first draft

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1138 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 206 insertions, 0 deletions

diff --git a/dsa-texts/2.4.27-10sarge6 b/dsa-texts/2.4.27-10sarge6
new file mode 100644
index 00000000..544b0410
--- /dev/null
+++ b/dsa-texts/2.4.27-10sarge6
@@ -0,0 +1,206 @@
+Subject: New Linux kernel 2.4.27 packages fix several issues
+
+--------------------------------------------------------------------------
+Debian Security Advisory DSA XXX-1                     security@debian.org
+http://www.debian.org/security/                               Dann Frazier
+XXXXX 8th, 2005                         http://www.debian.org/security/faq
+--------------------------------------------------------------------------
+
+Package        : kernel-source-2.4.27
+Vulnerability  : several
+Problem-Type   : local/remote
+Debian-specific: no
+CVE ID         : CVE-2004-2731 CVE-2006-4814 CVE-2006-5753 CVE-2006-5823
+                 CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353
+                 CVE-2007-1592 CVE-2007-2172 CVE-2007-2525 CVE-2007-3848
+                 CVE-2007-4308 CVE-2007-4311 CVE-2007-5093 CVE-2007-6063
+                 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007
+                 
+Several local and remote vulnerabilities have been discovered in the Linux
+kernel that may lead to a denial of service or the execution of arbitrary
+code. The Common Vulnerabilities and Exposures project identifies the
+following problems:
+
+CVE-2004-2731
+
+    infamous41md reported multiple integer overflows in the Sbus PROM
+    driver that would allow for a DoS (Denial of Service) attack by a
+    local user, and possibly the execution of arbitrary code.
+
+CVE-2006-4814
+
+    Doug Chapman discovered a potential local DoS (deadlock) in the mincore
+    function caused by improper lock handling.
+
+CVE-2006-5753
+
+    Eric Sandeen provided a fix for a local memory corruption vulnerability
+    resulting from a misinterpretation of return values when operating on
+    inodes which have been marked bad.
+
+CVE-2006-5823
+
+    LMH reported a potential local DoS which could be exploited by a malicious
+    user with the privileges to mount and read a corrupted cramfs filesystem.
+
+CVE-2006-6053
+
+    LMH reported a potential local DoS which could be exploited by a malicious
+    user with the privileges to mount and read a corrupted ext3 filesystem.
+
+CVE-2006-6054
+
+    LMH reported a potential local DoS which could be exploited by a malicious
+    user with the privileges to mount and read a corrupted ext2 filesystem.
+
+CVE-2006-6106
+
+    Marcel Holtman discovered multiple buffer overflows in the Bluetooth
+    subsystem which can be used to trigger a remote DoS (crash) and potentially
+    execute arbitray code.
+
+CVE-2007-1353
+
+    Ilja van Sprundel discovered that kernel memory could be leaked via the
+    Bluetooth setsockopt call due to an uninitialized stack buffer. This
+    could be used by local attackers to read the contents of sensitive kernel
+    memory.
+
+CVE-2007-1592
+
+    Masayuki Nakagawa discovered that flow labels were inadvertently
+    being shared between listening sockets and child sockets. This defect
+    can be exploited by local users to cause a DoS (Oops).
+
+CVE-2007-2172
+
+    Thomas Graf reported a typo in the DECnet protocol handler that could
+    be used by a local attacker to overrun an array via crafted packets,
+    potentially resulting in a Denial of Service (system crash).
+    A similar issue exists in the IPV4 protocol handler and will be fixed
+    in a subsequent update.
+
+CVE-2007-2525
+
+    Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused
+    by releasing a socket before PPPIOCGCHAN is called upon it. This could
+    be used by a local user to DoS a system by consuming all available memory.
+
+CVE-2007-3848
+
+    Wojciech Purczynski discovered that pdeath_signal was not being reset
+    properly under certain conditions which may allow local users to gain
+    privileges by sending arbitrary signals to suid binaries.
+
+CVE-2007-4308
+
+    Alan Cox reported an issue in the aacraid driver that allows unprivileged
+    local users to make ioctl calls which should be restricted to admin
+    privileges.
+
+CVE-2007-4311
+
+    PaX team discovered an issue in the random driver where a defect in the
+    reseeding code leads to a reduction in entropy.
+
+CVE-2007-5093
+
+    Alex Smith discovered an issue with the pwc driver for certain webcam
+    devices. If the device is removed while a userspace application has it
+    open, the driver will wait for userspace to close the device, resulting
+    in a blocked USB subsystem. This issue is of low security impact as
+    it requires the attacker to either have physical access to the system
+    or to convince a user with local access to remove the device on their
+    behalf.
+    
+CVE-2007-6063
+
+    Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl
+    handling, exploitable by a local user.
+
+CVE-2007-6151
+
+    ADLAB discovered a possible memory overrun in the ISDN subsystem that
+    may permit a local user to overwrite kernel memory leading by issuing
+    ioctls with unterminated data.
+
+CVE-2007-6206
+
+    Blake Frantz discovered that when a core file owned by a non-root user
+    exists, and a root-owned process dumps core over it, the core file
+    retains its original ownership. This could be used by a local user to
+    gain access to sensitive information.
+
+CVE-2007-6694
+
+    Cyrill Gorcunov reported a NULL pointer dereference in code specific
+    to the CHRP PowerPC platforms. Local users could exploit this issue
+    to achieve a Denial of Service (DoS).
+
+CVE-2008-0007
+
+    Nick Piggin of SuSE discovered a number of issues in subsystems which
+    register a fault handler for memory mapped areas. This issue can be
+    exploited by local users to achieve a Denial of Service (DoS) and possibly
+    execute arbitrary code.
+
+The following matrix explains which kernel version for which architecture
+fix the problems mentioned above:
+
+                                 Debian 3.1 (sarge)
+     Source                      2.4.27-10sarge6
+     Alpha architecture          2.4.27-10sarge6
+     ARM architecture            2.4.27-2sarge6
+     Intel IA-32 architecture    2.4.27-10sarge6
+     Intel IA-64 architecture    2.4.27-10sarge6
+     Motorola 680x0 architecture 2.4.27-3sarge6
+     Big endian MIPS             2.4.27-10.sarge4.040815-3
+     Little endian MIPS          2.4.27-10.sarge4.040815-3
+     PowerPC architecture        2.4.27-10sarge6
+     IBM S/390 architecture      2.4.27-2sarge6
+     Sun Sparc architecture      2.4.27-9sarge6
+
+The following matrix lists additional packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+                                 Debian 3.1 (sarge)
+     fai-kernels                 XXX
+     kernel-image-2.4.27-speakup XXX
+     mindi-kernel                XXX
+     systemimager                XXX
+
+We recommend that you upgrade your kernel package immediately and reboot
+the machine. If you have built a custom kernel from the kernel source
+package, you will need to rebuild to take advantage of these fixes.
+
+Upgrade Instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+
+Debian GNU/Linux 3.1 alias sarge
+--------------------------------
+
+  These files will probably be moved into the stable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce@lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>