From 637be159b0e593b784db6b54790f53f9e7e073fa Mon Sep 17 00:00:00 2001 From: dann frazier Date: Sat, 18 Jun 2011 23:23:02 +0000 Subject: flesh out git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2357 e094ebfe-e918-0410-adfb-c712417f3574 --- dsa-texts/2.6.26-26lenny3 | 43 +++++++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 18 deletions(-) (limited to 'dsa-texts/2.6.26-26lenny3') diff --git a/dsa-texts/2.6.26-26lenny3 b/dsa-texts/2.6.26-26lenny3 index 4da28300..04fa4f4f 100644 --- a/dsa-texts/2.6.26-26lenny3 +++ b/dsa-texts/2.6.26-26lenny3 @@ -1,7 +1,7 @@ ------------------------------------------------------------------------- -Debian Security Advisory DSA-XXXX-1 security@debian.org +Debian Security Advisory DSA-2264-1 security@debian.org http://www.debian.org/security/ dann frazier -June XX, 2011 http://www.debian.org/security/faq +June 18, 2011 http://www.debian.org/security/faq ------------------------------------------------------------------------- Package : linux-2.6 @@ -175,9 +175,9 @@ CVE-2011-1477 CVE-2011-1493 - Dan Rosenburg reported two issues in the Linux implementation of the Amateur - Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of service - by providing specially crafted facilities fields. + Dan Rosenburg reported two issues in the Linux implementation of the + Amateur Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of + service by providing specially crafted facilities fields. CVE-2011-1577 @@ -206,10 +206,10 @@ CVE-2011-1745 CVE-2011-1746 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. - Local users can obtain elevated privileges or cause a denial of service due - to missing bounds checking in the agp_allocate_memory and - agp_create_user_memory. On default Debian installations, this is exploitable - only by users in the video group. + Local users can obtain elevated privileges or cause a denial of service + due to missing bounds checking in the agp_allocate_memory and + agp_create_user_memory. On default Debian installations, this is + exploitable only by users in the video group. CVE-2011-1748 @@ -226,8 +226,8 @@ CVE-2011-1759 CVE-2011-1767 Alexecy Dobriyan reported an issue in the GRE over IP implementation. - Remote users can cause a denial of service by sending a packet during module - initialization. + Remote users can cause a denial of service by sending a packet during + module initialization. CVE-2011-1768 @@ -239,8 +239,8 @@ CVE-2011-1776 Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access can gain access to sensitive kernel - memory by adding a storage device with a specially crafted corrupted invalid - partition table. + memory by adding a storage device with a specially crafted corrupted + invalid partition table. CVE-2011-2022 @@ -254,8 +254,9 @@ CVE-2011-2182 Ben Hutchings reported an issue with the fix for CVE-2011-1017 (see above) that made it insufficient to resolve the issue. -For the stable distribution (lenny), this problem has been fixed in -version 2.6.26-26lenny2. +For the oldstable distribution (lenny), this problem has been fixed in +version 2.6.26-26lenny3. Updates for arm and hppa are not yet available, +but will be released as soon as possible. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: @@ -264,9 +265,15 @@ compatibility with or to take advantage of this update: user-mode-linux 2.6.26-1um-2+26lenny3 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. - -Note that these updates will not become active until after your system is -rebooted. +These updates will not become active until after your system is rebooted. + +Note: Debian carefully tracks all known security issues across every +linux kernel package in all releases under active security support. +However, given the high frequency at which low-severity security +issues are discovered in the kernel and the resource requirements of +doing an update, updates for lower priority issues will normally not +be released for all kernels at the same time. Rather, they will be +released in a staggered or "leap-frog" fashion. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be -- cgit v1.2.3