1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
----------------------------------------------------------------------
Debian Security Advisory DSA-XXXX-1 security@debian.org
http://www.debian.org/security/ Dann Frazier
February XX, 2010 http://www.debian.org/security/faq
----------------------------------------------------------------------
Package : linux-2.6.24
Vulnerability : privilege escalation/denial of service/sensitive memory leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-2691 CVE-2009-2695 CVE-2009-3080 CVE-2009-3726
CVE-2009-3889 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021
CVE-2009-4138 CVE-2009-4308 CVE-2009-4536 CVE-2009-4538
CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0410
CVE-2010-0415 CVE-2010-0622
NOTE: This kernel update marks the final planned kernel security
update for the 2.6.24 kernel in the Debian release 'etch'.
Although security support for 'etch' officially ended on
Feburary 15th, 2010, this update was already in preparation
before that date.
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-2691
Steve Beattie and Kees Cook reported an information leak in the
maps and smaps files available under /proc. Local users maybe
able to read this data for setuid processes while the ELF binary
is being loaded.
CVE-2009-2695
Eric Paris provided several fixes to increase the protection
provided by the mmap_min_addr tunable against NULL pointer
dereference vulnerabilities.
CVE-2009-3080
Dave Jones reported an issue in the gdth SCSI driver. A missing
check for negative offsets in an ioctl call could be exploited by
local users to create a denial of service or potentially gain
elevated privileges.
CVE-2009-3726
Trond Myklebust reported an issue where a malicious NFS server
could cause a denial of service condition on its clients by
returning incorrect attributes during an open call.
CVE-2009-3889
Joe Malicki discovered an issue in the megaraid_sas driver.
Insufficient permissions on the sysfs dbg_lvl interface allow
local users to modify the debug logging behavior.
CVE-2009-4005
Roel Kluin discovered an issue in the hfc_usb driver, an ISDN
driver for Colognechip HFC-S USB chip. A potential read overflow
exists which may allow remote users to cause a denial of service
condition (oops).
CVE-2009-4020
Amerigo Wang discovered an issue in the HFS filesystem that would
allow a denial of service by a local user who has sufficient
privileges to mount a specially crafted filesystem.
CVE-2009-4021
Anana V. Avati discovered an issue in the fuse subsystem. If the
system is sufficiently low on memory, a local user can cause the
kernel to dereference an invalid pointer resulting in a denial of
service (oops) and potentially an escalation of privileges.
CVE-2009-4138
Jay Fenlason discovered an issue in the firewire stack that allows
local users to cause a denial of service (oops or crash) by making
a specially crafted ioctl call.
CVE-2009-4308
Ted Ts'o discovered an issue in the ext4 filesystem that allows
local users to cause a denial of service (NULL pointer dereference).
For this to be exploitable, the local user must have sufficient
privileges to mount a filesystem.
CVE-2009-4536 & CVE-2009-4538
Fabian Yamaguchi reported issues in the e1000 and e1000e drivers
for Intel gigabit network adapters which allow remote users to
bypass packet filters using specially crafted ethernet frames.
CVE-2010-0003
Andi Kleen reported a defect which allows local users to gain read
access to memory reachable by the kernel when the
print-fatal-signals option is enabled. This option is disabled by
default.
CVE-2010-0007
Florian Westphal reported a lack of capability checking in the
ebtables netfilter subsystem. If the ebtables module is loaded,
local users can add and modify ebtables rules.
CVE-2010-0291
Al Viro reported several issues with the mmap/mremap system calls
that allow local users to cause a denial of service (system panic)
or obtain elevated privileges.
CVE-2010-0410
Sebastian Krahmer discovered an issue in the netlink connector
subsystem that permits local users to allocate large amounts of
system memory resulting in a denial of service (out of memory).
CVE-2010-0415
Ramon de Carvalho Valle discovered an issue in the sys_move_pages
interface, limited to amd64, ia64 and powerpc64 flavors in Debian.
Local users can exploit this issue to cause a denial of service
(system crash) or gain access to sensitive kernel memory.
CVE-2010-0622
Jermome Marchand reported an issue in the futex subsystem that
allows a local user to force an invalid futex state which results
in a denial of service (oops).
For the oldstable distribution (etch), this problem has been fixed in
version 2.6.24-6~etchnhalf.9etch3.
We recommend that you upgrade your linux-2.6.24 packages.
Upgrade instructions
--------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
-------------------------------
These changes will probably be included in the oldstable distribution on
its next update.
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
|