diff options
author | dann frazier <dannf@debian.org> | 2011-06-18 00:00:34 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2011-06-18 00:00:34 +0000 |
commit | 3592889eb8b580b230a09dcb5b1ad3cfee714023 (patch) | |
tree | 64fae1efa35a777173c85f1bc58b87015d4b2f81 | |
parent | 7f369f024063bb5555eb543c52a24f73f6e509e3 (diff) |
new dsa draft. most of the text is copied from the recent squeeze update; new issues are marked with an "*"
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2353 e094ebfe-e918-0410-adfb-c712417f3574
-rw-r--r-- | dsa-texts/2.6.26-26lenny3 | 275 |
1 files changed, 275 insertions, 0 deletions
diff --git a/dsa-texts/2.6.26-26lenny3 b/dsa-texts/2.6.26-26lenny3 new file mode 100644 index 00000000..6833744c --- /dev/null +++ b/dsa-texts/2.6.26-26lenny3 @@ -0,0 +1,275 @@ +------------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ dann frazier +June XX, 2011 http://www.debian.org/security/faq +------------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service/information leak +Problem type : local/remote +Debian-specific: no +CVE Id(s) : CVE-2010-2524 CVE-2010-3875 CVE-2010-4075 CVE-2010-4243 + CVE-2010-4655 CVE-2011-0695 CVE-2011-0710 CVE-2011-0711 + CVE-2011-0726 CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 + CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 + CVE-2011-1093 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 + CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 + CVE-2011-1182 CVE-2011-1477 CVE-2011-1493 CVE-2011-1577 + CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 + CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1768 + CVE-2011-1776 CVE-2011-2022 CVE-2011-2182 +Debian Bug : 618485 + +Several vulnerabilities have been discovered in the Linux kernel that may lead +to a privilege escalation, denial of service or information leak. The Common +Vulnerabilities and Exposures project identifies the following problems: + +*CVE-2010-2524 + + David Howells reported an issue in the Common Internet File System (CIFS). + Local users could cause arbitrary CIFS shares to be mounted by introducing + malicious redirects. + +CVE-2010-3875 + + Vasiliy Kulikov discovered an issue in the Linux implementation of the + Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to + sensitive kernel memory. + +*CVE-2010-4075 + + Dan Rosenberg reported an issue in the tty layer that may allow local + users to obtain access to sensitive kernel memory. + +*CVE-2010-4655 + + Kees Cook discovered several issues in the ethtool interface which may + allow local users with the CAP_NET_ADMIN capability to obtain access to + sensitive kernel memory. + +CVE-2011-0695 + + Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can + exploit a race condition to cause a denial of service (kernel panic). + +*CVE-2011-0710 + + Al Viro reported an issue in the /proc/<pid>/status interface on the + s390 architecture. Local users could gain access to sensitive memory + in processes they do not own via the task_show_regs entry. + +CVE-2011-0711 + + Dan Rosenberg reported an issue in the XFS filesystem. Local users may + obtain access to sensitive kernel memory. + +CVE-2011-0726 + + Kees Cook reported an issue in the /proc/pid/stat implementation. Local + users could learn the text location of a process, defeating protections + provided by address space layout randomization (ASLR). + +*CVE-2011-1010 + + Timo Warns reported an issue in the Linux support for Mac partition tables. + Local users with physical access could cause a denial of service (panic) + by adding a storage device with a malicious map_count value. + +*CVE-2011-1012 + + Timo Warns reported an issue in the Linux support for Mac partition tables. + Local users with physical access could cause a denial of service (panic) + by adding a storage device with a malicious map_count value. + +*CVE-2011-1017 + + Timo Warns reported an issue in the Linux support for LDM partition tables. + Users with physical access can gain access to sensitive kernel memory or + gain elevated privileges by adding a storage device with a specially + crafted LDM partition. + + CVE-2011-1078 + + Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users + can obtain access to sensitive kernel memory. + +CVE-2011-1079 + + Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users + with the CAP_NET_ADMIN capability can cause a denial of service (kernel + Oops). + +CVE-2011-1080 + + Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users + can obtain access to sensitive kernel memory. + +CVE-2011-1090 + + Neil Horman discovered a memory leak in the setacl() call on NFSv4 + filesystems. Local users can exploit this to cause a denial of service + (Oops). + +*CVE-2011-1093 + + Johan Hovold reported an issue in the Datagram Congestion Control Protocol + (DCCP) implementation. Remote users could cause a denial of service by + sending data after closing a socket. + +CVE-2011-1160 + + Peter Huewe reported an issue in the Linux kernel's support for TPM security + chips. Local users with permission to open the device can gain access to + sensitive kernel memory. + +CVE-2011-1163 + + Timo Warns reported an issue in the kernel support for Alpha OSF format disk + partitions. Users with physical access can gain access to sensitive kernel + memory by adding a storage device with a specially crafted OSF partition. + +CVE-2011-1170 + + Vasiliy Kulikov reported an issue in the Netfilter arp table + implementation. Local users with the CAP_NET_ADMIN capability can gain + access to sensitive kernel memory. + +CVE-2011-1171 + + Vasiliy Kulikov reported an issue in the Netfilter IP table + implementation. Local users with the CAP_NET_ADMIN capability can gain + access to sensitive kernel memory. + +CVE-2011-1172 + + Vasiliy Kulikov reported an issue in the Netfilter IP6 table + implementation. Local users with the CAP_NET_ADMIN capability can gain + access to sensitive kernel memory. + +CVE-2011-1173 + + Vasiliy Kulikov reported an issue in the Acorn Econet protocol + implementation. Local users can obtain access to sensitive kernel memory on + systems that use this rare hardware. + +CVE-2011-1180 + + Dan Rosenberg reported a buffer overflow in the Information Access Service + of the IrDA protocol, used for Infrared devices. Remote attackers within IR + device range can cause a denial of service or possibly gain elevated + privileges. + +CVE-2011-1182 + + Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local + users can generate signals with falsified source pid and uid information. + +CVE-2011-1477 + + Dan Rosenberg reported issues in the Open Sound System driver for cards that + include a Yamaha FM synthesizer chip. Local users can cause memory + corruption resulting in a denial of service. This issue does not affect + official Debian Linux image packages as they no longer provide support for + OSS. However, custom kernels built from Debians linux-source-2.6.32 may + have enabled this configuration and would therefore be vulnerable. + +CVE-2011-1493 + + Dan Rosenburg reported two issues in the Linux implementation of the Amateur + Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of service + by providing specially crafted facilities fields. + +*CVE-2011-1577 + + Timo Warns reported an issue in the Linux support for GPT partition tables. + Local users with physical access could cause a denial of service (Oops) + by adding a storage device with a malicious partition table header. + +CVE-2011-1593 + + Robert Swiecki reported a signednes issue in the next_pidmap() function, + which can be exploited my local users to cause a denial of service. + +CVE-2011-1598 + + Dave Jones reported an issue in the Broadcast Manager Controller Area + Network (CAN/BCM) protocol that may allow local users to cause a NULL + pointer dereference, resulting in a denial of service. + +CVE-2011-1745 + + Vasiliy Kulikov reported an issue in the Linux support for AGP devices. + Local users can obtain elevated privileges or cause a denial of service due + to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian + installations, this is exploitable only by users in the video group. + +CVE-2011-1746 + + Vasiliy Kulikov reported an issue in the Linux support for AGP devices. + Local users can obtain elevated privileges or cause a denial of service due + to missing bounds checking in the agp_allocate_memory and + agp_create_user_memory. On default Debian installations, this is exploitable + only by users in the video group. + +CVE-2011-1748 + + Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw + socket implementation which permits ocal users to cause a NULL pointer + dereference, resulting in a denial of service. + +CVE-2011-1759 + + Dan Rosenberg reported an issue in the support for executing "old ABI" + binaries on ARM processors. Local users can obtain elevated privileges due + to insufficient bounds checking in the semtimedop system call. + +CVE-2011-1767 + + Alexecy Dobriyan reported an issue in the GRE over IP implementation. + Remote users can cause a denial of service by sending a packet during module + initialization. + +*CVE-2011-1768 + + Alexecy Dobriyan reported an issue in the IP tunnels implementation. + Remote users can cause a denial of service by sending a packet during + module initialization. + +CVE-2011-1776 + + Timo Warns reported an issue in the Linux implementation for GUID + partitions. Users with physical access can gain access to sensitive kernel + memory by adding a storage device with a specially crafted corrupted invalid + partition table. + +CVE-2011-2022 + + Vasiliy Kulikov reported an issue in the Linux support for AGP devices. + Local users can obtain elevated privileges or cause a denial of service due + to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian + installations, this is exploitable only by users in the video group. + +*CVE-2011-2182 + + Ben Hutchings reported an issue with the fix for CVE-2011-1017 (see above) + that made it insufficient to resolve the issue. + +For the stable distribution (lenny), this problem has been fixed in +version 2.6.26-26lenny2. + +The following matrix lists additional source packages that were rebuilt for +compatibility with or to take advantage of this update: + + Debian 5.0 (lenny) + user-mode-linux 2.6.26-1um-2+26lenny3 + +We recommend that you upgrade your linux-2.6 and user-mode-linux packages. + +Note that these updates will not become active until after your system is +rebooted. + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: http://www.debian.org/security/ + +Mailing list: debian-security-announce@lists.debian.org |