Saturday, June 30, 2007

Ubuntu: New kernel 2.6.20.5-16.29

A new kernel version everyone, they've patched some madwifi vulnerabilities as far as I know. May the aptitude be with you! :)

=========================================================== Ubuntu Security Notice USN-479-1 June 28, 2007 linux-restricted-modules-2.6.15/.17/.20 vulnerabilities CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2006-7180, CVE-2007-2829, CVE-2007-2830, CVE-2007-2831 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS:

linux-restricted-modules-2.6.15-28-386 2.6.15.12-28.2 linux-restricted-modules-2.6.15-28-686 2.6.15.12-28.2 linux-restricted-modules-2.6.15-28-amd64-generic 2.6.15.12-28.2 linux-restricted-modules-2.6.15-28-amd64-k8 2.6.15.12-28.2 linux-restricted-modules-2.6.15-28-amd64-xeon 2.6.15.12-28.2 linux-restricted-modules-2.6.15-28-k7 2.6.15.12-28.2 linux-restricted-modules-2.6.15-28-powerpc 2.6.15.12-28.2 linux-restricted-modules-2.6.15-28-powerpc-smp 2.6.15.12-28.2 linux-restricted-modules-2.6.15-28-sparc64 2.6.15.12-28.2 linux-restricted-modules-2.6.15-28-sparc64-smp 2.6.15.12-28.2 Ubuntu 6.10: linux-restricted-modules-2.6.17-11-386 2.6.17.8-11.2 linux-restricted-modules-2.6.17-11-generic 2.6.17.8-11.2 linux-restricted-modules-2.6.17-11-powerpc 2.6.17.8-11.2 linux-restricted-modules-2.6.17-11-powerpc-smp 2.6.17.8-11.2 linux-restricted-modules-2.6.17-11-powerpc64-smp 2.6.17.8-11.2 linux-restricted-modules-2.6.17-11-sparc64 2.6.17.8-11.2 linux-restricted-modules-2.6.17-11-sparc64-smp 2.6.17.8-11.2 Ubuntu 7.04: linux-restricted-modules-2.6.20-16-386 2.6.20.5-16.29 linux-restricted-modules-2.6.20-16-generic 2.6.20.5-16.29 linux-restricted-modules-2.6.20-16-lowlatency 2.6.20.5-16.29 linux-restricted-modules-2.6.20-16-powerpc 2.6.20.5-16.29 linux-restricted-modules-2.6.20-16-powerpc-smp 2.6.20.5-16.29 linux-restricted-modules-2.6.20-16-powerpc64-smp 2.6.20.5-16.29 linux-restricted-modules-2.6.20-16-sparc64 2.6.20.5-16.29 linux-restricted-modules-2.6.20-16-sparc64-smp 2.6.20.5-16.29

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Details follow:
Multiple flaws in the MadWifi driver were discovered that could lead to a system crash. A physically near-by attacker could generate specially crafted wireless network traffic and cause a denial of service. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829, CVE-2007-2830)
A flaw was discovered in the MadWifi driver that would allow unencrypted network traffic to be sent prior to finishing WPA authentication. A physically near-by attacker could capture this, leading to a loss of privacy, denial of service, or network spoofing. (CVE-2006-7180)
A flaw was discovered in the MadWifi driver's ioctl handling.A local attacker could read kernel memory, or crash the system, leading to a denial of service. (CVE-2007-2831)

No comments: