[kernel-sec-discuss] r1356 - dsa-texts

Dann Frazier dannf at alioth.debian.org
Tue May 5 06:22:13 UTC 2009 

Author: dannf
Date: 2009-05-05 06:22:13 +0000 (Tue, 05 May 2009)
New Revision: 1356

Added:
   dsa-texts/2.6.18.dfsg.1-24etch2
Log:
start new draft

Copied: dsa-texts/2.6.18.dfsg.1-24etch2 (from rev 1355, dsa-texts/2.6.18.dfsg.1-23etch1)
===================================================================
--- dsa-texts/2.6.18.dfsg.1-24etch2	                        (rev 0)
+++ dsa-texts/2.6.18.dfsg.1-24etch2	2009-05-05 06:22:13 UTC (rev 1356)
@@ -0,0 +1,191 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security at debian.org
+http://www.debian.org/security/                           dann frazier
+May 5, 2009                         http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : denial of service/privilege escalation/information leak
+Problem type   : local/remote
+Debian-specific: no
+CVE Id(s)      : CVE-2008-4307 CVE-2008-5395 CVE-2008-5701 CVE-2008-5702
+                 CVE-2008-5713 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031
+                 CVE-2009-0065 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676
+                 CVE-2009-0834 CVE-2009-0859 CVE-2009-1192 CVE-2009-1265
+                 CVE-2009-1336 CVE-2009-1337 CVE-2009-1439
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a denial of service or privilege escalation. The Common
+Vulnerabilities and Exposures project identifies the following
+problems:
+
+CVE-2008-4307
+
+    Bryn M. Reeves reported a denial of service in the NFS filesystem.
+    Local users can trigger a kernel BUG() due to a race condition in
+    the do_setlk function.
+
+CVE-2008-5395
+
+    Helge Deller discovered a denial of service condition that allows
+    local users on PA-RISC systems to crash a system by attempting to
+    unwind a stack contiaining userspace addresses.
+
+CVE-2008-5701
+
+    Vlad Malov reported an issue on 64-bit MIPS systems where a local
+    user could cause a system crash by crafing a malicious binary
+    which makes o32 syscalls with a number less than 4000.
+
+CVE-2008-5702
+
+    Zvonimir Rakamaric reported an off-by-one error in the ib700wdt
+    watchdog driver which allows local users to cause a buffer
+    underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl
+    call.
+
+CVE-2008-5713
+
+    Flavio Leitner discovered that a local user can cause a denial
+    of service by generating large amounts of traffic on a large SMP
+    system, resulting in soft lockups.
+
+CVE-2009-0028
+
+    Chris Evans discovered a situation in which a child process can
+    send an arbitrary signal to its parent.
+
+CVE-2009-0029
+
+    Christian Borntraeger discovered an issue effecting the alpha,
+    mips, powerpc, s390 and sparc64 architectures that allows local
+    users to cause a denial of service or potentially gain elevated
+    privileges.
+
+CVE-2009-0031
+
+    Vegard Nossum discovered a memory leak in the keyctl subsystem
+    that allows local users to cause a denial of service by consuming
+    all of kernel memory.
+
+CVE-2009-0065
+
+    Wei Yongjun discovered a memory overflow in the SCTP
+    implementation that can be triggered by remote users, permitting
+    remote code execution.
+    
+CVE-2009-0322
+
+    Pavel Roskin provided a fix for an issue in the dell_rbu driver
+    that allows a local user to cause a denial of service (oops) by
+    reading 0 byts from a sysfs entry.
+
+CVE-2009-0675
+
+    Roel Kluin discovered inverted logic in the skfddi driver that
+    permits local, unprivileged users to reset the driver statistics.
+
+CVE-2009-0676
+
+    Clement LECIGNE discovered a bug in the sock_getsockopt function
+    that may result in leaking sensitive kernel memory.
+
+CVE-2009-0834
+
+    Roland McGrath discovered an issue on amd64 kernels that allows
+    local users to circumvent system call audit configurations which
+    filter based on the syscall numbers or argument details.
+
+CVE-2009-0859
+
+    Jiri Olsa discovered that a local user can cause a denial of
+    service (system hang) using a SHM_INFO shmctl call on kernels
+    compiled with CONFIG_SHMEM disabled. This issue does not affect
+    prebuilt Debian kernels.
+
+CVE-2009-1192
+
+    Shaohua Li reported an issue in the AGP subsystem they may allow
+    local users to read sensitive kernel memory due to a leak of
+    uninitialized memory.
+
+CVE-2009-1265
+
+    Thomas Pollet reported an overflow in the af_rose implementation
+    that allows remote attackers to retrieve uninitialized kernel
+    memory that may contain sensitive data.
+
+CVE-2009-1336
+
+    Trond Myklebust reported an issue in the encode_lookup() function in
+    the nfs server subsystem that allows local users to cause a denial
+    of service (oops in encode_lookup()) by use of a long filename.
+    
+CVE-2009-1337
+
+    Oleg Nesterov discovered an issue in the exit_notify function that
+    allows local users to send an arbitrary signal to a process by
+    running a program that modifies the exit_signal field and then
+    uses an exec system call to launch a setuid application.
+
+CVE-2009-1439
+
+    Pavan Naregundi reported an issue in the CIFS filesystem code that
+    allows remote users to overwrite memory via a long
+    nativeFileSystem field in a Tree Connect response during mount.
+
+For the oldstable distribution (etch), this problem has been fixed in
+version 2.6.18.dfsg.1-24etch2.
+
+We recommend that you upgrade your linux-2.6, fai-kernels, and
+user-mode-linux packages.
+
+Note: Debian carefully tracks all known security issues across every
+linux kernel package in all releases under active security support.
+However, given the high frequency at which low-severity
+security issues are discovered in the kernel and the resource
+requirements of doing an update, updates for lower priority issues
+will normally not be released for all kernels at the same time. Rather,
+they will be released in a staggered or "leap-frog" fashion.
+
+Upgrade instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+The following matrix lists additional source packages that were rebuilt for
+compatability with or to take advantage of this update:
+
+                                             Debian 4.0 (etch)
+     fai-kernels                             1.17+etch.24etch2
+     user-mode-linux                         2.6.18-1um-2etch.24etch2
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+Debian GNU/Linux 4.0 alias etch
+-------------------------------
+
+Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
+
+[FILL IN]
+
+  These changes will probably be included in the oldstable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ oldstable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/oldstable/updates/main
+Mailing list: debian-security-announce at lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

More information about the kernel-sec-discuss mailing list