new draft

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2051 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 258 insertions, 0 deletions

diff --git a/dsa-texts/2.6.26-26lenny1 b/dsa-texts/2.6.26-26lenny1
new file mode 100644
index 00000000..362c6feb
--- /dev/null
+++ b/dsa-texts/2.6.26-26lenny1
@@ -0,0 +1,258 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security@debian.org
+http://www.debian.org/security/                           dann frazier
+November XX, 2010                   http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : privilege escalation/denial of service/information leak
+Problem type   : local/remote
+Debian-specific: no
+CVE Id(s)      : CVE-2010-2963 CVE-2010-3067 CVE-2010-3296 CVE-2010-3297
+                 CVE-2010-3310 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442
+                 CVE-2010-3448 CVE-2010-3477 CVE-2010-3705 CVE-2010-3848
+                 CVE-2010-3849 CVE-2010-3850 CVE-2010-3858 CVE-2010-3859
+                 CVE-2010-3873 CVE-2010-3874 CVE-2010-3875 CVE-2010-3876
+                 CVE-2010-3877 CVE-2010-3880 CVE-2010-4072 CVE-2010-4073
+                 CVE-2010-4074 CVE-2010-4078 CVE-2010-4079 CVE-2010-4080
+                 CVE-2010-4081 CVE-2010-4083 CVE-2010-4164
+Debian Bug(s)  :
+                 
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information leak.
+The Common Vulnerabilities and Exposures project identifies the following
+problems:
+
+CVE-2010-2963
+
+    Kees Cook discovered an issue in v4l 32-bit compatibility layer for
+    64-bit systems that allows local users with /dev/video write permission
+    to overwrite arbitrary kernel memory, potentially leading to a privelege
+    escalation. On Debian systems, access to /dev/video devices is restricted
+    to members of the 'video' group by default.
+
+CVE-2010-3067
+
+    Tavis Ormandy discovered an issue in the io_submit system call. Local
+    users can cause an intenger overflow resulting in a denial of service.
+
+CVE-2010-3296
+
+    Dan Rosenberg discovered an issue in the cxgb network driver that allows
+    unprivileged users to obtain the contents of sensitive kernel memory.
+
+CVE-2010-3297
+
+    Dan Rosenberg discovered an issue in the eql network driver that allows
+    local users to obtain the contents of sensitive kernel memory.
+
+CVE-2010-3310
+
+    Dan Rosenberg discovered an issue in the ROSE socket implementation. On
+    systems with a rose device, local users can cause a denial of service
+    (kernel memory corruption).
+
+CVE-2010-3432
+
+    Thomas Dreibholz discovered an issue in the SCTP protocol that permits
+    a remote user to cause a denial of service (kernel panic).
+
+CVE-2010-3437
+
+    Dan Rosenberg discovered an issue in the pktcdvd driver. Local users with
+    permission to open /dev/pktcdvd/control can obtain the contents of
+    sensitive kernel memory or cause a denial of service. By default on
+    Debian systems, this access is restricted to members of the group 'cdrom'.
+
+CVE-2010-3442
+
+    Dan Rosenberg discovered an issue in the ALSA sound system. Local users
+    with permission to open /dev/snd/controlC0 can create an integer overflow
+    condition that causes a denial of service. By default on Debian systems,
+    this access is restricted to members of the group 'audio'.
+
+CVE-2010-3448
+
+    Dan Jacobson reported an issue in the thinkpad-acpi driver. On certain
+    Thinkpad systems, local users can cause a denial of service (X.org crash)
+    by reading /proc/acpi/ibm/video.
+
+CVE-2010-3477
+
+    Jeff Mahoney discovered an issue in the Traffic Policing (act_police)
+    module that allows local users to obtain the contents of sensitive kernel
+    memory.
+
+CVE-2010-3705
+
+    Dan Rosenberg reported an issue in the HMAC processing code in the SCTP
+    protocol that allows remote users to create a denial of service (memory
+    corruption).
+
+CVE-2010-3848
+
+    Nelson Elhage discovered an issue in the Econet protocol. Local users can
+    cause a stack overflow condition with large msg->msgiovlen values that
+    can result in a denial of service or privilege escalation.
+
+CVE-2010-3849
+
+    Nelson Elhage discovered an issue in the Econet protocol. Local users can
+    cause a denial of service (oops) if a NULL remote addr value is passed
+    as a parameter to sendmsg().
+
+CVE-2010-3850
+
+    Nelson Elhage of Ksplice discovered an issue in the Econet protocol. Local
+    users can assign econet addresses to arbitrary interfaces due to a missing
+    capabilities check.
+
+CVE-2010-3858
+
+    Brad Spengler reported an issue in the setup_arg_pages() function. Due to
+    a bounds-checking failure, local users can create a denial of service
+    (kernel oops).
+
+CVE-2010-3859
+
+    Dan Rosenberg reported an issue in the TIPC protocol. When the tipc
+    module is loaded, local users can gain elevated privileges via the
+    sendmsg() system call.
+
+CVE-2010-3873
+
+    Dan Rosenberg reported an issue in the X.25 network protocol. Local users
+    can cause heap corruption, resulting in a denial of service (kernel panic).
+
+CVE-2010-3874
+
+    Dan Rosenberg discovered an issue in the Control Area Network (CAN)
+    subsystem on 64-bit systems. Local users maybe able to cause a denial
+    of service (heap corruption).
+
+CVE-2010-3875
+
+    Vasiliy Kulikov discovered an issue in the AX.25 protocol. Local users
+    can obtain the contents of sensitive kernel memory.
+
+CVE-2010-3876
+
+    Vasiliy Kulikov discovered an issue in the Packet protocol. Local users
+    can obtain the contents of sensitive kernel memory.
+
+CVE-2010-3877
+
+    Vasiliy Kulikov discovered an issue in the TIPC protocol. Local users
+    can obtain the contents of sensitive kernel memory.
+
+CVE-2010-3880
+
+    Nelson Elhage discovered an issue in the INET_DIAG subsystem. Local users
+    can cause the kernel to execute unaudited INET_DIAG bytecode, resulting
+    in a denial of service.
+
+CVE-2010-4072
+
+    Kees Cook discovered an issue in the System V shared memory subsystem.
+    Local users can obtain the contents of sensitive kernel memory.
+
+CVE-2010-4073
+
+    Dan Rosenberg discovered an issue in the System V shared memory subsystem.
+    Local users on 64-bit system can obtain the contents of sensitive kernel
+    memory via the 32-bit compatible semctl() system call.
+
+CVE-2010-4074
+
+    Dan Rosenberg reported issues in the mos7720 and mos7840 drivers for USB
+    serial converter devices. Local users with access to these devices can
+    obtain the contents of sensitive kernel memory.
+
+CVE-2010-4078
+
+    Dan Rosenberg reported an issue in the framebuffer driver for SiS graphics
+    chipesets (sisfb). Local users with access to the framebuffer device can
+    obtain the contents of sensitive kernel memory via the FBIOGET_VBLANK ioctl.
+
+CVE-2010-4079
+
+    Dan Rosenberg reported an issue in the ivtvfb driver used for the
+    Hauppauge PVR-350 card. Local users with access to the framebuffer
+    device can obtain the contents of sensitive kernel memory via the
+    FBIOGET_VBLANK ioctl.
+    
+CVE-2010-4080
+
+    Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall
+    DSP audio devices.  Local users with access to the audio device can
+    obtain the contents of sensitive kernel memory via the
+    SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl.
+
+CVE-2010-4081
+
+    Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall
+    DSP MADI audio devices.  Local users with access to the audio device can
+    obtain the contents of sensitive kernel memory via the
+    SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl.
+
+CVE-2010-4083
+
+    Dan Rosenberg discovered an issue in the semctl system call. Local users
+    can obtain the contents of sensitive kernel memory through usage of the
+    semid_ds structure.
+
+CVE-2010-4164
+
+    Dan Rosenberg discoverd an issue in the X.25 network protocol. Remote users
+    can achieve a denial of service (infinite loop) by taking advantage of an
+    integer underflow in the facility parsing code.
+
+For the stable distribution (lenny), this problem has been fixed in
+version 2.6.26-26lenny1.
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux
+packages.
+
+The following matrix lists additional source packages that were
+rebuilt for compatibility with or to take advantage of this update:
+
+                                             Debian 5.0 (lenny)
+     user-mode-linux                         2.6.26-1um-2+26lenny1
+
+Upgrade instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+Debian GNU/Linux 5.0 alias lenny
+--------------------------------
+
+Stable updates are available for alpha, amd64, armel, hppa, i386, ia64, mipsel,
+powerpc, and sparc. Updates for other architectures will be released as they
+become available.
+
+Source archives:
+
+
+  These files will probably be moved into the stable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce@lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>