dsa-texts/2.4.27-10sarge2


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

Subject: New Linux kernel 2.4.27 packages fix several issues

--------------------------------------------------------------------------
Debian Security Advisory DSA XXX-1                     security@debian.org
http://www.debian.org/security/                 Dann Frazier, Simon Horman
XXXXX 8th, 2005                         http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : kernel-source-2.4.27
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE IDs        : CVE-2004-0887 CVE-2004-1058 CVE-2004-2607 CVE-2005-0449 CVE-2005-1761 CVE-2005-2457 CVE-2005-2555 CVE-2005-2709 CVE-2005-2973 CVE-2005-3257 CVE-2005-3783 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4618
Debian Bug     : 

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2004-0887

    Martin Schwidefsky discovered that the privileged instruction SACF (Set
    Address Space Control Fast) on the S/390 platform is not handled properly, 
    allowing for a local user to gain root privileges.

CVE-2004-1058

    A race condition allows for a local user to read the environment variables
    of another process that is still spawning through /proc/.../cmdline.

CVE-2004-2607

    A numeric casting discrepancy in sdla_xfer allows local users to read
    portions of kernel memory via a large len argument which is received as an
    int but cast to a short, preventing read loop from filling a buffer.

CVE-2005-0449
    
    An error in the skb_checksum_help() function from the netfilter framework
    has been discovered that allows the bypass of packet filter rules or
    a denial of service attack.

CVE-2005-1761

    A vulnerability in the ptrace subsystem of the IA-64 architecture can 
    allow local attackers to overwrite kernel memory and crash the kernel.

CVE-2005-2457

    Tim Yamin discovered that insufficient input validation in the compressed
    ISO file system (zisofs) allows a denial of service attack through
    maliciously crafted ISO images.

CVE-2005-2555

    Herbert Xu discovered that the setsockopt() function was not restricted to
    users/processes with the CAP_NET_ADMIN capability. This allows attackers to
    manipulate IPSEC policies or initiate a denial of service attack. 

CVE-2005-2709

    Al Viro discovered a race condition in the /proc handling of network devices.
    A (local) attacker could exploit the stale reference after interface shutdown
    to cause a denial of service or possibly execute code in kernel mode.

CVE-2005-2973
 
    Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code
    can be forced into an endless loop, which allows a denial of service attack.

CVE-2005-3257

    Rudolf Polzer discovered that the kernel improperly restricts access to the
    KDSKBSENT ioctl, which can possibly lead to privilege escalation.

CVE-2005-3783

    The ptrace code using CLONE_THREAD didn't use the thread group ID to
    determine whether the caller is attaching to itself, which allows a denial
    of service attack.

CVE-2005-3806

    Yen Zheng discovered that the IPv6 flow label code modified an incorrect variable,
    which could lead to memory corruption and denial of service.

CVE-2005-3848

    Ollie Wild discovered a memory leak in the icmp_push_reply() function, which
    allows denial of service through memory consumption.

CVE-2005-3857

    Chris Wright discovered that excessive allocation of broken file lock leases
    in the VFS layer can exhaust memory and fill up the system logging, which allows
    denial of service.

CVE-2005-3858

    Patrick McHardy discovered a memory leak in the ip6_input_finish() function from
    the IPv6 code, which allows denial of service.

CVE-2005-4618

    Yi Ying discovered that sysctl does not properly enforce the size of a
    buffer, which allows a denial of service attack.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                     Debian 3.1 (sarge)
     Source                          2.4.27-10sarge2
     Alpha architecture              2.4.27-10sarge2
     ARM architecture                2.4.27-2sarge2
     Intel IA-32 architecture        2.4.27-10sarge2
     Intel IA-64 architecture        2.4.27-10sarge2
     Motorola 680x0 architecture     2.4.27-3sarge2
     Big endian MIPS architecture    2.4.27-10.sarge1.040815-2
     Little endian MIPS architecture 2.4.27-10.sarge1.040815-2
     PowerPC architecture            2.4.27-10sarge2
     IBM S/390 architecture          2.4.27-2sarge2
     Sun Sparc architecture          2.4.27-9sarge2

The following matrix lists additional packages that were rebuilt for
compatability with or to take advantage of this update:

                                     Debian 3.1 (sarge)
     kernel-latest-2.4-alpha         101sarge1
     kernel-latest-2.4-i386          101sarge1
     kernel-latest-2.4-s390          2.4.27-1sarge1
     kernel-latest-2.4-sparc         42sarge1
     kernel-latest-powerpc           102sarge1
     fai-kernels                     1.9.1sarge1
     i2c                             1:2.9.1-1sarge1
     kernel-image-speakup-i386       2.4.27-1.1sasrge1
     lm-sensors                      1:2.9.1-1sarge3
     mindi-kernel                    2.4.27-2sarge1
     pcmcia-modules-2.4.27-i386      3.2.5+2sarge1
     systemimager                    3.2.3-6sarge1

We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.

Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
--------------------------------


  These files will probably be moved into the stable distribution on
  its next update.

---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>