diff options
author | dann frazier <dannf@debian.org> | 2008-06-09 06:03:34 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2008-06-09 06:03:34 +0000 |
commit | 2df7e3b7a322c1b4ef3130b5f5b9a044a8d6f5f2 (patch) | |
tree | 645be1d4ce389ea63d277eae9eb9e6b110dee321 | |
parent | 9279ea921fc6c60b43d3e8343b4eef39f0b4b852 (diff) |
new dsa text
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1179 e094ebfe-e918-0410-adfb-c712417f3574
-rw-r--r-- | dsa-texts/2.6.18.dfsg.1-18etch6 | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/dsa-texts/2.6.18.dfsg.1-18etch6 b/dsa-texts/2.6.18.dfsg.1-18etch6 new file mode 100644 index 00000000..2f6855b9 --- /dev/null +++ b/dsa-texts/2.6.18.dfsg.1-18etch6 @@ -0,0 +1,80 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-1592-1 security@debian.org +http://www.debian.org/security/ dann frazier +Jun 08, 2008 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : heap overflow +Problem type : local/remote +Debian-specific: no +CVE Id(s) : CVE-2008-1673 CVE-2008-2358 + +Two vulnerabilities have been discovered in the Linux kernel that may +lead to a denial of service or arbitrary code execution. The Common +Vulnerabilities and Exposures project identifies the following problems: + +CVE-2008-1673 + + Wei Wang from McAfee reported a potential heap overflow in the ASN.1 + decode code that is used by the SNMP NAT and CIFS subsystems. + Exploitation of this issue may lead to arbitrary code execution. Note + that this issue is not believed to be exploitable with the pre-built + kernel images provided by Debian, but it might be an issue for custom + images built from the Debian-provided source package. + +CVE-2008-2358 + + Brandon Edwards of McAfee Avert labs discovered an issue in the + DCCP subsystem. Due to missing feature length checks it is possible + to cause an overflow they may result in remote arbitrary code execution. + +For the stable distribution (etch), this problem has been fixed in version +2.6.18.dfsg.1-18etch6. + +The linux-2.6/mipsel build was not yet available at the time of this advisory. +This advisory will be updated when this this build becomes available. + +We recommend that you upgrade your linux-2.6, fai-kernels, and +user-mode-linux packages. + +Upgrade instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +The following matrix lists additional source packages that were rebuilt for +compatability with or to take advantage of this update: + + Debian 4.0 (etch) + fai-kernels 1.17+etch.18etch6 + user-mode-linux 2.6.18-1um-2etch.18etch6 + +You may use an automated update by adding the resources from the +footer to the proper configuration. + +Debian GNU/Linux 4.0 alias etch +------------------------------- + +Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, powerpc, s390 and sparc. + + + These changes will probably be included in the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> |