[kernel-sec-discuss] r2167 - dsa-texts

Dann Frazier dannf at alioth.debian.org
Wed Jan 26 02:02:19 UTC 2011 

Author: dannf
Date: 2011-01-26 02:02:15 +0000 (Wed, 26 Jan 2011)
New Revision: 2167

Added:
   dsa-texts/2.6.26-26lenny2
Log:
first draft of advisory text for 2.6.26-26lenny2

Copied: dsa-texts/2.6.26-26lenny2 (from rev 2163, dsa-texts/2.6.26-26lenny1)
===================================================================
--- dsa-texts/2.6.26-26lenny2	                        (rev 0)
+++ dsa-texts/2.6.26-26lenny2	2011-01-26 02:02:15 UTC (rev 2167)
@@ -0,0 +1,190 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security at debian.org
+http://www.debian.org/security/                           dann frazier
+January XX, 2011                    http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : privilege escalation/denial of service/information leak
+Problem type   : local/remote
+Debian-specific: no
+CVE Id(s)      : CVE-2010-4158 CVE-2010-4162 CVE-2010-4163 CVE-2010-4242
+                 CVE-2010-4248 CVE-2010-0435 CVE-2010-4243 CVE-2010-4249
+                 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346 CVE-2010-4565
+                 CVE-2010-4649 CVE-2010-4668 CVE-2010-3699 CVE-2010-4526
+                 CVE-2010-4527 CVE-2010-4529 CVE-2011-0521
+Debian Bug(s)  :
+                 
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a privilege escalation, denial of service or information leak.  The Common
+Vulnerabilities and Exposures project identifies the following problems:
+
+CVE-2010-0435
+
+    Gleb Napatov reported an issue in the KVM subsystem that allows virtual
+    machines to cause a denial of service of the host machine by executing
+    mov to/from DR instructions.
+
+CVE-2010-3699
+
+    Keir Fraser provided a fix for an issue in the Xen subsystem. A guest can
+    cause a denial of service on the host by retaining a leaked reference to a
+    device. This can result in a zombie domain, xenwatch process hangs, and xm
+    command failures.
+
+CVE-2010-4158
+
+    Dan Rosenberg discovered an issue in the socket filters subsystem, allowing
+    local unprivileged users to obtain the contents of sensitive kernel memory.
+
+CVE-2010-4162
+
+    Dan Rosenberg discovered an overflow issue in the block I/O subsystem. that
+    allows local users to map large numbers of pages, resulting in a denial
+    of service due to invocation of the out of memory killer.
+
+CVE-2010-4163
+
+    Dan Rosenberg discovered an issue in the block I/O subsystem. Due to
+    improper validation of iov segments, local users can trigger a kernel
+    panic resulting in a denial of service.
+
+CVE-2010-4242
+
+    Alan Cox reported an issue in the Bluetooth subsystem. Local users with
+    sufficient permission to access HCI UART devices can cause a denial of
+    service (NULL pointer dereference) due to a missing check for an existing
+    tty write operation.
+
+CVE-2010-4243
+
+    Brad Spengler reported a denial-of-service issue in the kernel memory
+    accounting system. By  passing large argv/envp values to exec, local users
+    can cause the out of memory killer to kill processes owned by other
+    users.
+
+CVE-2010-4248
+
+    Oleg Nesterov reported an issue in the POSIX CPU timers subsystem. Local
+    users can cause a denial of service (Oops) due to incorrect assumptions
+    about thread group leader behavior.
+
+CVE-2010-4249
+
+    Vegard Nossum reported an issue with the UNIX socket garbage collector.
+    Local users can consume all of LOWMEM and decrease system performance
+    by overloading the system with inflight sockets.
+
+CVE-2010-4258
+
+    Nelson Elhage reported an issue in Linux oops handling. Local users may
+    be able to obtain elevated privileges if they are able to trigger an
+    oops with a process's fs set to KERNEL_DS.
+
+CVE-2010-4342
+
+    Nelson Elhage reported an issue in the econet protocol. Remote attackers
+    can cause a denial of service by sending an Acorn Universal Networking
+    packet over UDP.
+
+CVE-2010-4346
+
+    Tavis Ormandy discovered an issue in the install_special_mapping routine
+    which allows local users to bypass the mmap_min_addr security restriction.
+    Combined with an otherwise low severity local denial of service
+    vulnerability (NULL pointer derefernce), a local user could obtain
+    elevated privileges.
+
+CVE-2010-4526
+
+    Eugene Teo reported a race condition in the Linux SCTP implementation.
+    Remote users can cause a denial of service (kernel memory corruption)
+    by transmitting an ICMP unreachable message to a locked socket.
+
+CVE-2010-4527
+
+    Dan Rosenberg reported two issues in the OSS soundcard driver. Local
+    users with access to the device (members of group 'audio' on default
+    Debian installations) may contain access to sensitive kernel memory
+    or cause a buffer overflow, potentially leading to an escalation of
+    privileges.
+
+CVE-2010-4529
+
+    Dan Rosenberg reported an issue in the Linux kernel IrDA socket
+    implementation on non-x86 architectures. Local users may be able
+    to gain access to sensitive kernel memory via a specially crafted
+    IRLMP_ENUMDEVICES getsockopt call.
+
+CVE-2010-4565
+
+    Dan Rosenberg reported an issue in the Linux CAN protocol implementation.
+    Local users can obtain the address of a kernel heap object which might
+    help facilitate system exploitation.
+
+CVE-2010-4649
+
+    Dan Carpenter reported an issue in the uverb handline of the
+    InfiniBand subsystem. A potential buffer overflow may allow local
+    users to cause a denial of service (memory corruption) by passing
+    in a large cmd.ne value.
+
+CVE-2010-4668
+
+    Dan Rosenberg reported an issue in the block subsystem. A local user
+    can cause a denial of service (kernel panic) by submitting certain
+    0-length I/O requests.
+
+CVE-2011-0521
+
+    Dan Carpenter reported an issue in the DVB driver for AV7110 cards.
+    Local users can pass a negative info->num value, corrupting kernel
+    memory and causing a denial of service.
+
+For the stable distribution (lenny), this problem has been fixed in version
+2.6.26-26lenny2.
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+                                             Debian 5.0 (lenny)
+     user-mode-linux                         2.6.26-1um-2+26lenny2
+
+Upgrade instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+Debian GNU/Linux 5.0 alias lenny
+--------------------------------
+
+Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
+mipsel, powerpc, s390 and sparc. The update for mips will be released once it
+becomes available.
+
+XXXX
+
+  These files will probably be moved into the stable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce at lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

More information about the kernel-sec-discuss mailing list