Subject: New Linux kernel 2.4.27 packages fix several issues -------------------------------------------------------------------------- Debian Security Advisory DSA XXX-1 security@debian.org http://www.debian.org/security/ Dann Frazier XXXXX 8th, 2005 http://www.debian.org/security/faq -------------------------------------------------------------------------- Package : kernel-source-2.4.27 Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE ID : CVE-2005-4798 CVE-2006-2935 CVE-2006-1528 CVE-2006-2444 CVE-2006-2446 CVE-2006-3745 CVE-2006-4535 CVE-2006-4145 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-4798 Assar discovered a buffer overlow in the NFS readlink handling code that would allows a malicious remote server to cause a denail of service (crash) using a long symlink. CVE-2006-2935 Diego Calleja Garcia discovered a potential buffer overflow in the dvd_read_bca() function that could allow aribrary code execution via a malicious CDROM device CVE-2006-1528 Douglas Gilbert reported a bug in the sg driver that allows local users to oops the kernel by performing dio transfers from the sg driver to memory mapped IO space. CVE-2006-2444 Patrick McHardy reported a memory corruption bug in snmp_trap_decode that could be used by remote attackers to crash a system. CVE-2006-2446 A race between the kfree_skb and __skb_unlink functions allows remote users to crash a system. CVE-2006-3745 Wei Wang discovered a vulnerability in the SCTP subsystem that can be exploited for local privilege escalation. CVE-2006-4145 Colin discovered a bug in the UDF filesystem that allows local users to hang a system when truncating files. CVE-2006-4535 David Miller reported a problem with the fix for CVE-2006-3745 that allows local users to crash the system using via an SCTP socket with a certain SO_LINGER value. The following matrix explains which kernel version for which architecture fix the problems mentioned above: Debian 3.1 (sarge) Source 2.4.27-10sarge4 Alpha architecture 2.4.27-10sarge4 ARM architecture 2.4.27-2sarge4 Intel IA-32 architecture 2.4.27-10sarge4 Intel IA-64 architecture 2.4.27-10sarge4 Motorola 680x0 architecture 2.4.27-3sarge4 Big endian MIPS 2.4.27-10.sarge4.040815-1 Little endian MIPS 2.4.27-10.sarge4.040815-1 PowerPC architecture 2.4.27-10sarge4 IBM S/390 architecture 2.4.27-2sarge4 Sun Sparc architecture 2.4.27-9sarge4 The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update: Debian 3.1 (sarge) fai-kernels 1.9.1sarge4 kernel-image-2.4.27-speakup 2.4.27-1.1sarge3 mindi-kernel 2.4.27-2sarge3 systemimager 3.2.3-6sarge3 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Upgrade Instructions -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge -------------------------------- These files will probably be moved into the stable distribution on its next update. --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/