1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
|
----------------------------------------------------------------------
Debian Security Advisory DSA-XXXX-1 security@debian.org
http://www.debian.org/security/ dann frazier
November XX, 2010 http://www.debian.org/security/faq
----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-2963 CVE-2010-3067 CVE-2010-3296 CVE-2010-3297
CVE-2010-3310 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442
CVE-2010-3448 CVE-2010-3477 CVE-2010-3705 CVE-2010-3848
CVE-2010-3849 CVE-2010-3850 CVE-2010-3858 CVE-2010-3859
CVE-2010-3873 CVE-2010-3874 CVE-2010-3875 CVE-2010-3876
CVE-2010-3877 CVE-2010-3880 CVE-2010-4072 CVE-2010-4073
CVE-2010-4074 CVE-2010-4078 CVE-2010-4079 CVE-2010-4080
CVE-2010-4081 CVE-2010-4083 CVE-2010-4164
Debian Bug(s) :
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information leak.
The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2010-2963
Kees Cook discovered an issue in the v4l 32-bit compatibility layer for
64-bit systems that allows local users with /dev/video write permission to
overwrite arbitrary kernel memory, potentially leading to a privilege
escalation. On Debian systems, access to /dev/video devices is restricted to
members of the 'video' group by default.
CVE-2010-3067
Tavis Ormandy discovered an issue in the io_submit system call. Local
users can cause an integer overflow resulting in a denial of service.
CVE-2010-3296
Dan Rosenberg discovered an issue in the cxgb network driver that allows
unprivileged users to obtain the contents of sensitive kernel memory.
CVE-2010-3297
Dan Rosenberg discovered an issue in the eql network driver that allows
local users to obtain the contents of sensitive kernel memory.
CVE-2010-3310
Dan Rosenberg discovered an issue in the ROSE socket implementation. On
systems with a rose device, local users can cause a denial of service
(kernel memory corruption).
CVE-2010-3432
Thomas Dreibholz discovered an issue in the SCTP protocol that permits
a remote user to cause a denial of service (kernel panic).
CVE-2010-3437
Dan Rosenberg discovered an issue in the pktcdvd driver. Local users with
permission to open /dev/pktcdvd/control can obtain the contents of
sensitive kernel memory or cause a denial of service. By default on
Debian systems, this access is restricted to members of the group 'cdrom'.
CVE-2010-3442
Dan Rosenberg discovered an issue in the ALSA sound system. Local users
with permission to open /dev/snd/controlC0 can create an integer overflow
condition that causes a denial of service. By default on Debian systems,
this access is restricted to members of the group 'audio'.
CVE-2010-3448
Dan Jacobson reported an issue in the thinkpad-acpi driver. On certain
Thinkpad systems, local users can cause a denial of service (X.org crash)
by reading /proc/acpi/ibm/video.
CVE-2010-3477
Jeff Mahoney discovered an issue in the Traffic Policing (act_police)
module that allows local users to obtain the contents of sensitive kernel
memory.
CVE-2010-3705
Dan Rosenberg reported an issue in the HMAC processing code in the SCTP
protocol that allows remote users to create a denial of service (memory
corruption).
CVE-2010-3848
Nelson Elhage discovered an issue in the Econet protocol. Local users can
cause a stack overflow condition with large msg->msgiovlen values that
can result in a denial of service or privilege escalation.
CVE-2010-3849
Nelson Elhage discovered an issue in the Econet protocol. Local users can
cause a denial of service (oops) if a NULL remote addr value is passed
as a parameter to sendmsg().
CVE-2010-3850
Nelson Elhage of Ksplice discovered an issue in the Econet protocol. Local
users can assign econet addresses to arbitrary interfaces due to a missing
capabilities check.
CVE-2010-3858
Brad Spengler reported an issue in the setup_arg_pages() function. Due to
a bounds-checking failure, local users can create a denial of service
(kernel oops).
CVE-2010-3859
Dan Rosenberg reported an issue in the TIPC protocol. When the tipc
module is loaded, local users can gain elevated privileges via the
sendmsg() system call.
CVE-2010-3873
Dan Rosenberg reported an issue in the X.25 network protocol. Local users
can cause heap corruption, resulting in a denial of service (kernel panic).
CVE-2010-3874
Dan Rosenberg discovered an issue in the Control Area Network (CAN)
subsystem on 64-bit systems. Local users may be able to cause a denial of
service (heap corruption).
CVE-2010-3875
Vasiliy Kulikov discovered an issue in the AX.25 protocol. Local users
can obtain the contents of sensitive kernel memory.
CVE-2010-3876
Vasiliy Kulikov discovered an issue in the Packet protocol. Local users
can obtain the contents of sensitive kernel memory.
CVE-2010-3877
Vasiliy Kulikov discovered an issue in the TIPC protocol. Local users
can obtain the contents of sensitive kernel memory.
CVE-2010-3880
Nelson Elhage discovered an issue in the INET_DIAG subsystem. Local users
can cause the kernel to execute unaudited INET_DIAG bytecode, resulting
in a denial of service.
CVE-2010-4072
Kees Cook discovered an issue in the System V shared memory subsystem.
Local users can obtain the contents of sensitive kernel memory.
CVE-2010-4073
Dan Rosenberg discovered an issue in the System V shared memory subsystem.
Local users on 64-bit system can obtain the contents of sensitive kernel
memory via the 32-bit compatible semctl() system call.
CVE-2010-4074
Dan Rosenberg reported issues in the mos7720 and mos7840 drivers for USB
serial converter devices. Local users with access to these devices can
obtain the contents of sensitive kernel memory.
CVE-2010-4078
Dan Rosenberg reported an issue in the framebuffer driver for SiS graphics
chipesets (sisfb). Local users with access to the framebuffer device can
obtain the contents of sensitive kernel memory via the FBIOGET_VBLANK ioctl.
CVE-2010-4079
Dan Rosenberg reported an issue in the ivtvfb driver used for the
Hauppauge PVR-350 card. Local users with access to the framebuffer
device can obtain the contents of sensitive kernel memory via the
FBIOGET_VBLANK ioctl.
CVE-2010-4080
Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall
DSP audio devices. Local users with access to the audio device can
obtain the contents of sensitive kernel memory via the
SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl.
CVE-2010-4081
Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall
DSP MADI audio devices. Local users with access to the audio device can
obtain the contents of sensitive kernel memory via the
SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl.
CVE-2010-4083
Dan Rosenberg discovered an issue in the semctl system call. Local users
can obtain the contents of sensitive kernel memory through usage of the
semid_ds structure.
CVE-2010-4164
Dan Rosenberg discovered an issue in the X.25 network protocol. Remote users
can achieve a denial of service (infinite loop) by taking advantage of an
integer underflow in the facility parsing code.
For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-26lenny1.
We recommend that you upgrade your linux-2.6 and user-mode-linux
packages.
The following matrix lists additional source packages that were
rebuilt for compatibility with or to take advantage of this update:
Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+26lenny1
Upgrade instructions
--------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
--------------------------------
Stable updates are available for alpha, amd64, armel, hppa, i386, ia64, mipsel,
powerpc, and sparc. Updates for other architectures will be released as they
become available.
Source archives:
These files will probably be moved into the stable distribution on
its next update.
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
|