diff options
author | dann frazier <dannf@debian.org> | 2009-08-16 15:53:59 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2009-08-16 15:53:59 +0000 |
commit | 3f9c4c4e4e84bb6bd906c68c5104e9098a00d404 (patch) | |
tree | d1869d5fb2278f3e830f30942aac02d7912d071a /dsa-texts/2.6.24-6~etchnhalf.8etch3 | |
parent | 6dff562cdcf642c149f96089ce1606eed7bf9087 (diff) |
new text
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1460 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.24-6~etchnhalf.8etch3')
-rw-r--r-- | dsa-texts/2.6.24-6~etchnhalf.8etch3 | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/dsa-texts/2.6.24-6~etchnhalf.8etch3 b/dsa-texts/2.6.24-6~etchnhalf.8etch3 new file mode 100644 index 00000000..68ea5b5b --- /dev/null +++ b/dsa-texts/2.6.24-6~etchnhalf.8etch3 @@ -0,0 +1,69 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ Dann Frazier +Aug 16, 2009 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6.24 +Vulnerability : privilege escalation +Problem type : local +Debian-specific: no +CVE Id(s) : CVE-2009-2692 + +A vulnerability has been discovered in the Linux kernel that may lead +to privilege escalation. The Common Vulnerabilities and Exposures project +identifies the following problem: + +CVE-2009-2692 + + Tavis Ormandy and Julien Tinnes discovered an issue with how the + sendpage function is initialized in the proto_ops structure. + Local users can exploit this vulnerability to gain elevated + privileges. + +For the stable distribution (etch), these problems have been fixed in +version 2.6.24-6~etchnhalf.8etch3. + +We recommend that you upgrade your linux-2.6.24 packages. + +Note: Debian 'etch' includes linux kernel packages based upon both the +2.6.18 and 2.6.24 linux releases. All known security issues are +carefully tracked against both packages and both packages will receive +security updates until security support for Debian 'etch' +concludes. However, given the high frequency at which low-severity +security issues are discovered in the kernel and the resource +requirements of doing an update, lower severity 2.6.18 and 2.6.24 +updates will typically release in a staggered or "leap-frog" fashion. + +Upgrade instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +You may use an automated update by adding the resources from the +footer to the proper configuration. + +Debian GNU/Linux 4.0 alias etch +------------------------------- + +Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. + + These changes will probably be included in the oldstable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> |