--------------------------------------------------------------------------
Debian Security Advisory DSA XXX-1                     security@debian.org
http://www.debian.org/security/                               Dann Frazier
XXXXX Xth, 2007                         http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : kernel-source-2.6.8
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE ID         : CVE-2005-4811 CVE-2006-4814 CVE-2006-4623 CVE-2006-5753
                 CVE-2006-5754 CVE-2006-5757 CVE-2006-6053 CVE-2006-6056
                 CVE-2006-6060 CVE-2006-6106 CVE-2006-6535 CVE-2007-0958
                 CVE-2007-1357 CVE-2007-1592

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. 

This update also fixes a regression in the smbfs subsystem which was introduced
in DSA-1233.

The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2005-4811

    David Gibson reported an issue in the hugepage code which could permit
    a local DoS (system crash) on appropriately configured systems.

CVE-2006-4814

    Doug Chapman discovered a potential local DoS (deadlock) in the mincore
    function caused by improper lock handling.

CVE-2006-4623

    Ang Way Chuang reported a remote DoS (crash) in the dvb driver which
    can be triggered by a ULE package with an SNDU length of 0.

CVE-2006-5753

    Eric Sandeen provided a fix for a local memory corruption vulnerability
    resulting from a misinterpretation of return values when operating on
    inodes which have been marked bad.

CVE-2006-5754

    Darrick Wong discovered a local DoS (crash) vulnerability resulting from
    the incorrect initialization of "nr_pages" in aio_setup_ring().

CVE-2006-5757

    LMH reported a potential local DoS which could be exploited by a malicious
    user with the privileges to mount and read a corrupted iso9660 filesystem.

CVE-2006-6053

    LMH reported a potential local DoS which could be exploited by a malicious
    user with the privileges to mount and read a corrupted ext3 filesystem.

CVE-2006-6056

    LMH reported a potential local DoS which could be exploited by a malicious
    user with the privileges to mount and read a corrupted hfs filesystem on
    systems with SELinux hooks enabled (Debian does not enable SELinux by
    default).

CVE-2006-6060

    LMH reported a potential local DoS (infinie loop) which could be exploited
    by a malicious user with the privileges to mount and read a corrupted NTFS
    filesystem.

CVE-2006-6106

    Marcel Holtman discovered multiple buffer overflows in the Bluetooth
    subsystem which can be used to trigger a remote DoS (crash) and potentially
    execute arbitray code.

CVE-2006-6535

    Kostantin Khorenko discovered an invalid error path in dev_queue_xmit()
    which could be exploited by a local user to cause data corruption.

CVE-2007-0958

    Santosh Eraniose reported a vulnerability that allows local users to read
    otherwise unreadable files by triggering a core dump while using PT_INTERP.
    This is related to CVE-2004-1073.

CVE-2007-1357

    Jean Delvare reported a vulnerability in the appletalk subsystem.
    Systems with the appletalk module loaded can be triggered to crash
    by other systems on the local network via a malformed frame.

CVE-2007-1592

    Masayuki Nakagawa discovered that flow labels were inadvertently
    being shared between listening sockets and child sockets. This defect
    can be exploited by local users to cause a DoS (Oops).

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                 Debian 3.1 (sarge)
     Source                      2.6.8-16sarge7
     Alpha architecture          2.6.8-16sarge7
     AMD64 architecture          2.6.8-16sarge7
     HP Precision architecture   2.6.8-6sarge7
     Intel IA-32 architecture    2.6.8-16sarge7
     Intel IA-64 architecture    2.6.8-14sarge7
     Motorola 680x0 architecture 2.6.8-4sarge7
     PowerPC architecture        2.6.8-12sarge7
     IBM S/390 architecture      2.6.8-5sarge7
     Sun Sparc architecture      2.6.8-15sarge7

We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.

Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
--------------------------------


  These files will probably be moved into the stable distribution on
  its next update.

---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>