diff options
author | dann frazier <dannf@debian.org> | 2010-08-19 06:10:54 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2010-08-19 06:10:54 +0000 |
commit | 0ae2c0c189be1ff0662afa8cc58703c753b30617 (patch) | |
tree | 91d500a9abf655e792235065e9f8960ef069836c /dsa-texts | |
parent | 24a4aaf45bf4765a8ab5f8c547c6922703ec18ff (diff) |
new text
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1915 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts')
-rw-r--r-- | dsa-texts/2.6.26-24lenny1 | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/dsa-texts/2.6.26-24lenny1 b/dsa-texts/2.6.26-24lenny1 new file mode 100644 index 00000000..ab697159 --- /dev/null +++ b/dsa-texts/2.6.26-24lenny1 @@ -0,0 +1,114 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ dann frazier +August XX, 2010 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service +Problem type : local +Debian-specific: no +CVE Id(s) : CVE-2009-4895 CVE-2010-2226 CVE-2010-2240 CVE-2010-2248 + CVE-2010-2521 CVE-2010-2798 CVE-2010-2803 CVE-2010-3015 +Debian Bug(s) : 589179 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a denial of service or privilege escalation. The Common +Vulnerabilities and Exposures project identifies the following problems: + +CVE-2009-4895 + + Kyle Bader reported an issue in the tty subsystem that allows local + users to create a denial of service (NULL pointer dereference). + +CVE-2010-2226 + + Dan Rosenberg reported an issue in the xfs filesystem that allows local + users to copy and read a write-only file owned by another user due to + a lack of permission checking in the XFS_SWAPEXT ioctl. + +CVE-2010-2240 + + Rafal Wojtczuk reported an issue that allows users to obtain escalated + privileges. Users must already have sufficient privileges to execute or + connect clients to an Xorg server. + +CVE-2010-2248 + + Suresh Jayaraman discovered an issue in the cifs filesystem. A malicious + file server can set an incorrect "CountHigh" value, resulting in a + denial of service (BUG_ON() assertion). + +CVE-2010-2521 + + Neil Brown reported an issue in the NFSv4 server code. A malicious client + could trigger a denial of service (Oops) on a server due to a bug in + the read_buf() routine. + +CVE-2010-2798 + + Bob Peterson reported an issue in the GFS2 file system. A file system + user could cause a denial of service (Oops) via certain rename + rename operation. + +CVE-2010-2803 + + Kees Cook reported an issue in the DRM (Direct Rendering Manager) + subsystem. Local users with sufficient privileges (local X users + or members of the 'video' group on a default Debian install) could + acquire access to sensitive kernel memory. + +CVE-2010-3015 + + Toshiyuki Okajima reported an issue in the ext4 filesystem. Local users + could trigger a denial of service (BUG assertion) by generate a specific + set of filesystem operations. + +This update also includes fixes a regression introduced by a previous +update. See the referenced Debian bug page for details. + +For the stable distribution (lenny), this problem has been fixed in +version 2.6.26-24lenny1. + +We recommend that you upgrade your linux-2.6 and user-mode-linux +packages. + +The following matrix lists additional source packages that were +rebuilt for compatibility with or to take advantage of this update: + + Debian 5.0 (lenny) + user-mode-linux 2.6.26-1um-2+24lenny1 + +Upgrade instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +You may use an automated update by adding the resources from the +footer to the proper configuration. + +Debian GNU/Linux 5.0 alias lenny +-------------------------------- + +Stable updates are available for X + + + These files will probably be moved into the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> |