diff options
author | dann frazier <dannf@debian.org> | 2010-11-26 18:57:07 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2010-11-26 18:57:07 +0000 |
commit | 515dea0a1b54c450ae4195bc15a94102b2ffe42e (patch) | |
tree | 37ab8919d91885c6e2d284aca5448f46ace84ced /dsa-texts/2.6.26-26lenny1 | |
parent | 40c302ad30508f6d9f7b307cdb53f5c8181d5342 (diff) |
new draft
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2051 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.26-26lenny1')
-rw-r--r-- | dsa-texts/2.6.26-26lenny1 | 258 |
1 files changed, 258 insertions, 0 deletions
diff --git a/dsa-texts/2.6.26-26lenny1 b/dsa-texts/2.6.26-26lenny1 new file mode 100644 index 00000000..362c6feb --- /dev/null +++ b/dsa-texts/2.6.26-26lenny1 @@ -0,0 +1,258 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ dann frazier +November XX, 2010 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service/information leak +Problem type : local/remote +Debian-specific: no +CVE Id(s) : CVE-2010-2963 CVE-2010-3067 CVE-2010-3296 CVE-2010-3297 + CVE-2010-3310 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442 + CVE-2010-3448 CVE-2010-3477 CVE-2010-3705 CVE-2010-3848 + CVE-2010-3849 CVE-2010-3850 CVE-2010-3858 CVE-2010-3859 + CVE-2010-3873 CVE-2010-3874 CVE-2010-3875 CVE-2010-3876 + CVE-2010-3877 CVE-2010-3880 CVE-2010-4072 CVE-2010-4073 + CVE-2010-4074 CVE-2010-4078 CVE-2010-4079 CVE-2010-4080 + CVE-2010-4081 CVE-2010-4083 CVE-2010-4164 +Debian Bug(s) : + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or information leak. +The Common Vulnerabilities and Exposures project identifies the following +problems: + +CVE-2010-2963 + + Kees Cook discovered an issue in v4l 32-bit compatibility layer for + 64-bit systems that allows local users with /dev/video write permission + to overwrite arbitrary kernel memory, potentially leading to a privelege + escalation. On Debian systems, access to /dev/video devices is restricted + to members of the 'video' group by default. + +CVE-2010-3067 + + Tavis Ormandy discovered an issue in the io_submit system call. Local + users can cause an intenger overflow resulting in a denial of service. + +CVE-2010-3296 + + Dan Rosenberg discovered an issue in the cxgb network driver that allows + unprivileged users to obtain the contents of sensitive kernel memory. + +CVE-2010-3297 + + Dan Rosenberg discovered an issue in the eql network driver that allows + local users to obtain the contents of sensitive kernel memory. + +CVE-2010-3310 + + Dan Rosenberg discovered an issue in the ROSE socket implementation. On + systems with a rose device, local users can cause a denial of service + (kernel memory corruption). + +CVE-2010-3432 + + Thomas Dreibholz discovered an issue in the SCTP protocol that permits + a remote user to cause a denial of service (kernel panic). + +CVE-2010-3437 + + Dan Rosenberg discovered an issue in the pktcdvd driver. Local users with + permission to open /dev/pktcdvd/control can obtain the contents of + sensitive kernel memory or cause a denial of service. By default on + Debian systems, this access is restricted to members of the group 'cdrom'. + +CVE-2010-3442 + + Dan Rosenberg discovered an issue in the ALSA sound system. Local users + with permission to open /dev/snd/controlC0 can create an integer overflow + condition that causes a denial of service. By default on Debian systems, + this access is restricted to members of the group 'audio'. + +CVE-2010-3448 + + Dan Jacobson reported an issue in the thinkpad-acpi driver. On certain + Thinkpad systems, local users can cause a denial of service (X.org crash) + by reading /proc/acpi/ibm/video. + +CVE-2010-3477 + + Jeff Mahoney discovered an issue in the Traffic Policing (act_police) + module that allows local users to obtain the contents of sensitive kernel + memory. + +CVE-2010-3705 + + Dan Rosenberg reported an issue in the HMAC processing code in the SCTP + protocol that allows remote users to create a denial of service (memory + corruption). + +CVE-2010-3848 + + Nelson Elhage discovered an issue in the Econet protocol. Local users can + cause a stack overflow condition with large msg->msgiovlen values that + can result in a denial of service or privilege escalation. + +CVE-2010-3849 + + Nelson Elhage discovered an issue in the Econet protocol. Local users can + cause a denial of service (oops) if a NULL remote addr value is passed + as a parameter to sendmsg(). + +CVE-2010-3850 + + Nelson Elhage of Ksplice discovered an issue in the Econet protocol. Local + users can assign econet addresses to arbitrary interfaces due to a missing + capabilities check. + +CVE-2010-3858 + + Brad Spengler reported an issue in the setup_arg_pages() function. Due to + a bounds-checking failure, local users can create a denial of service + (kernel oops). + +CVE-2010-3859 + + Dan Rosenberg reported an issue in the TIPC protocol. When the tipc + module is loaded, local users can gain elevated privileges via the + sendmsg() system call. + +CVE-2010-3873 + + Dan Rosenberg reported an issue in the X.25 network protocol. Local users + can cause heap corruption, resulting in a denial of service (kernel panic). + +CVE-2010-3874 + + Dan Rosenberg discovered an issue in the Control Area Network (CAN) + subsystem on 64-bit systems. Local users maybe able to cause a denial + of service (heap corruption). + +CVE-2010-3875 + + Vasiliy Kulikov discovered an issue in the AX.25 protocol. Local users + can obtain the contents of sensitive kernel memory. + +CVE-2010-3876 + + Vasiliy Kulikov discovered an issue in the Packet protocol. Local users + can obtain the contents of sensitive kernel memory. + +CVE-2010-3877 + + Vasiliy Kulikov discovered an issue in the TIPC protocol. Local users + can obtain the contents of sensitive kernel memory. + +CVE-2010-3880 + + Nelson Elhage discovered an issue in the INET_DIAG subsystem. Local users + can cause the kernel to execute unaudited INET_DIAG bytecode, resulting + in a denial of service. + +CVE-2010-4072 + + Kees Cook discovered an issue in the System V shared memory subsystem. + Local users can obtain the contents of sensitive kernel memory. + +CVE-2010-4073 + + Dan Rosenberg discovered an issue in the System V shared memory subsystem. + Local users on 64-bit system can obtain the contents of sensitive kernel + memory via the 32-bit compatible semctl() system call. + +CVE-2010-4074 + + Dan Rosenberg reported issues in the mos7720 and mos7840 drivers for USB + serial converter devices. Local users with access to these devices can + obtain the contents of sensitive kernel memory. + +CVE-2010-4078 + + Dan Rosenberg reported an issue in the framebuffer driver for SiS graphics + chipesets (sisfb). Local users with access to the framebuffer device can + obtain the contents of sensitive kernel memory via the FBIOGET_VBLANK ioctl. + +CVE-2010-4079 + + Dan Rosenberg reported an issue in the ivtvfb driver used for the + Hauppauge PVR-350 card. Local users with access to the framebuffer + device can obtain the contents of sensitive kernel memory via the + FBIOGET_VBLANK ioctl. + +CVE-2010-4080 + + Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall + DSP audio devices. Local users with access to the audio device can + obtain the contents of sensitive kernel memory via the + SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl. + +CVE-2010-4081 + + Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall + DSP MADI audio devices. Local users with access to the audio device can + obtain the contents of sensitive kernel memory via the + SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl. + +CVE-2010-4083 + + Dan Rosenberg discovered an issue in the semctl system call. Local users + can obtain the contents of sensitive kernel memory through usage of the + semid_ds structure. + +CVE-2010-4164 + + Dan Rosenberg discoverd an issue in the X.25 network protocol. Remote users + can achieve a denial of service (infinite loop) by taking advantage of an + integer underflow in the facility parsing code. + +For the stable distribution (lenny), this problem has been fixed in +version 2.6.26-26lenny1. + +We recommend that you upgrade your linux-2.6 and user-mode-linux +packages. + +The following matrix lists additional source packages that were +rebuilt for compatibility with or to take advantage of this update: + + Debian 5.0 (lenny) + user-mode-linux 2.6.26-1um-2+26lenny1 + +Upgrade instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +You may use an automated update by adding the resources from the +footer to the proper configuration. + +Debian GNU/Linux 5.0 alias lenny +-------------------------------- + +Stable updates are available for alpha, amd64, armel, hppa, i386, ia64, mipsel, +powerpc, and sparc. Updates for other architectures will be released as they +become available. + +Source archives: + + + These files will probably be moved into the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> |