[kernel-sec-discuss] r2167 - dsa-texts
Dann Frazier
dannf at alioth.debian.org
Wed Jan 26 02:02:19 UTC 2011
Author: dannf
Date: 2011-01-26 02:02:15 +0000 (Wed, 26 Jan 2011)
New Revision: 2167
Added:
dsa-texts/2.6.26-26lenny2
Log:
first draft of advisory text for 2.6.26-26lenny2
Copied: dsa-texts/2.6.26-26lenny2 (from rev 2163, dsa-texts/2.6.26-26lenny1)
===================================================================
--- dsa-texts/2.6.26-26lenny2 (rev 0)
+++ dsa-texts/2.6.26-26lenny2 2011-01-26 02:02:15 UTC (rev 2167)
@@ -0,0 +1,190 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1 security at debian.org
+http://www.debian.org/security/ dann frazier
+January XX, 2011 http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package : linux-2.6
+Vulnerability : privilege escalation/denial of service/information leak
+Problem type : local/remote
+Debian-specific: no
+CVE Id(s) : CVE-2010-4158 CVE-2010-4162 CVE-2010-4163 CVE-2010-4242
+ CVE-2010-4248 CVE-2010-0435 CVE-2010-4243 CVE-2010-4249
+ CVE-2010-4258 CVE-2010-4342 CVE-2010-4346 CVE-2010-4565
+ CVE-2010-4649 CVE-2010-4668 CVE-2010-3699 CVE-2010-4526
+ CVE-2010-4527 CVE-2010-4529 CVE-2011-0521
+Debian Bug(s) :
+
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a privilege escalation, denial of service or information leak. The Common
+Vulnerabilities and Exposures project identifies the following problems:
+
+CVE-2010-0435
+
+ Gleb Napatov reported an issue in the KVM subsystem that allows virtual
+ machines to cause a denial of service of the host machine by executing
+ mov to/from DR instructions.
+
+CVE-2010-3699
+
+ Keir Fraser provided a fix for an issue in the Xen subsystem. A guest can
+ cause a denial of service on the host by retaining a leaked reference to a
+ device. This can result in a zombie domain, xenwatch process hangs, and xm
+ command failures.
+
+CVE-2010-4158
+
+ Dan Rosenberg discovered an issue in the socket filters subsystem, allowing
+ local unprivileged users to obtain the contents of sensitive kernel memory.
+
+CVE-2010-4162
+
+ Dan Rosenberg discovered an overflow issue in the block I/O subsystem. that
+ allows local users to map large numbers of pages, resulting in a denial
+ of service due to invocation of the out of memory killer.
+
+CVE-2010-4163
+
+ Dan Rosenberg discovered an issue in the block I/O subsystem. Due to
+ improper validation of iov segments, local users can trigger a kernel
+ panic resulting in a denial of service.
+
+CVE-2010-4242
+
+ Alan Cox reported an issue in the Bluetooth subsystem. Local users with
+ sufficient permission to access HCI UART devices can cause a denial of
+ service (NULL pointer dereference) due to a missing check for an existing
+ tty write operation.
+
+CVE-2010-4243
+
+ Brad Spengler reported a denial-of-service issue in the kernel memory
+ accounting system. By passing large argv/envp values to exec, local users
+ can cause the out of memory killer to kill processes owned by other
+ users.
+
+CVE-2010-4248
+
+ Oleg Nesterov reported an issue in the POSIX CPU timers subsystem. Local
+ users can cause a denial of service (Oops) due to incorrect assumptions
+ about thread group leader behavior.
+
+CVE-2010-4249
+
+ Vegard Nossum reported an issue with the UNIX socket garbage collector.
+ Local users can consume all of LOWMEM and decrease system performance
+ by overloading the system with inflight sockets.
+
+CVE-2010-4258
+
+ Nelson Elhage reported an issue in Linux oops handling. Local users may
+ be able to obtain elevated privileges if they are able to trigger an
+ oops with a process's fs set to KERNEL_DS.
+
+CVE-2010-4342
+
+ Nelson Elhage reported an issue in the econet protocol. Remote attackers
+ can cause a denial of service by sending an Acorn Universal Networking
+ packet over UDP.
+
+CVE-2010-4346
+
+ Tavis Ormandy discovered an issue in the install_special_mapping routine
+ which allows local users to bypass the mmap_min_addr security restriction.
+ Combined with an otherwise low severity local denial of service
+ vulnerability (NULL pointer derefernce), a local user could obtain
+ elevated privileges.
+
+CVE-2010-4526
+
+ Eugene Teo reported a race condition in the Linux SCTP implementation.
+ Remote users can cause a denial of service (kernel memory corruption)
+ by transmitting an ICMP unreachable message to a locked socket.
+
+CVE-2010-4527
+
+ Dan Rosenberg reported two issues in the OSS soundcard driver. Local
+ users with access to the device (members of group 'audio' on default
+ Debian installations) may contain access to sensitive kernel memory
+ or cause a buffer overflow, potentially leading to an escalation of
+ privileges.
+
+CVE-2010-4529
+
+ Dan Rosenberg reported an issue in the Linux kernel IrDA socket
+ implementation on non-x86 architectures. Local users may be able
+ to gain access to sensitive kernel memory via a specially crafted
+ IRLMP_ENUMDEVICES getsockopt call.
+
+CVE-2010-4565
+
+ Dan Rosenberg reported an issue in the Linux CAN protocol implementation.
+ Local users can obtain the address of a kernel heap object which might
+ help facilitate system exploitation.
+
+CVE-2010-4649
+
+ Dan Carpenter reported an issue in the uverb handline of the
+ InfiniBand subsystem. A potential buffer overflow may allow local
+ users to cause a denial of service (memory corruption) by passing
+ in a large cmd.ne value.
+
+CVE-2010-4668
+
+ Dan Rosenberg reported an issue in the block subsystem. A local user
+ can cause a denial of service (kernel panic) by submitting certain
+ 0-length I/O requests.
+
+CVE-2011-0521
+
+ Dan Carpenter reported an issue in the DVB driver for AV7110 cards.
+ Local users can pass a negative info->num value, corrupting kernel
+ memory and causing a denial of service.
+
+For the stable distribution (lenny), this problem has been fixed in version
+2.6.26-26lenny2.
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+ Debian 5.0 (lenny)
+ user-mode-linux 2.6.26-1um-2+26lenny2
+
+Upgrade instructions
+--------------------
+
+wget url
+ will fetch the file for you
+dpkg -i file.deb
+ will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+ will update the internal database
+apt-get upgrade
+ will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+Debian GNU/Linux 5.0 alias lenny
+--------------------------------
+
+Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
+mipsel, powerpc, s390 and sparc. The update for mips will be released once it
+becomes available.
+
+XXXX
+
+ These files will probably be moved into the stable distribution on
+ its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce at lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
More information about the kernel-sec-discuss
mailing list