diff options
author | dann frazier <dannf@debian.org> | 2008-02-22 22:13:55 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2008-02-22 22:13:55 +0000 |
commit | d14a6d5c9c03b27580f4ec7ae9c5e7490f8ebf2b (patch) | |
tree | 1542085bf5e4b9d010d0adb81765d8a9e394299d /dsa-texts/2.6.8-16sarge2 | |
parent | 5d576c9b636546030440fdfd07681dfbc39f1531 (diff) |
rename old dsa text files to include the full version string, otherwise
we may get a version clash soon
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1147 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.8-16sarge2')
-rw-r--r-- | dsa-texts/2.6.8-16sarge2 | 251 |
1 files changed, 251 insertions, 0 deletions
diff --git a/dsa-texts/2.6.8-16sarge2 b/dsa-texts/2.6.8-16sarge2 new file mode 100644 index 00000000..353c3eee --- /dev/null +++ b/dsa-texts/2.6.8-16sarge2 @@ -0,0 +1,251 @@ +Subject: New Linux kernel 2.6.8 packages fix several issues + +-------------------------------------------------------------------------- +Debian Security Advisory DSA XXX-1 security@debian.org +http://www.debian.org/security/ Dann Frazier, Simon Horman +XXXXX 8th, 2005 http://www.debian.org/security/faq +-------------------------------------------------------------------------- + +Package : kernel-source-2.6.8 +Vulnerability : several +Problem-Type : local/remote +Debian-specific: no +CVE ID : CVE-2004-1017 CVE-2005-0124 CVE-2005-0449 CVE-2005-2457 CVE-2005-2490 CVE-2005-2555 CVE-2005-2709 CVE-2005-2800 CVE-2005-2973 CVE-2005-3044 CVE-2005-3053 CVE-2005-3055 CVE-2005-3180 CVE-2005-3181 CVE-2005-3257 CVE-2005-3356 CVE-2005-3358 CVE-2005-3783 CVE-2005-3784 CVE-2005-3806 CVE-2005-3847 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4605 CVE-2005-4618 CVE-2006-0095 CVE-2006-0096 CVE-2006-0482 CVE-2006-1066 +Debian Bug : 295949 334113 330287 332587 332596 330343 330353 327416 + +Several local and remote vulnerabilities have been discovered in the Linux +kernel that may lead to a denial of service or the execution of arbitrary +code. The Common Vulnerabilities and Exposures project identifies the +following problems: + +CVE-2004-1017 + + Multiple overflows exist in the io_edgeport driver which might be usable + as a denial of service attack vector. + +CVE-2005-0124 + + Bryan Fulton reported a bounds checking bug in the coda_pioctl function + which may allow local users to execute arbitrary code or trigger a denial + of service attack. + +CVE-2005-0449 + + An error in the skb_checksum_help() function from the netfilter framework + has been discovered that allows the bypass of packet filter rules or + a denial of service attack. + +CVE-2005-2457 + + Tim Yamin discovered that insufficient input validation in the zisofs driver + for compressed ISO file systems allows a denial of service attack through + maliciously crafted ISO images. + +CVE-2005-2490 + + A buffer overflow in the sendmsg() function allows local users to execute + arbitrary code. + +CVE-2005-2555 + + Herbert Xu discovered that the setsockopt() function was not restricted to + users/processes with the CAP_NET_ADMIN capability. This allows attackers to + manipulate IPSEC policies or initiate a denial of service attack. + +CVE-2005-2709 + + Al Viro discovered a race condition in the /proc handling of network devices. + A (local) attacker could exploit the stale reference after interface shutdown + to cause a denial of service or possibly execute code in kernel mode. + +CVE-2005-2800 + + Jan Blunck discovered that repeated failed reads of /proc/scsi/sg/devices + leak memory, which allows a denial of service attack. + +CVE-2005-2973 + + Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code + can be forced into an endless loop, which allows a denial of service attack. + +CVE-2005-3044 + + Vasiliy Averin discovered that the reference counters from sockfd_put() and + fput() can be forced into overlapping, which allows a denial of service attack + through a null pointer dereference. + +CVE-2005-3053 + + Eric Dumazet discovered that the set_mempolicy() system call accepts a negative + value for it's first argument, which triggers a BUG() assert. This allows a + denial of service attack. + +CVE-2005-3055 + + Harald Welte discovered that if a process issues a USB Request Block (URB) + to a device and terminates before the URB completes, a stale pointer + would be dereferenced. This could be used to trigger a denial of service + attack. + +CVE-2005-3180 + + Pavel Roskin discovered that the driver for Orinoco wireless cards clears + it's buffers insufficiently. This could leak sensitive information into + user space. + +CVE-2005-3181 + + Robert Derr discovered that the audit subsystem uses an incorrect function to + free memory, which allows a denial of service attack. + +CVE-2005-3257 + + Rudolf Polzer discovered that the kernel improperly restricts access to the + KDSKBSENT ioctl, which can possibly lead to privilege escalation. + +CVE-2005-3356 + + Doug Chapman discovered that the mq_open syscall can be tricked into + decrementing an internal counter twice, which allows a denial of service attack + through a kernel panic. + +CVE-2005-3358 + + Doug Chapman discovered that passing a 0 zero bitmask to the set_mempolicy() + system call leads to a kernel panic, which allows a denial of service attack. + +CVE-2005-3783 + + The ptrace code using CLONE_THREAD didn't use the thread group ID to + determine whether the caller is attaching to itself, which allows a denial + of service attack. + +CVE-2005-3784 + + The auto-reaping of childe processes functionality included ptraced-attached + processes, which allows denial of service through dangling references. + +CVE-2005-3806 + + Yen Zheng discovered that the IPv6 flow label code modified an incorrect variable, + which could lead to memory corruption and denial of service. + +CVE-2005-3847 + + It was discovered that a threaded real-time process, which is currently dumping + core can be forced into a dead-lock situation by sending it a SIGKILL signal, + which allows a denial of service attack. + +CVE-2005-3848 + + Ollie Wild discovered a memory leak in the icmp_push_reply() function, which + allows denial of service through memory consumption. + +CVE-2005-3857 + + Chris Wright discovered that excessive allocation of broken file lock leases + in the VFS layer can exhaust memory and fill up the system logging, which allows + denial of service. + +CVE-2005-3858 + + Patrick McHardy discovered a memory leak in the ip6_input_finish() function from + the IPv6 code, which allows denial of service. + +CVE-2005-4605 + + Karl Janmar discovered that a signedness error in the procfs code can be exploited + to read kernel memory, which may disclose sensitive information. + +CVE-2005-4618 + + Yi Ying discovered that sysctl does not properly enforce the size of a buffer, which + allows a denial of service attack. + +CVE-2006-0095 + + Stefan Rompf discovered that dm_crypt does not clear an internal struct before freeing + it, which might disclose sensitive information. + +CVE-2006-0096 + + It was discovered that the SDLA driver's capability checks were too lax + for firmware upgrades. + +CVE-2006-0482 + + Ludovic Courtes discovered that get_compat_timespec() performs insufficient input + sanitizing, which allows a local denial of service attack. + +CVE-2006-1066 + + It was discovered that ptrace() on the ia64 architecture allows a local denial of + service attack, when preemption is enabled. + + +The following matrix explains which kernel version for which architecture +fix the problems mentioned above: + + Debian 3.1 (sarge) + Source 2.6.8-16sarge2 + Alpha architecture 2.6.8-16sarge2 + AMD64 architecture 2.6.8-16sarge2 + HP Precision architecture 2.6.8-6sarge2 + Intel IA-32 architecture 2.6.8-16sarge2 + Intel IA-64 architecture 2.6.8-14sarge2 + Motorola 680x0 architecture 2.6.8-4sarge2 + PowerPC architecture 2.6.8-12sarge2 + IBM S/390 architecture 2.6.8-5sarge2 + Sun Sparc architecture 2.6.8-15sarge2 + +The following matrix lists additional packages that were rebuilt for +compatability with or to take advantage of this update: + + Debian 3.1 (sarge) + kernel-latest-2.6-alpha 101sarge1 + kernel-latest-2.6-amd64 103sarge1 + kernel-latest-2.6-hppa 2.6.8-1sarge1 + kernel-latest-2.6-sparc 101sarge1 + kernel-latest-2.6-i386 101sarge1 + kernel-latest-powerpc 102sarge1 + fai-kernels 1.9.1sarge1 + hostap-modules-i386 0.3.7-1sarge1 + mol-modules-2.6.8 0.9.70+2.6.8+12sarge1 + ndiswrapper-modules-i386 1.1-2sarge1 + +We recommend that you upgrade your kernel package immediately and reboot +the machine. If you have built a custom kernel from the kernel source +package, you will need to rebuild to take advantage of these fixes. + +Upgrade Instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +You may use an automated update by adding the resources from the +footer to the proper configuration. + + +Debian GNU/Linux 3.1 alias sarge +-------------------------------- + + + These files will probably be moved into the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> |