From ca1947b33afe19a85bfaf34353c924a4fdd4363d Mon Sep 17 00:00:00 2001 From: dann frazier Date: Thu, 16 Oct 2008 18:05:20 +0000 Subject: new draft git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1246 e094ebfe-e918-0410-adfb-c712417f3574 --- dsa-texts/2.6.24-6~etchnhalf.6 | 78 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 dsa-texts/2.6.24-6~etchnhalf.6 (limited to 'dsa-texts/2.6.24-6~etchnhalf.6') diff --git a/dsa-texts/2.6.24-6~etchnhalf.6 b/dsa-texts/2.6.24-6~etchnhalf.6 new file mode 100644 index 00000000..9bc76a80 --- /dev/null +++ b/dsa-texts/2.6.24-6~etchnhalf.6 @@ -0,0 +1,78 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ dann frazier +Oct 16, 2008 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6.24 +Vulnerability : denial of service/information leak/privilege escalation +Problem type : local +Debian-specific: no +CVE Id(s) : CVE-2008-1514 CVE-2008-3525 CVE-2008-3831 CVE-2008-4113 + CVE-2008-4445 + +Several vulnerabilities have been discovered in the Linux kernel that may +lead to a denial of service or leak sensitive data. The Common Vulnerabilities +and Exposures project identifies the following problems: + +CVE-2008-1514 + + Jan Kratochvil reported a local denial of service vulnerability in + the ptrace interface for the s390 architecture. Local users can + trigger an invalid pointer dereference, leading to a system panic. + +CVE-2008-3525 + + Eugene Teo reported a lack of capability checks in the kernel + driver for Granch SBNI12 leased line adapters (sbni), allowing + local users to perform privileged operations. + +CVE-2008-3831 + + Olaf Kirch discovered an issue with the i915 driver that may + allow local users to cause memory corruption by use of an + ioctl with insufficient privilege restrictions. + +CVE-2008-4113 +CVE-2008-4445 + + Eugene Teo discovered two issues in the SCTP subsystem which allow + local users to obtain access to sensitive memory when the SCTP-AUTH + extension is enabled. + +For the stable distribution (etch), these problems have been fixed in +version 2.6.24-6~etchnhalf.6. + +We recommend that you upgrade your linux-2.6.24 packages. + +Upgrade instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +You may use an automated update by adding the resources from the +footer to the proper configuration. + +Debian GNU/Linux 4.0 alias etch +------------------------------- + + + These changes will probably be included in the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show ' and http://packages.debian.org/ -- cgit v1.2.3