Security flaw present in most Ubuntu installs

Severe security flaws were found in the kernel for most Ubuntu installs. If you're one of the open-source supporters using Ubuntu versions 6.06 LTS, 7.04, 7.10, or 8.04 LTS it's best to patch. The actual problems are interesting. The flaw opens up the user to a multitude of attacks all of which are listed after the jump.

First, a null-pointer function derefrences in the terminal handling code. This opens up the door for an attacker to either crash the system or execute code as the root user (if I were an attacker, I'd probably choose the second one).

A second flaw allows an attacker to block mount points or share private mount points. This flaw opens the door for denial of service attacks and also has the potential to expose private data. It is caused by a function which is supposed to validate administrator permissions, but does not do this correctly.

A bug in the ALSA mixer (which is one of the main sound mixers and the default for most purposes in Ubuntu)  causes it to incorrectly validate device numbers in certan situations. An attacker can use this to expose kernel memory in Linux, which opens the door to all sorts of trouble.

A problem discovered by Zoltan Sogor would allow someone to fill deleted directories with directories, which could fill the hard drive and cause a denial of service to users.

Further, these updates also address an issue which was causing an infinite loop in the writev system call.

Most of these vectors are only available to local users, so you're probably safe if it's incontinent for you to patch and you're a home user. However, we strongly recommend those of who who use Ubuntu for servers apply the updates right away. They will require a restart so you may need to schedule the downtime.

Overall, this update is a 3/5 on the ARSON News severity scale.