From b45c36d0ac6edc60991282bd4a3f05490bfda463 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Fri, 9 Sep 2011 22:30:24 +0000 Subject: Initial draft git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2489 e094ebfe-e918-0410-adfb-c712417f3574 --- dsa-texts/2.6.32-35squeeze2 | 157 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 157 insertions(+) create mode 100644 dsa-texts/2.6.32-35squeeze2 (limited to 'dsa-texts/2.6.32-35squeeze2') diff --git a/dsa-texts/2.6.32-35squeeze2 b/dsa-texts/2.6.32-35squeeze2 new file mode 100644 index 00000000..46bacc13 --- /dev/null +++ b/dsa-texts/2.6.32-35squeeze2 @@ -0,0 +1,157 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-2303-2 security@debian.org +http://www.debian.org/security/ Dann Frazier +September 9, 2011 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service/information leak +Problem type : local/remote +Debian-specific: no +CVE Id(s) : CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491 + CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 + CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723 + CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928 + CVE-2011-3188 CVE-2011-3191 +Debian Bug : 640966 + +The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a +regression that can result in an oops during invalid accesses to +/proc//maps files. + + +The text of the original advisory is reproduced for reference: + +Several vulnerabilities have been discovered in the Linux kernel that may lead +to a denial of service or privilege escalation. The Common Vulnerabilities and +Exposures project identifies the following problems: + +CVE-2011-1020 + + Kees Cook discovered an issue in the /proc filesystem that allows local + users to gain access to sensitive process information after execution of a + setuid binary. + +CVE-2011-1576 + + Ryan Sweat discovered an issue in the VLAN implementation. Local users may + be able to cause a kernel memory leak, resulting in a denial of service. + +CVE-2011-2484 + + Vasiliy Kulikov of Openwall discovered that the number of exit handlers that + a process can register is not capped, resulting in local denial of service + through resource exhaustion (cpu time and memory). + +CVE-2011-2491 + + Vasily Averin discovered an issue with the NFS locking implementation. A + malicious NFS server can cause a client to hang indefinitely in an unlock + call. + +CVE-2011-2492 + + Marek Kroemeke and Filip Palian discovered that uninitialized struct + elements in the Bluetooth subsystem could lead to a leak of sensitive kernel + memory through leaked stack memory. + +CVE-2011-2495 + + Vasiliy Kulikov of Openwall discovered that the io file of a process' proc + directory was world-readable, resulting in local information disclosure of + information such as password lengths. + +CVE-2011-2496 + + Robert Swiecki discovered that mremap() could be abused for local denial of + service by triggering a BUG_ON assert. + +CVE-2011-2497 + + Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, + which could lead to denial of service or privilege escalation. + +CVE-2011-2517 + + It was discovered that the netlink-based wireless configuration interface + performed insufficient length validation when parsing SSIDs, resulting in + buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a + denial of service. + +CVE-2011-2525 + + Ben Pfaff reported an issue in the network scheduling code. A local user + could cause a denial of service (NULL pointer dereference) by sending a + specially crafted netlink message. + +CVE-2011-2700 + + Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the + driver for the Si4713 FM Radio Transmitter driver used by N900 devices. + Local users could exploit this issue to cause a denial of service or + potentially gain elevated privileges. + +CVE-2011-2723 + + Brent Meshier reported an issue in the GRO (generic receive offload) + implementation. This can be exploited by remote users to create a denial of + service (system crash) in certain network device configurations. + +CVE-2011-2905 + + Christian Ohm discovered that the 'perf' analysis tool searches for its + config files in the current working directory. This could lead to denial of + service or potential privilege escalation if a user with elevated privileges + is tricked into running 'perf' in a directory under the control of the + attacker. + +CVE-2011-2909 + + Vasiliy Kulikov of Openwall discovered that a programming error in + the Comedi driver could lead to the information disclosure through + leaked stack memory. + +CVE-2011-2918 + + Vince Weaver discovered that incorrect handling of software event overflows + in the 'perf' analysis tool could lead to local denial of service. + +CVE-2011-2928 + + Timo Warns discovered that insufficient validation of Be filesystem images + could lead to local denial of service if a malformed filesystem image is + mounted. + +CVE-2011-3188 + + Dan Kaminsky reported a weakness of the sequence number generation in the + TCP protocol implementation. This can be used by remote attackers to inject + packets into an active session. + +CVE-2011-3191 + + Darren Lavender reported an issue in the Common Internet File System (CIFS). + A malicious file server could cause memory corruption leading to a denial of + service. + +This update also includes a fix for a regression introduced with the previous +security fix for CVE-2011-1768 (Debian: #633738) + +For the stable distribution (squeeze), this problem has been fixed in version +2.6.32-35squeeze1. Updates for issues impacting the oldstable distribution +(lenny) will be available soon. + +The following matrix lists additional source packages that were rebuilt for +compatibility with or to take advantage of this update: + + Debian 6.0 (squeeze) + user-mode-linux 2.6.32-1um-4+35squeeze1 + +We recommend that you upgrade your linux-2.6 and user-mode-linux packages. + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: http://www.debian.org/security/ + +Mailing list: debian-security-announce@lists.debian.org + -- cgit v1.2.3