From 5cbb2b398660cea99ce05399b629230e1ccc4baa Mon Sep 17 00:00:00 2001 From: dann frazier Date: Fri, 22 Feb 2008 16:25:28 +0000 Subject: first draft git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1138 e094ebfe-e918-0410-adfb-c712417f3574 --- dsa-texts/2.4.27-10sarge6 | 206 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 206 insertions(+) create mode 100644 dsa-texts/2.4.27-10sarge6 (limited to 'dsa-texts/2.4.27-10sarge6') diff --git a/dsa-texts/2.4.27-10sarge6 b/dsa-texts/2.4.27-10sarge6 new file mode 100644 index 000000000..544b0410d --- /dev/null +++ b/dsa-texts/2.4.27-10sarge6 @@ -0,0 +1,206 @@ +Subject: New Linux kernel 2.4.27 packages fix several issues + +-------------------------------------------------------------------------- +Debian Security Advisory DSA XXX-1 security@debian.org +http://www.debian.org/security/ Dann Frazier +XXXXX 8th, 2005 http://www.debian.org/security/faq +-------------------------------------------------------------------------- + +Package : kernel-source-2.4.27 +Vulnerability : several +Problem-Type : local/remote +Debian-specific: no +CVE ID : CVE-2004-2731 CVE-2006-4814 CVE-2006-5753 CVE-2006-5823 + CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353 + CVE-2007-1592 CVE-2007-2172 CVE-2007-2525 CVE-2007-3848 + CVE-2007-4308 CVE-2007-4311 CVE-2007-5093 CVE-2007-6063 + CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007 + +Several local and remote vulnerabilities have been discovered in the Linux +kernel that may lead to a denial of service or the execution of arbitrary +code. The Common Vulnerabilities and Exposures project identifies the +following problems: + +CVE-2004-2731 + + infamous41md reported multiple integer overflows in the Sbus PROM + driver that would allow for a DoS (Denial of Service) attack by a + local user, and possibly the execution of arbitrary code. + +CVE-2006-4814 + + Doug Chapman discovered a potential local DoS (deadlock) in the mincore + function caused by improper lock handling. + +CVE-2006-5753 + + Eric Sandeen provided a fix for a local memory corruption vulnerability + resulting from a misinterpretation of return values when operating on + inodes which have been marked bad. + +CVE-2006-5823 + + LMH reported a potential local DoS which could be exploited by a malicious + user with the privileges to mount and read a corrupted cramfs filesystem. + +CVE-2006-6053 + + LMH reported a potential local DoS which could be exploited by a malicious + user with the privileges to mount and read a corrupted ext3 filesystem. + +CVE-2006-6054 + + LMH reported a potential local DoS which could be exploited by a malicious + user with the privileges to mount and read a corrupted ext2 filesystem. + +CVE-2006-6106 + + Marcel Holtman discovered multiple buffer overflows in the Bluetooth + subsystem which can be used to trigger a remote DoS (crash) and potentially + execute arbitray code. + +CVE-2007-1353 + + Ilja van Sprundel discovered that kernel memory could be leaked via the + Bluetooth setsockopt call due to an uninitialized stack buffer. This + could be used by local attackers to read the contents of sensitive kernel + memory. + +CVE-2007-1592 + + Masayuki Nakagawa discovered that flow labels were inadvertently + being shared between listening sockets and child sockets. This defect + can be exploited by local users to cause a DoS (Oops). + +CVE-2007-2172 + + Thomas Graf reported a typo in the DECnet protocol handler that could + be used by a local attacker to overrun an array via crafted packets, + potentially resulting in a Denial of Service (system crash). + A similar issue exists in the IPV4 protocol handler and will be fixed + in a subsequent update. + +CVE-2007-2525 + + Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused + by releasing a socket before PPPIOCGCHAN is called upon it. This could + be used by a local user to DoS a system by consuming all available memory. + +CVE-2007-3848 + + Wojciech Purczynski discovered that pdeath_signal was not being reset + properly under certain conditions which may allow local users to gain + privileges by sending arbitrary signals to suid binaries. + +CVE-2007-4308 + + Alan Cox reported an issue in the aacraid driver that allows unprivileged + local users to make ioctl calls which should be restricted to admin + privileges. + +CVE-2007-4311 + + PaX team discovered an issue in the random driver where a defect in the + reseeding code leads to a reduction in entropy. + +CVE-2007-5093 + + Alex Smith discovered an issue with the pwc driver for certain webcam + devices. If the device is removed while a userspace application has it + open, the driver will wait for userspace to close the device, resulting + in a blocked USB subsystem. This issue is of low security impact as + it requires the attacker to either have physical access to the system + or to convince a user with local access to remove the device on their + behalf. + +CVE-2007-6063 + + Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl + handling, exploitable by a local user. + +CVE-2007-6151 + + ADLAB discovered a possible memory overrun in the ISDN subsystem that + may permit a local user to overwrite kernel memory leading by issuing + ioctls with unterminated data. + +CVE-2007-6206 + + Blake Frantz discovered that when a core file owned by a non-root user + exists, and a root-owned process dumps core over it, the core file + retains its original ownership. This could be used by a local user to + gain access to sensitive information. + +CVE-2007-6694 + + Cyrill Gorcunov reported a NULL pointer dereference in code specific + to the CHRP PowerPC platforms. Local users could exploit this issue + to achieve a Denial of Service (DoS). + +CVE-2008-0007 + + Nick Piggin of SuSE discovered a number of issues in subsystems which + register a fault handler for memory mapped areas. This issue can be + exploited by local users to achieve a Denial of Service (DoS) and possibly + execute arbitrary code. + +The following matrix explains which kernel version for which architecture +fix the problems mentioned above: + + Debian 3.1 (sarge) + Source 2.4.27-10sarge6 + Alpha architecture 2.4.27-10sarge6 + ARM architecture 2.4.27-2sarge6 + Intel IA-32 architecture 2.4.27-10sarge6 + Intel IA-64 architecture 2.4.27-10sarge6 + Motorola 680x0 architecture 2.4.27-3sarge6 + Big endian MIPS 2.4.27-10.sarge4.040815-3 + Little endian MIPS 2.4.27-10.sarge4.040815-3 + PowerPC architecture 2.4.27-10sarge6 + IBM S/390 architecture 2.4.27-2sarge6 + Sun Sparc architecture 2.4.27-9sarge6 + +The following matrix lists additional packages that were rebuilt for +compatibility with or to take advantage of this update: + + Debian 3.1 (sarge) + fai-kernels XXX + kernel-image-2.4.27-speakup XXX + mindi-kernel XXX + systemimager XXX + +We recommend that you upgrade your kernel package immediately and reboot +the machine. If you have built a custom kernel from the kernel source +package, you will need to rebuild to take advantage of these fixes. + +Upgrade Instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +You may use an automated update by adding the resources from the +footer to the proper configuration. + + +Debian GNU/Linux 3.1 alias sarge +-------------------------------- + + These files will probably be moved into the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show ' and http://packages.debian.org/ -- cgit v1.2.3