summaryrefslogtreecommitdiffstats
path: root/dsa-texts/2.4.27-10sarge3
blob: 4be83011af0f1bacde97c86654fdb19dda3abed6 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
Subject: New Linux kernel 2.4.27 packages fix several issues

--------------------------------------------------------------------------
Debian Security Advisory DSA XXX-1                     security@debian.org
http://www.debian.org/security/                   Dann Frazier, Troy Heber
XXXXX 8th, 2005                         http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : kernel-source-2.4.27
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE ID         : CVE-2006-0038 CVE-2006-0039 CVE-2006-0741 CVE-2006-0742
                 CVE-2006-1056 CVE-2006-1242 CVE-2006-1343 CVE-2006-1368
                 CVE-2006-1524 CVE-2006-1525 CVE-2006-1857 CVE-2006-1858
                 CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274
Debian Bug     : 

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2006-0038

    "Solar Designer" discovered that arithmetic computations in netfilter's
    do_replace() function can lead to a buffer overflow and the execution of
    arbitrary code. However, the operation requires CAP_NET_ADMIN privileges,
    which is only an issue in virtualization systems or fine grained access
    control systems.

CVE-2006-0039

    "Solar Designer" discovered a race condition in netfilter's
    do_add_counters() function, which allows information disclosure of
    kernel memory by exploiting a race condition. Like CVE-2006-0038,
    it requires CAP_NET_ADMIN privileges.

CVE-2006-0741

    Intel EM64T systems were discovered to be susceptible to a local
    DoS due to an endless recursive fault related to a bad ELF entry
    address.

CVE-2006-0742

    Alan and Gareth discovered that the ia64 platform had an
    incorrectly declared die_if_kernel() function as "does never
    return" which could be exploited by a local attacker resulting in
    a kernel crash.

CVE-2006-1056

    AMD64 machines (and other 7th and 8th generation AuthenticAMD
    processors) were found to be vulnerable to sensitive information
    leakage, due to how they handle saving and restoring the FOP, FIP,
    and FDP x87 registers in FXSAVE/FXRSTOR when an exception is
    pending. This allows a process to determine portions of the state
    of floating point instructions of other processes.

CVE-2006-1242

    Marco Ivaldi discovered that there was an unintended information
    disclosure allowing remote attackers to bypass protections against
    Idle Scans (nmap -sI) by abusing the ID field of IP packets and
    bypassing the zero IP ID in DF packet countermeasure. This was a
    result of the ip_push_pending_frames function improperly
    incremented the IP ID field when sending a RST after receiving
    unsolicited TCP SYN-ACK packets.

CVE-2006-1343

    Pavel Kankovsky reported the existance of a potential information leak
    resulting from the failure to initialize sin.sin_zero in the IPv4 socket
    code.

CVE-2006-1368

    Shaun Tancheff discovered a buffer overflow (boundry condition
    error) in the USB Gadget RNDIS implementation allowing remote
    attackers to cause a DoS. While creating a reply message, the
    driver allocated memory for the reply data, but not for the reply
    structure. The kernel fails to properly bounds-check user-supplied
    data before copying it to an insufficiently sized memory
    buffer. Attackers could crash the system, or possibly execute
    arbitrary machine code.

CVE-2006-1524

    Hugh Dickins discovered an issue in the madvise_remove function wherein
    file and mmap restrictions are not followed, allowing local users to
    bypass IPC permissions and replace portions of readonly tmpfs files with
    zeroes.

CVE-2006-1525

    Alexandra Kossovsky reported a NULL pointer dereference condition in
    ip_route_input() that can be triggered by a local user by requesting
    a route for a multicast IP address, resulting in a denial of service
    (panic).

CVE-2006-1857

    Vlad Yasevich reported a data validation issue in the SCTP subsystem
    that may allow a remote user to overflow a buffer using a badly formatted
    HB-ACK chunk, resulting in a denial of service.

CVE-2006-1858

    Vlad Yasevich reported a bug in the bounds checking code in the SCTP
    subsystem that may allow a remote attacker to trigger a denial of service
    attack when rounded parameter lengths are used to calculate parameter
    lengths instead of the actual values.

CVE-2006-1864

    Mark Mosely discovered that chroots residing on an SMB share can be
    escaped with specially crafted "cd" sequences.

CVE-2006-2271

    The "Mu security team" discovered that carefully crafted ECNE chunks can
    cause a kernel crash by accessing incorrect state stable entries in the
    SCTP networking subsystem, which allows denial of service.

CVE-2006-2272

    The "Mu security team" discovered that fragmented SCTP control
    chunks can trigger kernel panics, which allows for denial of
    service attacks.

CVE-2006-2274

    It was discovered that SCTP packets with two initial bundled data
    packets can lead to infinite recursion, which allows for denial of
    service attacks.



The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                 Debian 3.1 (sarge)
     Source                      2.4.27-10sarge3
     Alpha architecture          2.4.27-10sarge3
     ARM architecture            2.4.27-2sarge3
     Intel IA-32 architecture    2.4.27-10sarge3
     Intel IA-64 architecture    2.4.27-10sarge3
     Motorola 680x0 architecture 2.4.27-3sarge3
     Big endian MIPS             2.4.27-10.sarge3.040815-1
     Little endian MIPS          2.4.27-10.sarge3.040815-1
     PowerPC architecture        2.4.27-10sarge3
     IBM S/390 architecture      2.4.27-2sarge3
     Sun Sparc architecture      2.4.27-9sarge3

The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:

                                 Debian 3.1 (sarge)
     fai-kernels                 1.9.1sarge2
     kernel-image-2.4.27-speakup 2.4.27-1.1sarge2
     mindi-kernel                2.4.27-2sarge2
     systemimager                3.2.3-6sarge2

We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.

Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
--------------------------------


  These files will probably be moved into the stable distribution on
  its next update.

---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

© 2014-2024 Faster IT GmbH | imprint | privacy policy