diff options
author | dann frazier <dannf@debian.org> | 2009-10-21 06:56:06 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2009-10-21 06:56:06 +0000 |
commit | e046f9f61bbc2573e40ff35d735aa6551a64b47a (patch) | |
tree | 5c48c83afc3a52eab1558d471eaec283cd1e074f /dsa-texts/2.6.26-19lenny1 | |
parent | 07e0715c4fcd0ec011d8e9e095904b81a15757af (diff) |
new text
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1535 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.26-19lenny1')
-rw-r--r-- | dsa-texts/2.6.26-19lenny1 | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/dsa-texts/2.6.26-19lenny1 b/dsa-texts/2.6.26-19lenny1 new file mode 100644 index 00000000..cf8b5eff --- /dev/null +++ b/dsa-texts/2.6.26-19lenny1 @@ -0,0 +1,147 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ dann frazier +October 21, 2009 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service/sensitive memory leak +Problem type : local/remote +Debian-specific: no +CVE Id(s) : CVE-2009-2695 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 + CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3286 + CVE-2009-3290 CVE-2009-3613 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a denial of service, sensitive memory leak or privilege escalation. +The Common Vulnerabilities and Exposures project identifies the following +problems: + +CVE-2009-2695 + + Eric Paris provided several fixes to increase the protection + provided by the mmap_min_addr tunable against NULL pointer + dereference vulnerabilities. + + Unless your system needs to run applications that require mapping low + addresses (such as wine or dosemu), it is recommended to increase + the value of mmap_min_addr to protect against NULL pointer exploits. + This can be configured using the procps package: + # echo "vm.mmap_min_addr = 32768" > /etc/sysctl.d/mmap_min_addr.conf + # /etc/init.d/procps restart + +CVE-2009-2903 + + Mark Smith discovered a memory leak in the appletalk implementation. + When the appletalk and ipddp modules are loaded, but no ipddp"N" device is + found, remote attackers can cause a denial of service by consuming + large amounts of system memory. + +CVE-2009-2908 + + Loïc Minier discovered an issue in the eCryptfs filesystem. A local + user can cause a denial of service (kernel oops) by causing a dentry + value to go negative. + +CVE-2009-2909 + + Arjan van de Ven discovered an issue in the AX.25 protocol + implementation. A specially crafted call to setsockopt() can + result in a denial of service (kernel oops). + +CVE-2009-2910 + + Jan Beulich discovered the existence of a sensitive kernel memory + leak. Systems running the 'amd64' kernel do not properly sanitize + registers for 32-bit processes. + +CVE-2009-3001 + + Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC + implementation. This is not exploitable in the Debian lenny kernel as root + privileges are required to exploit this issue. + +CVE-2009-3002 + + Eric Dumazet fixed several sensitive memory leaks in the IrDA, + X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area + Network (CAN) implementations. Local users can exploit these issues + to gain access to kernel memory. + +CVE-2009-3286 + + Eric Paris discovered an issue with the NFSv4 server implementation. + When an O_EXCL create fails, files may be left with corrupted + permissions, possibly granting unintenional privileges to other + local users. + +CVE-2009-3290 + + Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM + does not prevent access to MMU hypercalls from ring 0, which allows + local guest OS users to cause a denial of service (guest kernel crash) + and read or write guest kernel memory. + +CVE-2009-3613 + + Alistair Strachan reported an issue in the r8169 driver. Remote users + can cause a denial of service (IOMMU space exhaustion and system crash) + by transmitting a large amount of jumbo frames. + +For the stable distribution (lenny), this problem has been fixed in +version 2.6.26-19lenny1. + +For the oldstable distribution (etch), these problems, where +applicable, will be fixed in updates to linux-2.6 and linux-2.6.24. + +We recommend that you upgrade your linux-2.6 and user-mode-linux +packages. + +Note: Debian carefully tracks all known security issues across every +linux kernel package in all releases under active security support. +However, given the high frequency at which low-severity security +issues are discovered in the kernel and the resource requirements of +doing an update, updates for lower priority issues will normally not +be released for all kernels at the same time. Rather, they will be +released in a staggered or "leap-frog" fashion. + +Upgrade instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +The following matrix lists additional source packages that were rebuilt for +compatibility with or to take advantage of this update: + + Debian 5.0 (lenny) + user-mode-linux 2.6.26-1um-2+19lenny1 + +You may use an automated update by adding the resources from the +footer to the proper configuration. + +Debian GNU/Linux 5.0 alias lenny +-------------------------------- + +Stable updates are currently available for alpha, arm, amd64, armel, hppa, i386, ia64, mips, mipsel, powerpc, sparc, and s390. + +XXXX + + These changes will probably be included in the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> |