new draft

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1239 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 107 insertions, 0 deletions

diff --git a/dsa-texts/2.6.18.dfsg.1-22etch3 b/dsa-texts/2.6.18.dfsg.1-22etch3
new file mode 100644
index 00000000..0a905249
--- /dev/null
+++ b/dsa-texts/2.6.18.dfsg.1-22etch3
@@ -0,0 +1,107 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security@debian.org
+http://www.debian.org/security/                           dann frazier
+Oct 13, 2008                        http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : denial of service/information leak
+Problem type   : several
+Debian-specific: no
+CVE Id(s)      : CVE-2007-6716 CVE-2008-1514 CVE-2008-3276 CVE-2008-3525
+                 CVE-2008-3833 CVE-2008-4210 CVE-2008-4302
+
+Several vulnerabilities have been discovered in the Linux kernel that may
+lead to a denial of service or arbitrary code execution. The Common
+Vulnerabilities and Exposures project identifies the following
+problems:
+
+CVE-2007-6716
+
+    Joe Jin reported a local denial of service vulnerability that allows
+    local users to trigger an oops due to an improperly initialized data
+    structure.
+
+CVE-2008-1514
+
+    Jan Kratochvil reported a denial of service vulnerability in the ptrace
+    interface for the s390 architecture. Local users can trigger an invalid
+    pointer dereference, leading to a system panic.
+
+CVE-2008-3276
+
+    Eugene Teo reported an integer overflow in the DCCP subsystem that
+    may allow remote attackers to cause a denial of service in the form
+    of a kernel panic.
+
+CVE-2008-3525
+
+    Eugene Teo reported a lack of capability checks in the kernel driver for
+    Granch SBNI12 leased line adapters (sbni), allowing local users to perform
+    privileged operations.
+
+CVE-2008-3833
+
+    The S_ISUID/S_ISGID bits were not being cleared during an inode splice,
+    which, under certain conditions, can be exploited by local users to obtain
+    the privileges of a group for which they are not a member. Mark Fasheh
+    reported this issue.
+
+CVE-2008-4210
+
+    David Watson reported an issue in the open()/creat() system calls which,
+    under certain conditions, can be exploited by local users to obtain the
+    privileges of a group for which they are not a member.
+
+CVE-2008-4302
+
+    A coding error in the splice subsystem allows local users to attempt to
+    unlock a page structure that has not been locked, resulting in a system
+    crash.
+
+For the stable distribution (etch), this problem has been fixed in
+version 2.6.18.dfsg.1-22etch3.
+
+We recommend that you upgrade your linux-2.6, fai-kernels, and
+user-mode-linux packages.
+
+Upgrade instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+The following matrix lists additional source packages that were rebuilt for
+compatability with or to take advantage of this update:
+
+                                             Debian 4.0 (etch)
+     fai-kernels                             1.17+etch.22etch3
+     user-mode-linux                         2.6.18-1um-2etch.22etch3
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+Debian GNU/Linux 4.0 alias etch
+-------------------------------
+
+Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
+
+
+  These changes will probably be included in the stable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce@lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>