[linux-source] several local vulnerabilities

Hi hk47,

Thank you for the report. I just wanted to give you a quick update. I've spoken with the Ubuntu Security Team and was informed that two of the CVE's are fixed in dapper-gutsy and that they'd be sure to take care of the rest. Thanks!

Thanks for the info.

Since nobody has complained that I've been "spamming" Ubuntu's bugtracker with security advisories from other distributions (well, mostly Debian) , I'll continue to do so as available time permits.

Especially for kernel-related advisories with multiple CVEs, I hope it's allright to ignore the rule saying "one report for one issue", since the bugs usually already have been CVEd, so that the reports should be seen as a humble "could someone please have a look at this and see if Ubuntu is also affected".

Adding CVE-2008-0007 from SUSE-SA:2008:006 (http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html).

Quoting SUSE-SA:2008:006:
"Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory."

Quoting CVE-2008-0007:
"Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset."

Oops, CVE-2008-0007 was already listed under CVE references. Well, so I've just added some additional info.

The Ubuntu Kernel Team is planning to move to the 2.6.27 kernel for the upcoming Intrepid Ibex 8.10 release. As a result, the kernel team would appreciate it if you could please test this newer 2.6.27 Ubuntu kernel. There are one of two ways you should be able to test:

1) If you are comfortable installing packages on your own, the linux-image-2.6.27-* package is currently available for you to install and test.

--or--

2) The upcoming Alpha5 for Intrepid Ibex 8.10 will contain this newer 2.6.27 Ubuntu kernel. Alpha5 is set to be released Thursday Sept 4. Please watch http://www.ubuntu.com/testing for Alpha5 to be announced. You should then be able to test via a LiveCD.

Please let us know immediately if this newer 2.6.27 kernel resolves the bug reported here or if the issue remains. More importantly, please open a new bug report for each new bug/regression introduced by the 2.6.27 kernel and tag the bug report with 'linux-2.6.27'. Also, please specifically note if the issue does or does not appear in the 2.6.26 kernel. Thanks again, we really appreicate your help and feedback.

These were fixed a while ago in:
 http://www.ubuntu.com/usn/usn-618-1
 http://www.ubuntu.com/usn/usn-574-1
 http://www.ubuntu.com/usn/usn-578-1