Ubuntu 7.04 : linux-source-2.6.20 vulnerabilities (USN-470-1)

Ubuntu Security Notice (C) 2007-2015 Canonical, Inc. / NASL script (C) 2007-2015 Tenable Network Security, Inc.

Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

USN-464-1 fixed several vulnerabilities in the Linux kernel. Some
additional code changes were accidentally included in the Feisty
update which caused trouble for some people who were not using
UUID-based filesystem mounts. These changes have been reverted. We
apologize for the inconvenience. For more information see:
https://launchpad.net/bugs/117314 https://wiki.ubuntu.com/UsingUUID

Ilja van Sprundel discovered that Bluetooth setsockopt calls could
leak kernel memory contents via an uninitialized stack buffer. A local
attacker could exploit this flaw to view sensitive kernel information.

The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily
compromised. (CVE-2007-2451)

The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally,
systems without an entropy source would be seeded with the same inputs
at boot time, leading to a repeatable series of random numbers.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 28071 ()

Bugtraq ID: 24390

CVE ID: CVE-2007-1353