diff options
author | dann frazier <dannf@debian.org> | 2008-09-10 21:31:09 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2008-09-10 21:31:09 +0000 |
commit | 95e0bfc463383c72bdee090d613e87e8a41a6d51 (patch) | |
tree | cb4b060c2e6b39b42917960e91358ed91c25db9f /dsa-texts/2.6.24-6~etchnhalf.5 | |
parent | c14f859e951a4854d21fd5ea67839d53de7947d9 (diff) |
start work on first 2.6.24 DSA
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1220 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.24-6~etchnhalf.5')
-rw-r--r-- | dsa-texts/2.6.24-6~etchnhalf.5 | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/dsa-texts/2.6.24-6~etchnhalf.5 b/dsa-texts/2.6.24-6~etchnhalf.5 new file mode 100644 index 00000000..f850a8ed --- /dev/null +++ b/dsa-texts/2.6.24-6~etchnhalf.5 @@ -0,0 +1,101 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ dann frazier +Sep 11, 2008 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6.24 +Vulnerability : denial of service/information leak +Problem type : several +Debian-specific: no +CVE Id(s) : CVE-2008-3272 CVE-2008-3275 CVE-2008-3276 CVE-2008-3526 + CVE-2008-3534 CVE-2008-3535 CVE-2008-3792 CVE-2008-3915 + +Several vulnerabilities have been discovered in the Linux kernel that may +lead to a denial of service or arbitrary code execution. The Common +Vulnerabilities and Exposures project identifies the following +problems: + +CVE-2008-3272 + + Tobias Klein reported a locally exploitable data leak in the + snd_seq_oss_synth_make_info() function. This may allow local users + to gain access to sensitive information. + +CVE-2008-3275 + + Zoltan Sogor discovered a coding error in the VFS that allows local users + to exploit a kernel memory leak resulting in a denial of service. + +CVE-2008-3276 + + Eugene Teo reported an integer overflow in the DCCP subsystem that + may allow remote attackers to cause a denial of service in the form + of a kernel panic. + +CVE-2008-3526 + + Eugene Teo reported a missing bounds check in the SCTP subsystem. + By exploiting an integer overflow in the SCTP_AUTH_KEY handling code, + remote attackers may be able to cause a denial of service in the form + of a kernel panic. + +CVE-2008-3534 + + Kel Modderman reported an issue in the tmpfs filesystem that allows + local users to crash a system by triggering a kernel BUG() assertion. + +CVE-2008-3535 + + Alexey Dobriyan discovered an off-by-one-error in the iov_iter_advance + function which can be exploited by local users to crash a system, + resulting in a denial of service. + +CVE-2008-3792 + + Vlad Yasevich reported several NULL pointer reference conditions in + the SCTP subsystem that can be triggered by entering sctp-auth codepaths + when the AUTH feature is inactive. This may allow attackers to cause + a denial of service condition via a system panic. + +CVE-2008-3915 + + Johann Dahm and David Richter reported and issue in the nfsd subsystem + that may allow remote attackers to cause a denial of service via a + buffer overflow. + +For the stable distribution (etch), this problem has been fixed in +version 2.6.22-6~etchnhalf.5. + +We recommend that you upgrade your linux-2.6.24 packages. + +Upgrade instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +You may use an automated update by adding the resources from the +footer to the proper configuration. + +Debian GNU/Linux 4.0 alias etch +------------------------------- + + These changes will probably be included in the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> |