From 7633a46ba2b5c538d7fc636599efdf646b4940d6 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Thu, 16 Sep 2010 16:18:25 +0000 Subject: new text git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1962 e094ebfe-e918-0410-adfb-c712417f3574 --- dsa-texts/2.6.26-25lenny1 | 95 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 dsa-texts/2.6.26-25lenny1 (limited to 'dsa-texts/2.6.26-25lenny1') diff --git a/dsa-texts/2.6.26-25lenny1 b/dsa-texts/2.6.26-25lenny1 new file mode 100644 index 000000000..6e260edc8 --- /dev/null +++ b/dsa-texts/2.6.26-25lenny1 @@ -0,0 +1,95 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ dann frazier +September 16, 2010 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service/information leak +Problem type : local +Debian-specific: no +CVE Id(s) : CVE-2010-2492 CVE-2010-2954 CVE-2010-3078 CVE-2010-3080 + CVE-2010-3081 +Debian Bug(s) : + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a denial of service or privilege escalation. The Common +Vulnerabilities and Exposures project identifies the following problems: + +CVE-2010-2492 + + Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer + overflow condition may allow local users to cause a denial of service + or gain elevated privileges. + +CVE-2010-2954 + + Tavis Ormandy reported an issue in the irda subsystem which may allow + local users to cause a denial of service via a NULL pointer dereference. + +CVE-2010-3078 + + Dan Rosenberg discovered an issue in the XFS file system that allows + local users to read potentially sensitive kernel memory. + +CVE-2010-3080 + + Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation + layer. Local users with sufficient privileges to open /dev/sequencer + (by default on Debian, this is members of the 'audio' group) can + cause a denial of service via a NULL pointer dereference. + +CVE-2010-3081 + + Ben Hawkes discovered an issue in the 32-bit compatibility code + for 64-bit systems. Local users can gain elevated privileges due + to insufficient checks in compat_alloc_user_space allocations. + +This update also includes fixes a regression introduced by a previous +update. See the referenced Debian bug page for details. + +For the stable distribution (lenny), this problem has been fixed in +version 2.6.26-25lenny1. + +We recommend that you upgrade your linux-2.6 and user-mode-linux +packages. + +The following matrix lists additional source packages that were +rebuilt for compatibility with or to take advantage of this update: + + Debian 5.0 (lenny) + user-mode-linux 2.6.26-1um-2+25lenny1 + +Upgrade instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +You may use an automated update by adding the resources from the +footer to the proper configuration. + +Debian GNU/Linux 5.0 alias lenny +-------------------------------- + +Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. + + + These files will probably be moved into the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ stable/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show ' and http://packages.debian.org/ -- cgit v1.2.3