blob: 544b0410d93077079d82d9495672efd4023d952d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
Subject: New Linux kernel 2.4.27 packages fix several issues
--------------------------------------------------------------------------
Debian Security Advisory DSA XXX-1 security@debian.org
http://www.debian.org/security/ Dann Frazier
XXXXX 8th, 2005 http://www.debian.org/security/faq
--------------------------------------------------------------------------
Package : kernel-source-2.4.27
Vulnerability : several
Problem-Type : local/remote
Debian-specific: no
CVE ID : CVE-2004-2731 CVE-2006-4814 CVE-2006-5753 CVE-2006-5823
CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353
CVE-2007-1592 CVE-2007-2172 CVE-2007-2525 CVE-2007-3848
CVE-2007-4308 CVE-2007-4311 CVE-2007-5093 CVE-2007-6063
CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007
Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2004-2731
infamous41md reported multiple integer overflows in the Sbus PROM
driver that would allow for a DoS (Denial of Service) attack by a
local user, and possibly the execution of arbitrary code.
CVE-2006-4814
Doug Chapman discovered a potential local DoS (deadlock) in the mincore
function caused by improper lock handling.
CVE-2006-5753
Eric Sandeen provided a fix for a local memory corruption vulnerability
resulting from a misinterpretation of return values when operating on
inodes which have been marked bad.
CVE-2006-5823
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted cramfs filesystem.
CVE-2006-6053
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted ext3 filesystem.
CVE-2006-6054
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted ext2 filesystem.
CVE-2006-6106
Marcel Holtman discovered multiple buffer overflows in the Bluetooth
subsystem which can be used to trigger a remote DoS (crash) and potentially
execute arbitray code.
CVE-2007-1353
Ilja van Sprundel discovered that kernel memory could be leaked via the
Bluetooth setsockopt call due to an uninitialized stack buffer. This
could be used by local attackers to read the contents of sensitive kernel
memory.
CVE-2007-1592
Masayuki Nakagawa discovered that flow labels were inadvertently
being shared between listening sockets and child sockets. This defect
can be exploited by local users to cause a DoS (Oops).
CVE-2007-2172
Thomas Graf reported a typo in the DECnet protocol handler that could
be used by a local attacker to overrun an array via crafted packets,
potentially resulting in a Denial of Service (system crash).
A similar issue exists in the IPV4 protocol handler and will be fixed
in a subsequent update.
CVE-2007-2525
Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused
by releasing a socket before PPPIOCGCHAN is called upon it. This could
be used by a local user to DoS a system by consuming all available memory.
CVE-2007-3848
Wojciech Purczynski discovered that pdeath_signal was not being reset
properly under certain conditions which may allow local users to gain
privileges by sending arbitrary signals to suid binaries.
CVE-2007-4308
Alan Cox reported an issue in the aacraid driver that allows unprivileged
local users to make ioctl calls which should be restricted to admin
privileges.
CVE-2007-4311
PaX team discovered an issue in the random driver where a defect in the
reseeding code leads to a reduction in entropy.
CVE-2007-5093
Alex Smith discovered an issue with the pwc driver for certain webcam
devices. If the device is removed while a userspace application has it
open, the driver will wait for userspace to close the device, resulting
in a blocked USB subsystem. This issue is of low security impact as
it requires the attacker to either have physical access to the system
or to convince a user with local access to remove the device on their
behalf.
CVE-2007-6063
Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl
handling, exploitable by a local user.
CVE-2007-6151
ADLAB discovered a possible memory overrun in the ISDN subsystem that
may permit a local user to overwrite kernel memory leading by issuing
ioctls with unterminated data.
CVE-2007-6206
Blake Frantz discovered that when a core file owned by a non-root user
exists, and a root-owned process dumps core over it, the core file
retains its original ownership. This could be used by a local user to
gain access to sensitive information.
CVE-2007-6694
Cyrill Gorcunov reported a NULL pointer dereference in code specific
to the CHRP PowerPC platforms. Local users could exploit this issue
to achieve a Denial of Service (DoS).
CVE-2008-0007
Nick Piggin of SuSE discovered a number of issues in subsystems which
register a fault handler for memory mapped areas. This issue can be
exploited by local users to achieve a Denial of Service (DoS) and possibly
execute arbitrary code.
The following matrix explains which kernel version for which architecture
fix the problems mentioned above:
Debian 3.1 (sarge)
Source 2.4.27-10sarge6
Alpha architecture 2.4.27-10sarge6
ARM architecture 2.4.27-2sarge6
Intel IA-32 architecture 2.4.27-10sarge6
Intel IA-64 architecture 2.4.27-10sarge6
Motorola 680x0 architecture 2.4.27-3sarge6
Big endian MIPS 2.4.27-10.sarge4.040815-3
Little endian MIPS 2.4.27-10.sarge4.040815-3
PowerPC architecture 2.4.27-10sarge6
IBM S/390 architecture 2.4.27-2sarge6
Sun Sparc architecture 2.4.27-9sarge6
The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:
Debian 3.1 (sarge)
fai-kernels XXX
kernel-image-2.4.27-speakup XXX
mindi-kernel XXX
systemimager XXX
We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.
Upgrade Instructions
--------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
--------------------------------
These files will probably be moved into the stable distribution on
its next update.
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
|