From d14a6d5c9c03b27580f4ec7ae9c5e7490f8ebf2b Mon Sep 17 00:00:00 2001 From: dann frazier Date: Fri, 22 Feb 2008 22:13:55 +0000 Subject: rename old dsa text files to include the full version string, otherwise we may get a version clash soon git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1147 e094ebfe-e918-0410-adfb-c712417f3574 --- dsa-texts/2.4.27-10sarge2 | 177 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 177 insertions(+) create mode 100644 dsa-texts/2.4.27-10sarge2 (limited to 'dsa-texts/2.4.27-10sarge2') diff --git a/dsa-texts/2.4.27-10sarge2 b/dsa-texts/2.4.27-10sarge2 new file mode 100644 index 000000000..260f350fd --- /dev/null +++ b/dsa-texts/2.4.27-10sarge2 @@ -0,0 +1,177 @@ +Subject: New Linux kernel 2.4.27 packages fix several issues + +-------------------------------------------------------------------------- +Debian Security Advisory DSA XXX-1 security@debian.org +http://www.debian.org/security/ Dann Frazier, Simon Horman +XXXXX 8th, 2005 http://www.debian.org/security/faq +-------------------------------------------------------------------------- + +Package : kernel-source-2.4.27 +Vulnerability : several +Problem-Type : local/remote +Debian-specific: no +CVE IDs : CVE-2004-0887 CVE-2004-1058 CVE-2004-2607 CVE-2005-0449 CVE-2005-1761 CVE-2005-2457 CVE-2005-2555 CVE-2005-2709 CVE-2005-2973 CVE-2005-3257 CVE-2005-3783 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4618 +Debian Bug : + +Several local and remote vulnerabilities have been discovered in the Linux +kernel that may lead to a denial of service or the execution of arbitrary +code. The Common Vulnerabilities and Exposures project identifies the +following problems: + +CVE-2004-0887 + + Martin Schwidefsky discovered that the privileged instruction SACF (Set + Address Space Control Fast) on the S/390 platform is not handled properly, + allowing for a local user to gain root privileges. + +CVE-2004-1058 + + A race condition allows for a local user to read the environment variables + of another process that is still spawning through /proc/.../cmdline. + +CVE-2004-2607 + + A numeric casting discrepancy in sdla_xfer allows local users to read + portions of kernel memory via a large len argument which is received as an + int but cast to a short, preventing read loop from filling a buffer. + +CVE-2005-0449 + + An error in the skb_checksum_help() function from the netfilter framework + has been discovered that allows the bypass of packet filter rules or + a denial of service attack. + +CVE-2005-1761 + + A vulnerability in the ptrace subsystem of the IA-64 architecture can + allow local attackers to overwrite kernel memory and crash the kernel. + +CVE-2005-2457 + + Tim Yamin discovered that insufficient input validation in the compressed + ISO file system (zisofs) allows a denial of service attack through + maliciously crafted ISO images. + +CVE-2005-2555 + + Herbert Xu discovered that the setsockopt() function was not restricted to + users/processes with the CAP_NET_ADMIN capability. This allows attackers to + manipulate IPSEC policies or initiate a denial of service attack. + +CVE-2005-2709 + + Al Viro discovered a race condition in the /proc handling of network devices. + A (local) attacker could exploit the stale reference after interface shutdown + to cause a denial of service or possibly execute code in kernel mode. + +CVE-2005-2973 + + Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code + can be forced into an endless loop, which allows a denial of service attack. + +CVE-2005-3257 + + Rudolf Polzer discovered that the kernel improperly restricts access to the + KDSKBSENT ioctl, which can possibly lead to privilege escalation. + +CVE-2005-3783 + + The ptrace code using CLONE_THREAD didn't use the thread group ID to + determine whether the caller is attaching to itself, which allows a denial + of service attack. + +CVE-2005-3806 + + Yen Zheng discovered that the IPv6 flow label code modified an incorrect variable, + which could lead to memory corruption and denial of service. + +CVE-2005-3848 + + Ollie Wild discovered a memory leak in the icmp_push_reply() function, which + allows denial of service through memory consumption. + +CVE-2005-3857 + + Chris Wright discovered that excessive allocation of broken file lock leases + in the VFS layer can exhaust memory and fill up the system logging, which allows + denial of service. + +CVE-2005-3858 + + Patrick McHardy discovered a memory leak in the ip6_input_finish() function from + the IPv6 code, which allows denial of service. + +CVE-2005-4618 + + Yi Ying discovered that sysctl does not properly enforce the size of a + buffer, which allows a denial of service attack. + +The following matrix explains which kernel version for which architecture +fix the problems mentioned above: + + Debian 3.1 (sarge) + Source 2.4.27-10sarge2 + Alpha architecture 2.4.27-10sarge2 + ARM architecture 2.4.27-2sarge2 + Intel IA-32 architecture 2.4.27-10sarge2 + Intel IA-64 architecture 2.4.27-10sarge2 + Motorola 680x0 architecture 2.4.27-3sarge2 + Big endian MIPS architecture 2.4.27-10.sarge1.040815-2 + Little endian MIPS architecture 2.4.27-10.sarge1.040815-2 + PowerPC architecture 2.4.27-10sarge2 + IBM S/390 architecture 2.4.27-2sarge2 + Sun Sparc architecture 2.4.27-9sarge2 + +The following matrix lists additional packages that were rebuilt for +compatability with or to take advantage of this update: + + Debian 3.1 (sarge) + kernel-latest-2.4-alpha 101sarge1 + kernel-latest-2.4-i386 101sarge1 + kernel-latest-2.4-s390 2.4.27-1sarge1 + kernel-latest-2.4-sparc 42sarge1 + kernel-latest-powerpc 102sarge1 + fai-kernels 1.9.1sarge1 + i2c 1:2.9.1-1sarge1 + kernel-image-speakup-i386 2.4.27-1.1sasrge1 + lm-sensors 1:2.9.1-1sarge3 + mindi-kernel 2.4.27-2sarge1 + pcmcia-modules-2.4.27-i386 3.2.5+2sarge1 + systemimager 3.2.3-6sarge1 + +We recommend that you upgrade your kernel package immediately and reboot +the machine. If you have built a custom kernel from the kernel source +package, you will need to rebuild to take advantage of these fixes. + +Upgrade Instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +You may use an automated update by adding the resources from the +footer to the proper configuration. + + +Debian GNU/Linux 3.1 alias sarge +-------------------------------- + + + These files will probably be moved into the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show ' and http://packages.debian.org/ -- cgit v1.2.3