diff options
author | dann frazier <dannf@debian.org> | 2008-10-13 05:03:48 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2008-10-13 05:03:48 +0000 |
commit | c40de01018b641e436473b65faedd873a39bd42f (patch) | |
tree | 5fe8c76a986884ac0c22f1b7901134289e2de893 | |
parent | 1fa64043e2e74d6bec2ac48498a0fcd4871626de (diff) |
new draft
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1239 e094ebfe-e918-0410-adfb-c712417f3574
-rw-r--r-- | dsa-texts/2.6.18.dfsg.1-22etch3 | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/dsa-texts/2.6.18.dfsg.1-22etch3 b/dsa-texts/2.6.18.dfsg.1-22etch3 new file mode 100644 index 00000000..0a905249 --- /dev/null +++ b/dsa-texts/2.6.18.dfsg.1-22etch3 @@ -0,0 +1,107 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ dann frazier +Oct 13, 2008 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : denial of service/information leak +Problem type : several +Debian-specific: no +CVE Id(s) : CVE-2007-6716 CVE-2008-1514 CVE-2008-3276 CVE-2008-3525 + CVE-2008-3833 CVE-2008-4210 CVE-2008-4302 + +Several vulnerabilities have been discovered in the Linux kernel that may +lead to a denial of service or arbitrary code execution. The Common +Vulnerabilities and Exposures project identifies the following +problems: + +CVE-2007-6716 + + Joe Jin reported a local denial of service vulnerability that allows + local users to trigger an oops due to an improperly initialized data + structure. + +CVE-2008-1514 + + Jan Kratochvil reported a denial of service vulnerability in the ptrace + interface for the s390 architecture. Local users can trigger an invalid + pointer dereference, leading to a system panic. + +CVE-2008-3276 + + Eugene Teo reported an integer overflow in the DCCP subsystem that + may allow remote attackers to cause a denial of service in the form + of a kernel panic. + +CVE-2008-3525 + + Eugene Teo reported a lack of capability checks in the kernel driver for + Granch SBNI12 leased line adapters (sbni), allowing local users to perform + privileged operations. + +CVE-2008-3833 + + The S_ISUID/S_ISGID bits were not being cleared during an inode splice, + which, under certain conditions, can be exploited by local users to obtain + the privileges of a group for which they are not a member. Mark Fasheh + reported this issue. + +CVE-2008-4210 + + David Watson reported an issue in the open()/creat() system calls which, + under certain conditions, can be exploited by local users to obtain the + privileges of a group for which they are not a member. + +CVE-2008-4302 + + A coding error in the splice subsystem allows local users to attempt to + unlock a page structure that has not been locked, resulting in a system + crash. + +For the stable distribution (etch), this problem has been fixed in +version 2.6.18.dfsg.1-22etch3. + +We recommend that you upgrade your linux-2.6, fai-kernels, and +user-mode-linux packages. + +Upgrade instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +The following matrix lists additional source packages that were rebuilt for +compatability with or to take advantage of this update: + + Debian 4.0 (etch) + fai-kernels 1.17+etch.22etch3 + user-mode-linux 2.6.18-1um-2etch.22etch3 + +You may use an automated update by adding the resources from the +footer to the proper configuration. + +Debian GNU/Linux 4.0 alias etch +------------------------------- + +Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. + + + These changes will probably be included in the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> |