new text

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1832 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 149 insertions, 0 deletions

diff --git a/dsa-texts/2.6.26-22lenny1 b/dsa-texts/2.6.26-22lenny1
new file mode 100644
index 00000000..bd4b2d19
--- /dev/null
+++ b/dsa-texts/2.6.26-22lenny1
@@ -0,0 +1,149 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security@debian.org
+http://www.debian.org/security/                           dann frazier
+May 21, 2010                        http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : privilege escalation/denial of service
+Problem type   : local
+Debian-specific: no
+CVE Id(s)      : CVE-2009-4537 CVE-2010-0727 CVE-2010-1083 CVE-2010-1084
+                 CVE-2010-1086 CVE-2010-1087 CVE-2010-1088 CVE-2010-1162
+                 CVE-2010-1173 CVE-2010-1187 CVE-2010-1437 CVE-2010-1446
+                 CVE-2010-1451
+Debian Bug(s)  : 573071
+                 
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a denial of service or privilege escalation. The Common
+Vulnerabilities and Exposures project identifies the following problems:
+
+CVE-2009-4537
+
+    Fabian Yamaguchi reported a missing check for Ethernet frames larger
+    than the MTU in the r8169 driver. This may allow users on the local
+    network to crash a system, resulting in a denial of service.
+
+CVE-2010-0727
+
+    Sachin Prabhu reported an issue in the GFS2 filesystem. Local users
+    can trigger a BUG() altering the permissions on a locked file,
+    resulting in a denial of service.
+
+CVE-2010-1083
+
+    Linus Torvalds reported an issue in the USB subsystem, which may allow
+    local users to obtain portions of sensitive kernel memory.
+
+CVE-2010-1084
+
+    Neil Brown reported an issue in the Bluetooth subsystem that may
+    permit remote attackers to overwrite memory through the creation
+    of large numbers of sockets, resulting in a denial of service.
+
+CVE-2010-1086
+
+    Ang Way Chuang reported an issue in the DVB subsystem for Digital
+    TV adapters. By creating a specially-encoded MPEG2-TS frame, a remote
+    attacker could cause the receiver to enter an endless loop, resulting
+    in a denial of service.
+
+CVE-2010-1087
+
+    Trond Myklebust reported an issue in the NFS filesystem. A local
+    user may cause an oops by sending a fatal signal during a file
+    truncation operation, resulting in a denial of service.
+
+CVE-2010-1088
+
+    Al Viro reported an issue where automount symlinks may not
+    be followed when LOOKUP_FOLLOW is not set. This has an unknown
+    security impact.
+
+CVE-2010-1162
+
+    Catalin Marinas reported an issue in the tty subsystem that allows
+    local attackers to cause a kernel memory leak, possibly resulting
+    in a denial of service.
+
+CVE-2010-1173
+
+    Chris Guo from Nokia China and Jukka Taimisto and Olli Jarva from
+    Codenomicon Ltd reported an issue in the SCTP subsystem that allows
+    a remote attacker to cause a denial of service using a malfromed init
+    package.
+
+CVE-2010-1187
+
+    Neil Hormon reported an issue in the TIPC subsystem. Local users can
+    cause a denial of service by way of a NULL pointer dereference by
+    sending datagrams through AF_TIPC before entering network mode.
+
+CVE-2010-1437
+
+    Toshiyuki Okajima reported a race condition in the keyring subsystem.
+    Local users can cause memory corruption via keyctl commands that
+    access a keyring in the process of being deleted, resulting in a
+    denial of service.
+
+CVE-2010-1446
+
+    Wufei reported an issue with kgdb on the PowerPC architecture,
+    allowing local users to write to kernel memory. Note: this issue
+    does not affect binary kernels provided by Debian. The fix is
+    provided for the benefit of users who build their own kernels
+    from Debian source.
+
+CVE-2010-1451
+
+    Brad Spengler reported an issue on the SPARC architecture that allows
+    local users to execute non-executable pages.
+
+This update also includes fixes a regression introduced by aprevious
+update. See the referenced Debian bug page for details.
+
+For the stable distribution (lenny), this problem has been fixed in
+version 2.6.26-22lenny1.
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux
+packages.
+
+The following matrix lists additional source packages that were
+rebuilt for compatibility with or to take advantage of this update:
+
+                                             Debian 5.0 (lenny)
+     user-mode-linux                         2.6.26-1um-2+22lenny1
+
+Upgrade instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+Debian GNU/Linux 5.0 alias lenny
+--------------------------------
+
+Stable updates are available for X
+
+
+  These files will probably be moved into the stable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce@lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>