Ubuntu Update for Linux kernel vulnerabilities USN-470-1

Please Install the Updated Packages.

USN-464-1 fixed several vulnerabilities in the Linux kernel. Some additional code changes were accidentally included in the Feisty update which caused trouble for some people who were not using UUID-based filesystem mounts. These changes have been reverted. We apologize for the inconvenience. For more information see: <A HREF='https://launchpad.net/bugs/117314'>https://launchpad.net/bugs/117314</A> <A HREF='https://wiki.ubuntu.com/UsingUUID'>https://wiki.ubuntu.com/UsingUUID</A> Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353) The GEODE-AES driver did not correctly initialize its encryption key. Any data encrypted using this type of device would be easily compromised. (CVE-2007-2451) The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453)

linux-source-2.6.20 vulnerabilities on Ubuntu 7.04