rename old dsa text files to include the full version string, otherwise

we may get a version clash soon


git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1147 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 251 insertions, 0 deletions

diff --git a/dsa-texts/2.6.8-16sarge2 b/dsa-texts/2.6.8-16sarge2
new file mode 100644
index 00000000..353c3eee
--- /dev/null
+++ b/dsa-texts/2.6.8-16sarge2
@@ -0,0 +1,251 @@
+Subject: New Linux kernel 2.6.8 packages fix several issues
+
+--------------------------------------------------------------------------
+Debian Security Advisory DSA XXX-1                     security@debian.org
+http://www.debian.org/security/                 Dann Frazier, Simon Horman
+XXXXX 8th, 2005                         http://www.debian.org/security/faq
+--------------------------------------------------------------------------
+
+Package        : kernel-source-2.6.8
+Vulnerability  : several
+Problem-Type   : local/remote
+Debian-specific: no
+CVE ID         : CVE-2004-1017 CVE-2005-0124 CVE-2005-0449 CVE-2005-2457 CVE-2005-2490 CVE-2005-2555 CVE-2005-2709 CVE-2005-2800 CVE-2005-2973 CVE-2005-3044 CVE-2005-3053 CVE-2005-3055 CVE-2005-3180 CVE-2005-3181 CVE-2005-3257 CVE-2005-3356 CVE-2005-3358 CVE-2005-3783 CVE-2005-3784 CVE-2005-3806 CVE-2005-3847 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4605 CVE-2005-4618 CVE-2006-0095 CVE-2006-0096 CVE-2006-0482 CVE-2006-1066
+Debian Bug     : 295949 334113 330287 332587 332596 330343 330353 327416
+
+Several local and remote vulnerabilities have been discovered in the Linux
+kernel that may lead to a denial of service or the execution of arbitrary
+code. The Common Vulnerabilities and Exposures project identifies the
+following problems:
+
+CVE-2004-1017
+
+    Multiple overflows exist in the io_edgeport driver which might be usable
+    as a denial of service attack vector.
+
+CVE-2005-0124
+
+    Bryan Fulton reported a bounds checking bug in the coda_pioctl function
+    which may allow local users to execute arbitrary code or trigger a denial
+    of service attack.
+
+CVE-2005-0449
+    
+    An error in the skb_checksum_help() function from the netfilter framework
+    has been discovered that allows the bypass of packet filter rules or
+    a denial of service attack.
+
+CVE-2005-2457
+
+    Tim Yamin discovered that insufficient input validation in the zisofs driver
+    for compressed ISO file systems allows a denial of service attack through
+    maliciously crafted ISO images.
+
+CVE-2005-2490
+
+    A buffer overflow in the sendmsg() function allows local users to execute
+    arbitrary code.
+
+CVE-2005-2555
+
+    Herbert Xu discovered that the setsockopt() function was not restricted to
+    users/processes with the CAP_NET_ADMIN capability. This allows attackers to
+    manipulate IPSEC policies or initiate a denial of service attack. 
+
+CVE-2005-2709
+
+    Al Viro discovered a race condition in the /proc handling of network devices.
+    A (local) attacker could exploit the stale reference after interface shutdown
+    to cause a denial of service or possibly execute code in kernel mode.
+
+CVE-2005-2800
+
+    Jan Blunck discovered that repeated failed reads of /proc/scsi/sg/devices
+    leak memory, which allows a denial of service attack.
+
+CVE-2005-2973
+ 
+    Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code
+    can be forced into an endless loop, which allows a denial of service attack.
+
+CVE-2005-3044
+
+    Vasiliy Averin discovered that the reference counters from sockfd_put() and 
+    fput() can be forced into overlapping, which allows a denial of service attack
+    through a null pointer dereference.
+
+CVE-2005-3053
+
+    Eric Dumazet discovered that the set_mempolicy() system call accepts a negative
+    value for it's first argument, which triggers a BUG() assert. This allows a
+    denial of service attack.
+
+CVE-2005-3055
+
+    Harald Welte discovered that if a process issues a USB Request Block (URB)
+    to a device and terminates before the URB completes, a stale pointer
+    would be dereferenced.  This could be used to trigger a denial of service
+    attack.
+
+CVE-2005-3180
+
+    Pavel Roskin discovered that the driver for Orinoco wireless cards clears
+    it's buffers insufficiently. This could leak sensitive information into
+    user space.
+
+CVE-2005-3181
+
+    Robert Derr discovered that the audit subsystem uses an incorrect function to
+    free memory, which allows a denial of service attack.
+
+CVE-2005-3257
+
+    Rudolf Polzer discovered that the kernel improperly restricts access to the
+    KDSKBSENT ioctl, which can possibly lead to privilege escalation.
+
+CVE-2005-3356
+
+    Doug Chapman discovered that the mq_open syscall can be tricked into
+    decrementing an internal counter twice, which allows a denial of service attack
+    through a kernel panic.
+
+CVE-2005-3358
+
+    Doug Chapman discovered that passing a 0 zero bitmask to the set_mempolicy()
+    system call leads to a kernel panic, which allows a denial of service attack.
+
+CVE-2005-3783
+
+    The ptrace code using CLONE_THREAD didn't use the thread group ID to
+    determine whether the caller is attaching to itself, which allows a denial
+    of service attack.
+
+CVE-2005-3784
+
+    The auto-reaping of childe processes functionality included ptraced-attached
+    processes, which allows denial of service through dangling references.
+
+CVE-2005-3806
+
+    Yen Zheng discovered that the IPv6 flow label code modified an incorrect variable,
+    which could lead to memory corruption and denial of service.
+
+CVE-2005-3847
+
+    It was discovered that a threaded real-time process, which is currently dumping
+    core can be forced into a dead-lock situation by sending it a SIGKILL signal,
+    which allows a denial of service attack. 
+
+CVE-2005-3848
+
+    Ollie Wild discovered a memory leak in the icmp_push_reply() function, which
+    allows denial of service through memory consumption.
+
+CVE-2005-3857
+
+    Chris Wright discovered that excessive allocation of broken file lock leases
+    in the VFS layer can exhaust memory and fill up the system logging, which allows
+    denial of service.
+
+CVE-2005-3858
+
+    Patrick McHardy discovered a memory leak in the ip6_input_finish() function from
+    the IPv6 code, which allows denial of service.
+
+CVE-2005-4605
+
+    Karl Janmar discovered that a signedness error in the procfs code can be exploited
+    to read kernel memory, which may disclose sensitive information.
+
+CVE-2005-4618
+
+    Yi Ying discovered that sysctl does not properly enforce the size of a buffer, which
+    allows a denial of service attack.
+
+CVE-2006-0095
+
+    Stefan Rompf discovered that dm_crypt does not clear an internal struct before freeing
+    it, which might disclose sensitive information.
+
+CVE-2006-0096
+
+    It was discovered that the SDLA driver's capability checks were too lax
+    for firmware upgrades.
+
+CVE-2006-0482
+
+    Ludovic Courtes discovered that get_compat_timespec() performs insufficient input
+    sanitizing, which allows a local denial of service attack.
+
+CVE-2006-1066
+
+    It was discovered that ptrace() on the ia64 architecture allows a local denial of
+    service attack, when preemption is enabled.
+
+
+The following matrix explains which kernel version for which architecture
+fix the problems mentioned above:
+
+                                 Debian 3.1 (sarge)
+     Source                      2.6.8-16sarge2
+     Alpha architecture          2.6.8-16sarge2
+     AMD64 architecture          2.6.8-16sarge2
+     HP Precision architecture   2.6.8-6sarge2
+     Intel IA-32 architecture    2.6.8-16sarge2
+     Intel IA-64 architecture    2.6.8-14sarge2
+     Motorola 680x0 architecture 2.6.8-4sarge2
+     PowerPC architecture        2.6.8-12sarge2
+     IBM S/390 architecture      2.6.8-5sarge2
+     Sun Sparc architecture      2.6.8-15sarge2
+
+The following matrix lists additional packages that were rebuilt for
+compatability with or to take advantage of this update:
+
+                                 Debian 3.1 (sarge)
+     kernel-latest-2.6-alpha     101sarge1
+     kernel-latest-2.6-amd64     103sarge1
+     kernel-latest-2.6-hppa      2.6.8-1sarge1
+     kernel-latest-2.6-sparc     101sarge1
+     kernel-latest-2.6-i386      101sarge1
+     kernel-latest-powerpc       102sarge1
+     fai-kernels                 1.9.1sarge1
+     hostap-modules-i386         0.3.7-1sarge1
+     mol-modules-2.6.8           0.9.70+2.6.8+12sarge1
+     ndiswrapper-modules-i386    1.1-2sarge1
+
+We recommend that you upgrade your kernel package immediately and reboot
+the machine. If you have built a custom kernel from the kernel source
+package, you will need to rebuild to take advantage of these fixes.
+
+Upgrade Instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+
+Debian GNU/Linux 3.1 alias sarge
+--------------------------------
+
+
+  These files will probably be moved into the stable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce@lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>