rename old dsa text files to include the full version string, otherwise

we may get a version clash soon


git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1147 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 177 insertions, 0 deletions

diff --git a/dsa-texts/2.4.27-10sarge2 b/dsa-texts/2.4.27-10sarge2
new file mode 100644
index 00000000..260f350f
--- /dev/null
+++ b/dsa-texts/2.4.27-10sarge2
@@ -0,0 +1,177 @@
+Subject: New Linux kernel 2.4.27 packages fix several issues
+
+--------------------------------------------------------------------------
+Debian Security Advisory DSA XXX-1                     security@debian.org
+http://www.debian.org/security/                 Dann Frazier, Simon Horman
+XXXXX 8th, 2005                         http://www.debian.org/security/faq
+--------------------------------------------------------------------------
+
+Package        : kernel-source-2.4.27
+Vulnerability  : several
+Problem-Type   : local/remote
+Debian-specific: no
+CVE IDs        : CVE-2004-0887 CVE-2004-1058 CVE-2004-2607 CVE-2005-0449 CVE-2005-1761 CVE-2005-2457 CVE-2005-2555 CVE-2005-2709 CVE-2005-2973 CVE-2005-3257 CVE-2005-3783 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4618
+Debian Bug     : 
+
+Several local and remote vulnerabilities have been discovered in the Linux
+kernel that may lead to a denial of service or the execution of arbitrary
+code. The Common Vulnerabilities and Exposures project identifies the
+following problems:
+
+CVE-2004-0887
+
+    Martin Schwidefsky discovered that the privileged instruction SACF (Set
+    Address Space Control Fast) on the S/390 platform is not handled properly, 
+    allowing for a local user to gain root privileges.
+
+CVE-2004-1058
+
+    A race condition allows for a local user to read the environment variables
+    of another process that is still spawning through /proc/.../cmdline.
+
+CVE-2004-2607
+
+    A numeric casting discrepancy in sdla_xfer allows local users to read
+    portions of kernel memory via a large len argument which is received as an
+    int but cast to a short, preventing read loop from filling a buffer.
+
+CVE-2005-0449
+    
+    An error in the skb_checksum_help() function from the netfilter framework
+    has been discovered that allows the bypass of packet filter rules or
+    a denial of service attack.
+
+CVE-2005-1761
+
+    A vulnerability in the ptrace subsystem of the IA-64 architecture can 
+    allow local attackers to overwrite kernel memory and crash the kernel.
+
+CVE-2005-2457
+
+    Tim Yamin discovered that insufficient input validation in the compressed
+    ISO file system (zisofs) allows a denial of service attack through
+    maliciously crafted ISO images.
+
+CVE-2005-2555
+
+    Herbert Xu discovered that the setsockopt() function was not restricted to
+    users/processes with the CAP_NET_ADMIN capability. This allows attackers to
+    manipulate IPSEC policies or initiate a denial of service attack. 
+
+CVE-2005-2709
+
+    Al Viro discovered a race condition in the /proc handling of network devices.
+    A (local) attacker could exploit the stale reference after interface shutdown
+    to cause a denial of service or possibly execute code in kernel mode.
+
+CVE-2005-2973
+ 
+    Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code
+    can be forced into an endless loop, which allows a denial of service attack.
+
+CVE-2005-3257
+
+    Rudolf Polzer discovered that the kernel improperly restricts access to the
+    KDSKBSENT ioctl, which can possibly lead to privilege escalation.
+
+CVE-2005-3783
+
+    The ptrace code using CLONE_THREAD didn't use the thread group ID to
+    determine whether the caller is attaching to itself, which allows a denial
+    of service attack.
+
+CVE-2005-3806
+
+    Yen Zheng discovered that the IPv6 flow label code modified an incorrect variable,
+    which could lead to memory corruption and denial of service.
+
+CVE-2005-3848
+
+    Ollie Wild discovered a memory leak in the icmp_push_reply() function, which
+    allows denial of service through memory consumption.
+
+CVE-2005-3857
+
+    Chris Wright discovered that excessive allocation of broken file lock leases
+    in the VFS layer can exhaust memory and fill up the system logging, which allows
+    denial of service.
+
+CVE-2005-3858
+
+    Patrick McHardy discovered a memory leak in the ip6_input_finish() function from
+    the IPv6 code, which allows denial of service.
+
+CVE-2005-4618
+
+    Yi Ying discovered that sysctl does not properly enforce the size of a
+    buffer, which allows a denial of service attack.
+
+The following matrix explains which kernel version for which architecture
+fix the problems mentioned above:
+
+                                     Debian 3.1 (sarge)
+     Source                          2.4.27-10sarge2
+     Alpha architecture              2.4.27-10sarge2
+     ARM architecture                2.4.27-2sarge2
+     Intel IA-32 architecture        2.4.27-10sarge2
+     Intel IA-64 architecture        2.4.27-10sarge2
+     Motorola 680x0 architecture     2.4.27-3sarge2
+     Big endian MIPS architecture    2.4.27-10.sarge1.040815-2
+     Little endian MIPS architecture 2.4.27-10.sarge1.040815-2
+     PowerPC architecture            2.4.27-10sarge2
+     IBM S/390 architecture          2.4.27-2sarge2
+     Sun Sparc architecture          2.4.27-9sarge2
+
+The following matrix lists additional packages that were rebuilt for
+compatability with or to take advantage of this update:
+
+                                     Debian 3.1 (sarge)
+     kernel-latest-2.4-alpha         101sarge1
+     kernel-latest-2.4-i386          101sarge1
+     kernel-latest-2.4-s390          2.4.27-1sarge1
+     kernel-latest-2.4-sparc         42sarge1
+     kernel-latest-powerpc           102sarge1
+     fai-kernels                     1.9.1sarge1
+     i2c                             1:2.9.1-1sarge1
+     kernel-image-speakup-i386       2.4.27-1.1sasrge1
+     lm-sensors                      1:2.9.1-1sarge3
+     mindi-kernel                    2.4.27-2sarge1
+     pcmcia-modules-2.4.27-i386      3.2.5+2sarge1
+     systemimager                    3.2.3-6sarge1
+
+We recommend that you upgrade your kernel package immediately and reboot
+the machine. If you have built a custom kernel from the kernel source
+package, you will need to rebuild to take advantage of these fixes.
+
+Upgrade Instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+
+Debian GNU/Linux 3.1 alias sarge
+--------------------------------
+
+
+  These files will probably be moved into the stable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce@lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>