diff options
author | dann frazier <dannf@debian.org> | 2008-12-02 21:49:06 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2008-12-02 21:49:06 +0000 |
commit | 42b58400ab63a59d5249229e93df8a28b470df36 (patch) | |
tree | 3d73d7a0cceb0c216941e65534959d05c338e940 /dsa-texts/2.6.24-6~etchnhalf.7 | |
parent | b65e956afde14ef5bcc2618dc2cd6eba12c2d805 (diff) |
new dsa draft
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1270 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.24-6~etchnhalf.7')
-rw-r--r-- | dsa-texts/2.6.24-6~etchnhalf.7 | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/dsa-texts/2.6.24-6~etchnhalf.7 b/dsa-texts/2.6.24-6~etchnhalf.7 new file mode 100644 index 00000000..2ef4c751 --- /dev/null +++ b/dsa-texts/2.6.24-6~etchnhalf.7 @@ -0,0 +1,122 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-16XX-1 security@debian.org +http://www.debian.org/security/ dann frazier, Alexander Prinsier +Dec XX, 2008 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6.24 +Vulnerability : denial of service/privilege escalation +Problem type : local/remote +Debian-specific: no +CVE Id(s) : CVE-2008-3528 CVE-2008-4554 CVE-2008-4576 CVE-2008-4618 + CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029 + CVE-2008-5134 CVE-2008-5182 CVE-2008-5300 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a denial of service or privilege escalation. The Common +Vulnerabilities and Exposures project identifies the following problems: + +CVE-2008-3528 + + Eugene Teo reported a local DoS issue in the ext2 and ext3 filesystems. + Local users who have been granted the privileges necessary to mount + a filesystem would be able to craft a corrupted filesystem that + causes the kernel to output error messages in an infinit loop. + +CVE-2008-4554 + + Milos Szeredi reported that the usage of splice() on files opened + with O_APPEND allows users to write to the file at arbitrary offsets, + allowing a bypass of possible assumed semantics of the O_APPEND flag. + +CVE-2008-4576 + + Vlad Yasevich reported an issue in the SCTP subsystem that may allow + remote users to cause a local DoS by triggering a kernel oops. + +CVE-2008-4618 + + Wei Yongjun reported an issue in the SCTP subsystem that may allow + remote users to cause a local DoS by triggering a kernel panic. + +CVE-2008-4933 + + Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. + Local users who have been granted the privileges necessary to mount + a filesystem would be able to craft a corrupted filesystem that + causes the kernel to overrun a buffer, resulting in a system oops or + memory corruption. + +CVE-2008-4934 + + Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. + Local users who have been granted the privileges necessary to mount + a filesystem would be able to craft a corrupted filesystem that + results in a kernel oops. + +CVE-2008-5025 + + Eric Sesterhenn reported a local DoS issue in the hfs filesystem. + Local users who have been granted the privileges necessary to mount + a filesystem would be able to craft a filesystem with a corrupted + catalog name length, resulting in a system oops or memory corruption. + +CVE-2008-5029 + + Andrea Bittau reported a DoS issue in the unix socket subsystem that + allows a local user to cause memory corruption, resulting in a kernel + panic. + +CVE-2008-5134 + + Johannes Berg reported a remote DoS issue in the libertas wireless driver, + which can be caused by a specially crafted beacon/probe response. + +CVE-2008-5182 + + Al Viro reported race conditions in the inotify subsystem that may + allow local users to acquire elevated privileges. + +CVE-2008-5300 + + dann frazier reported a DoS condition that allows local users to cause + the out of memory handler to kill off privileged processes or trigger + soft lockups due to a starvation issue in the unix socket subsystem. + +For the stable distribution (etch), these problems have been fixed in +version 2.6.24-6~etchnhalf.7. + +We recommend that you upgrade your linux-2.6.24 packages. + +Upgrade instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +You may use an automated update by adding the resources from the +footer to the proper configuration. + +Debian GNU/Linux 4.0 alias etch +------------------------------- + + XXXX + + These changes will probably be included in the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> |