diff options
author | dann frazier <dannf@debian.org> | 2010-05-22 00:26:05 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2010-05-22 00:26:05 +0000 |
commit | b36f5f132645108d1d5094b1a4f3e371b83dc8dc (patch) | |
tree | 8297056d866caf0e813366403297d63c77c5cabf /dsa-texts | |
parent | d9e7c5d589d9b571dac41f408e4b9eedb736d8a9 (diff) |
new text
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1832 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts')
-rw-r--r-- | dsa-texts/2.6.26-22lenny1 | 149 |
1 files changed, 149 insertions, 0 deletions
diff --git a/dsa-texts/2.6.26-22lenny1 b/dsa-texts/2.6.26-22lenny1 new file mode 100644 index 00000000..bd4b2d19 --- /dev/null +++ b/dsa-texts/2.6.26-22lenny1 @@ -0,0 +1,149 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ dann frazier +May 21, 2010 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service +Problem type : local +Debian-specific: no +CVE Id(s) : CVE-2009-4537 CVE-2010-0727 CVE-2010-1083 CVE-2010-1084 + CVE-2010-1086 CVE-2010-1087 CVE-2010-1088 CVE-2010-1162 + CVE-2010-1173 CVE-2010-1187 CVE-2010-1437 CVE-2010-1446 + CVE-2010-1451 +Debian Bug(s) : 573071 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a denial of service or privilege escalation. The Common +Vulnerabilities and Exposures project identifies the following problems: + +CVE-2009-4537 + + Fabian Yamaguchi reported a missing check for Ethernet frames larger + than the MTU in the r8169 driver. This may allow users on the local + network to crash a system, resulting in a denial of service. + +CVE-2010-0727 + + Sachin Prabhu reported an issue in the GFS2 filesystem. Local users + can trigger a BUG() altering the permissions on a locked file, + resulting in a denial of service. + +CVE-2010-1083 + + Linus Torvalds reported an issue in the USB subsystem, which may allow + local users to obtain portions of sensitive kernel memory. + +CVE-2010-1084 + + Neil Brown reported an issue in the Bluetooth subsystem that may + permit remote attackers to overwrite memory through the creation + of large numbers of sockets, resulting in a denial of service. + +CVE-2010-1086 + + Ang Way Chuang reported an issue in the DVB subsystem for Digital + TV adapters. By creating a specially-encoded MPEG2-TS frame, a remote + attacker could cause the receiver to enter an endless loop, resulting + in a denial of service. + +CVE-2010-1087 + + Trond Myklebust reported an issue in the NFS filesystem. A local + user may cause an oops by sending a fatal signal during a file + truncation operation, resulting in a denial of service. + +CVE-2010-1088 + + Al Viro reported an issue where automount symlinks may not + be followed when LOOKUP_FOLLOW is not set. This has an unknown + security impact. + +CVE-2010-1162 + + Catalin Marinas reported an issue in the tty subsystem that allows + local attackers to cause a kernel memory leak, possibly resulting + in a denial of service. + +CVE-2010-1173 + + Chris Guo from Nokia China and Jukka Taimisto and Olli Jarva from + Codenomicon Ltd reported an issue in the SCTP subsystem that allows + a remote attacker to cause a denial of service using a malfromed init + package. + +CVE-2010-1187 + + Neil Hormon reported an issue in the TIPC subsystem. Local users can + cause a denial of service by way of a NULL pointer dereference by + sending datagrams through AF_TIPC before entering network mode. + +CVE-2010-1437 + + Toshiyuki Okajima reported a race condition in the keyring subsystem. + Local users can cause memory corruption via keyctl commands that + access a keyring in the process of being deleted, resulting in a + denial of service. + +CVE-2010-1446 + + Wufei reported an issue with kgdb on the PowerPC architecture, + allowing local users to write to kernel memory. Note: this issue + does not affect binary kernels provided by Debian. The fix is + provided for the benefit of users who build their own kernels + from Debian source. + +CVE-2010-1451 + + Brad Spengler reported an issue on the SPARC architecture that allows + local users to execute non-executable pages. + +This update also includes fixes a regression introduced by aprevious +update. See the referenced Debian bug page for details. + +For the stable distribution (lenny), this problem has been fixed in +version 2.6.26-22lenny1. + +We recommend that you upgrade your linux-2.6 and user-mode-linux +packages. + +The following matrix lists additional source packages that were +rebuilt for compatibility with or to take advantage of this update: + + Debian 5.0 (lenny) + user-mode-linux 2.6.26-1um-2+22lenny1 + +Upgrade instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +You may use an automated update by adding the resources from the +footer to the proper configuration. + +Debian GNU/Linux 5.0 alias lenny +-------------------------------- + +Stable updates are available for X + + + These files will probably be moved into the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> |