diff options
author | dann frazier <dannf@debian.org> | 2009-10-23 00:05:51 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2009-10-23 00:05:51 +0000 |
commit | c3a95640816642f8a8cf8ba3c688340752ce2bb2 (patch) | |
tree | 05391b31e585e35f4023d800e0de979e42751160 /dsa-texts | |
parent | fde18839b7772a5462505a2bca8add937bb61c89 (diff) |
reference mmap_min_addr wiki, move "other packages" section as requested by web team
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1545 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts')
-rw-r--r-- | dsa-texts/2.6.26-19lenny1 | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/dsa-texts/2.6.26-19lenny1 b/dsa-texts/2.6.26-19lenny1 index 20278606..053d87c4 100644 --- a/dsa-texts/2.6.26-19lenny1 +++ b/dsa-texts/2.6.26-19lenny1 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------- -Debian Security Advisory DSA-XXXX-1 security@debian.org +Debian Security Advisory DSA-1915-1 security@debian.org http://www.debian.org/security/ dann frazier -October 21, 2009 http://www.debian.org/security/faq +October 22, 2009 http://www.debian.org/security/faq ---------------------------------------------------------------------- Package : linux-2.6 @@ -12,6 +12,16 @@ CVE Id(s) : CVE-2009-2695 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3286 CVE-2009-3290 CVE-2009-3613 +Notice: Debian 5.0.4, the next point release of Debian 'lenny', +will include a new default value for the mmap_min_addr tunable. +This change will add an additional safeguard against a class of security +vulnerabilities known as "NULL pointer dereference" vulnerabilities, but +it will need to be overridden when using certain applications. +Additional information about this change, including instructions for +making this change locally in advance of 5.0.4 (recommended), can be +found at: + http://wiki.debian.org/mmap_min_addr + Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following @@ -23,14 +33,6 @@ CVE-2009-2695 provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. - Unless your system needs to run applications that require mapping - low addresses (such as wine or dosemu), it is recommended to - increase the value of mmap_min_addr to protect against NULL - pointer exploits. This can be configured using the procps - package: - # echo "vm.mmap_min_addr = 32768" > /etc/sysctl.d/mmap_min_addr.conf - # /etc/init.d/procps restart - CVE-2009-2903 Mark Smith discovered a memory leak in the appletalk @@ -107,6 +109,12 @@ doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. +The following matrix lists additional source packages that were rebuilt for +compatibility with or to take advantage of this update: + + Debian 5.0 (lenny) + user-mode-linux 2.6.26-1um-2+19lenny1 + Upgrade instructions -------------------- @@ -123,12 +131,6 @@ apt-get update apt-get upgrade will install corrected packages -The following matrix lists additional source packages that were rebuilt for -compatibility with or to take advantage of this update: - - Debian 5.0 (lenny) - user-mode-linux 2.6.26-1um-2+19lenny1 - You may use an automated update by adding the resources from the footer to the proper configuration. |