diff options
author | dann frazier <dannf@debian.org> | 2009-11-05 06:46:52 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2009-11-05 06:46:52 +0000 |
commit | 7cdeae48e2037cfec161bf94e18b13a20aef07d5 (patch) | |
tree | 24e4af9e95d2078fc2846e16a42975c41890d0b2 /dsa-texts/2.6.26-19lenny2 | |
parent | b0c752b803799a2219c608c31fc6cfcf733b0fe2 (diff) |
new text
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1573 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.26-19lenny2')
-rw-r--r-- | dsa-texts/2.6.26-19lenny2 | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/dsa-texts/2.6.26-19lenny2 b/dsa-texts/2.6.26-19lenny2 new file mode 100644 index 00000000..a5f352ec --- /dev/null +++ b/dsa-texts/2.6.26-19lenny2 @@ -0,0 +1,126 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ dann frazier +November 5, 2009 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service/sensitive memory leak +Problem type : local +Debian-specific: no +CVE Id(s) : CVE-2009-3228 CVE-2009-3238 CVE-2009-3547 CVE-2009-3612 + CVE-2009-3620 CVE-2009-3621 CVE-2009-3638 + +Notice: Debian 5.0.4, the next point release of Debian 'lenny', +will include a new default value for the mmap_min_addr tunable. +This change will add an additional safeguard against a class of security +vulnerabilities known as "NULL pointer dereference" vulnerabilities, but +it will need to be overridden when using certain applications. +Additional information about this change, including instructions for +making this change locally in advance of 5.0.4 (recommended), can be +found at: + http://wiki.debian.org/mmap_min_addr + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a denial of service, sensitive memory leak or privilege escalation. +The Common Vulnerabilities and Exposures project identifies the following +problems: + +CVE-2009-3228 + + Eric Dumazet reported an instance of uninitialized kernel memory + in the network packet scheduler. Local users may be able to exploit + this issue to read the contents of sensitive kernel memory. + +CVE-2009-3238 + + Linus Torvalds provided a change to the get_random_int() function + to increase its randomness. + +CVE-2009-3547 + + Earl Chew discovered a NULL pointer dereference issue in the + pipe_rdwr_open function which can be used by local users to gain + elevated privileges. + +CVE-2009-3612 + + Jiri Pirko discovered a typo in the initialization of a structure in + the netlink subsystem that may allow local users to gain access to + sensitive kernel memory. + +CVE-2009-3620 + + Ben Hutchings discovered an issue in the DRM manager for ATI Rage 128 + graphics adapters. Local users may be able to exploit this + vulnerability to cause a denial of service (NULL pointer dereference). + +CVE-2009-3621 + + Tomoki Sekiyama discovered a deadlock condition in the UNIX domain + socket implementation. Local users can exploit this vulnerability + to cause a denial of service (system hang). + +CVE-2009-3638 + + David Wagner reported an overflow in the KVM subsystem on i386 + systems. This issue is exploitable by local users with access + to the /dev/kvm device file. + +For the stable distribution (lenny), this problem has been fixed in +version 2.6.26-19lenny2. + +For the oldstable distribution (etch), these problems, where +applicable, will be fixed in updates to linux-2.6 and linux-2.6.24. + +We recommend that you upgrade your linux-2.6 and user-mode-linux +packages. + +Note: Debian carefully tracks all known security issues across every +linux kernel package in all releases under active security support. +However, given the high frequency at which low-severity security +issues are discovered in the kernel and the resource requirements of +doing an update, updates for lower priority issues will normally not +be released for all kernels at the same time. Rather, they will be +released in a staggered or "leap-frog" fashion. + +The following matrix lists additional source packages that were rebuilt for +compatibility with or to take advantage of this update: + + Debian 5.0 (lenny) + user-mode-linux 2.6.26-1um-2+19lenny2 + +Upgrade instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +You may use an automated update by adding the resources from the +footer to the proper configuration. + +Debian GNU/Linux 5.0 alias lenny +-------------------------------- + +Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. + + + + These files will probably be moved into the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> |