USN-47-1: Linux kernel vulnerabilities
Publication date
23 December 2004
Overview
Linux kernel vulnerabilities
Releases
Details
Georgi Guninski discovered two Denial of Service vulnerabilities in
the Linux kernel.
An integer overflow in the vc_resize() function caused the memory
allocation for the new screen being too short, thus causing a buffer
overflow and a kernel crash.
There was also a memory leak in the ip_options_get() function. Calling
ip_cmsg_send() very often would gradually exhaust memory.
Note: The original advisory (see URL above) also mentions a
"ip_options_get integer overflow". This was already fixed in USN-38-1
(known as CAN-2004-1016).
Georgi Guninski discovered two Denial of Service vulnerabilities in
the Linux kernel.
An integer overflow in the vc_resize() function caused the memory
allocation for the new screen being too short, thus causing a buffer
overflow and a kernel crash.
There was also a memory leak in the ip_options_get() function. Calling
ip_cmsg_send() very often would gradually exhaust memory.
Note: The original advisory (see URL above) also mentions a
"ip_options_get integer overflow". This was already fixed in USN-38-1
(known as CAN-2004-1016).
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.