu kernel. It would be great if you could test and verify if this is still an issue. The status is being set to Incomplete until we receive further feedback. Thanks.

Changed in linux:
status: New → Incomplete
Changed in linux-source-2.6.15:
status: New → Incomplete
Kees Cook (kees)
Changed in linux-source-2.6.15:
status: Incomplete → Invalid
status: New → Invalid
Revision history for this message
Kees Cook (kees) wrote :

Published: http://www.ubuntu.com/usn/usn-659-1

Changed in linux:
status: New → Invalid
status: New → Fix Released
status: Incomplete → Fix Released
Changed in linux-source-2.6.15:
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.