Ubuntu Update for Linux kernel vulnerabilities USN-464-1

Please Install the Updated Packages.

Philipp Richter discovered that the AppleTalk protocol handler did not sufficiently verify the length of packets. By sending a crafted AppleTalk packet, a remote attacker could exploit this to crash the kernel. (CVE-2007-1357) Gabriel Campana discovered that the do_ipv6_setsockopt() function did not sufficiently verifiy option values for IPV6_RTHDR. A local attacker could exploit this to trigger a kernel crash. (CVE-2007-1388) A Denial of Service vulnerability was discovered in the nfnetlink_log() netfilter function. A remote attacker could exploit this to trigger a kernel crash. (CVE-2007-1496) The connection tracking module for IPv6 did not properly handle the status field when reassembling fragmented packets, so that the final packet always had the 'established' state. A remote attacker could exploit this to bypass intended firewall rules. (CVE-2007-1497) Masayuki Nakagawa discovered an error in the flowlabel handling of IPv6 network sockets. A local attacker could exploit this to crash the kernel. (CVE-2007-1592) The do_dccp_getsockopt() function did not sufficiently verify the optlen argument. A local attacker could exploit this to read kernel memory (which might expose sensitive data) or cause a kernel crash. This only affects Ubuntu 7.04. (CVE-2007-1730) The IPv4 and DECnet network protocol handlers incorrectly declared an array variable so that it became smaller than intended. By sending crafted packets over a netlink socket, a local attacker could exploit this to crash the kernel. (CVE-2007-2172)

linux-source-2.6.15/2.6.17/2.6.20 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 6.10 , Ubuntu 7.04

• https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-May/000536.html

---

Updated on 2015-03-25