From 6e690ea60fbb9cf4e36895430b5a7349998bb944 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Tue, 20 Sep 2011 03:17:05 +0000 Subject: new text git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2499 e094ebfe-e918-0410-adfb-c712417f3574 --- dsa-texts/2.6.26-26lenny4 | 143 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 dsa-texts/2.6.26-26lenny4 (limited to 'dsa-texts/2.6.26-26lenny4') diff --git a/dsa-texts/2.6.26-26lenny4 b/dsa-texts/2.6.26-26lenny4 new file mode 100644 index 000000000..fe45b3ebd --- /dev/null +++ b/dsa-texts/2.6.26-26lenny4 @@ -0,0 +1,143 @@ +------------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ dann frazier +September 20, 2011 http://www.debian.org/security/faq +------------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service/information leak +Problem type : local/remote +Debian-specific: no +CVE Id(s) : CVE-2009-4067 CVE-2011-0712 CVE-2011-1020 CVE-2011-2209 + CVE-2011-2211 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491 + CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 + CVE-2011-2525 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191 +Debian Bug : 633738 + +Several vulnerabilities have been discovered in the Linux kernel that may lead +to a privilege escalation, denial of service or information leak. The Common +Vulnerabilities and Exposures project identifies the following problems: + +[*]CVE-2009-4067 + + Rafael Dominguez Vega of MWR InfoSecurity reported an issue in auerswald + module, a driver for Auerswald PBX/System Telephone USB devices. + Attackers with physical access to a system's USB ports could obtain + elevated privileges using a specially crafted USB device. + +[*]CVE-2011-0712 + + Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq + module, a USB driver for Native Instruments USB audio devices. Attackers + with physical access to a system's USB ports could obtain elevated + privileges using a specially crafted USB device. + +CVE-2011-1020 + + Kees Cook discovered an issue in the /proc filesystem that allows local + users to gain access to sensitive process information after execution of a + setuid binary. + +[*]CVE-2011-2209 + + Dan Rosenberg discovered an issue in the osf_sysinfo() system call on + the alpha architecture. Local users could obtain access to sensitive + kernel memory. + +[*]CVE-2011-2211 + + Dan Rosenberg discovered an issue in the osf_wait4() system call on the + alpha architecture permitting local users to gain elevated privileges. + +[*]CVE-2011-2213 + + Dan Rosenberg discovered an issue in the INET socket monitoring interface. + Local users could cause a denial of service by injecting code and causing + the kernel to execute an infinite loop. + +CVE-2011-2484 + + Vasiliy Kulikov of Openwall discovered that the number of exit handlers that + a process can register is not capped, resulting in local denial of service + through resource exhaustion (cpu time and memory). + +CVE-2011-2491 + + Vasily Averin discovered an issue with the NFS locking implementation. A + malicious NFS server can cause a client to hang indefinitely in an unlock + call. + +CVE-2011-2492 + + Marek Kroemeke and Filip Palian discovered that uninitialized struct + elements in the Bluetooth subsystem could lead to a leak of sensitive kernel + memory through leaked stack memory. + +CVE-2011-2495 + + Vasiliy Kulikov of Openwall discovered that the io file of a process' proc + directory was world-readable, resulting in local information disclosure of + information such as password lengths. + +CVE-2011-2496 + + Robert Swiecki discovered that mremap() could be abused for local denial of + service by triggering a BUG_ON assert. + +CVE-2011-2497 + + Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, + which could lead to denial of service or privilege escalation. + +CVE-2011-2525 + + Ben Pfaff reported an issue in the network scheduling code. A local user + could cause a denial of service (NULL pointer dereference) by sending a + specially crafted netlink message. + +CVE-2011-2928 + + Timo Warns discovered that insufficient validation of Be filesystem images + could lead to local denial of service if a malformed filesystem image is + mounted. + +CVE-2011-3188 + + Dan Kaminsky reported a weakness of the sequence number generation in the + TCP protocol implementation. This can be used by remote attackers to inject + packets into an active session. + +CVE-2011-3191 + + Darren Lavender reported an issue in the Common Internet File System (CIFS). + A malicious file server could cause memory corruption leading to a denial of + service. + +This update also includes a fix for a regression introduced with the previous +security fix for CVE-2011-1768 (Debian: #633738) + +For the oldstable distribution (lenny), this problem has been fixed in +version 2.6.26-26lenny4. + +The following matrix lists additional source packages that were rebuilt for +compatibility with or to take advantage of this update: + + Debian 5.0 (lenny) + user-mode-linux 2.6.26-1um-2+26lenny4 + +We recommend that you upgrade your linux-2.6 and user-mode-linux packages. +These updates will not become active until after your system is rebooted. + +Note: Debian carefully tracks all known security issues across every +linux kernel package in all releases under active security support. +However, given the high frequency at which low-severity security +issues are discovered in the kernel and the resource requirements of +doing an update, updates for lower priority issues will normally not +be released for all kernels at the same time. Rather, they will be +released in a staggered or "leap-frog" fashion. + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: http://www.debian.org/security/ + +Mailing list: debian-security-announce@lists.debian.org -- cgit v1.2.3