From 218314f3c319fa74e9707d1fa56acd6d04716abb Mon Sep 17 00:00:00 2001 From: dann frazier Date: Mon, 12 May 2008 16:38:34 +0000 Subject: new dsa text git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1167 e094ebfe-e918-0410-adfb-c712417f3574 --- dsa-texts/2.6.18.dfsg.1-18etch4 | 71 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 dsa-texts/2.6.18.dfsg.1-18etch4 (limited to 'dsa-texts/2.6.18.dfsg.1-18etch4') diff --git a/dsa-texts/2.6.18.dfsg.1-18etch4 b/dsa-texts/2.6.18.dfsg.1-18etch4 new file mode 100644 index 00000000..d4ac35e6 --- /dev/null +++ b/dsa-texts/2.6.18.dfsg.1-18etch4 @@ -0,0 +1,71 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ dann frazier +May 12, 2008 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : denial of service +Problem type : local +Debian-specific: no +CVE Id(s) : CVE-2008-1669 + +Several local vulnerabilities have been discovered in the Linux kernel +that may lead to a denial of service or the execution of arbitrary +code. The Common Vulnerabilities and Exposures project identifies the +following problem: + +CVE-2008-1669 + + Alexander Viro discovered a race condition in the fcntl code that + may permit local users on multi-processor systems to execute parallel + code paths that are otherwise prohibited and gain re-ordered access + to the descriptor table. + +For the stable distribution (etch), this problem has been fixed in version +2.6.18.dfsg.1-18etch4. + +For the unstable distribution(sid), this problem has been fixed in version +2.6.25-2. + +We recommend that you upgrade your linux-2.6, fai-kernels, and +user-mode-linux packages. + +Upgrade instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +The following matrix lists additional source packages that were rebuilt for +compatability with or to take advantage of this update: + + Debian 4.0 (etch) + fai-kernels 1.17+etch.18etch4 + user-mode-linux 2.6.18-1um-2etch.18etch4 + +You may use an automated update by adding the resources from the +footer to the proper configuration. + +Debian GNU/Linux 4.0 alias etch +------------------------------- + + + These changes will probably be included in the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show ' and http://packages.debian.org/ -- cgit v1.2.3