Ubuntu 7.04 : linux-source-2.6.20 vulnerabilities (USN-470-1)

Ubuntu Security Notice (C) 2007-2013 Canonical, Inc. / NASL script (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

USN-464-1 fixed several vulnerabilities in the Linux kernel. Some
additional code changes were accidentally included in the Feisty
update which caused trouble for some people who were not using
UUID-based filesystem mounts. These changes have been reverted. We
apologize for the inconvenience. For more information see:
https://launchpad.net/bugs/117314 https://wiki.ubuntu.com/UsingUUID

Ilja van Sprundel discovered that Bluetooth setsockopt calls could
leak kernel memory contents via an uninitialized stack buffer. A local
attacker could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)

The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily
compromised. (CVE-2007-2451)

The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally,
systems without an entropy source would be seeded with the same inputs
at boot time, leading to a repeatable series of random numbers.
(CVE-2007-2453).

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 28071 ()

Bugtraq ID:

CVE ID: CVE-2007-1353
CVE-2007-2451
CVE-2007-2453