diff options
author | dann frazier <dannf@debian.org> | 2007-10-03 02:03:09 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2007-10-03 02:03:09 +0000 |
commit | d5a357e61c804f2c3a48bfce9327a1d9fb33149b (patch) | |
tree | c5856875c5d56be5b33af69dd9abab622d0768d3 /dsa-texts/2.6.18.dfsg.1-13etch4 | |
parent | 792fcaf84e719e4b9d7f5386ea3f316cf8afd6c3 (diff) |
new dsa text
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@985 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.18.dfsg.1-13etch4')
-rw-r--r-- | dsa-texts/2.6.18.dfsg.1-13etch4 | 162 |
1 files changed, 162 insertions, 0 deletions
diff --git a/dsa-texts/2.6.18.dfsg.1-13etch4 b/dsa-texts/2.6.18.dfsg.1-13etch4 new file mode 100644 index 000000000..6a5a2a163 --- /dev/null +++ b/dsa-texts/2.6.18.dfsg.1-13etch4 @@ -0,0 +1,162 @@ +-------------------------------------------------------------------------- +Debian Security Advisory DSA 1381-1 security@debian.org +http://www.debian.org/security/ Dann Frazier +October 2nd, 2007 http://www.debian.org/security/faq +-------------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : several +Problem-Type : local +Debian-specific: no +CVE ID : CVE-2006-5755 CVE-2007-4133 CVE-2007-4573 CVE-2007-5093 + +Several local vulnerabilities have been discovered in the Linux kernel +that may lead to a denial of service or the execution of arbitrary +code. The Common Vulnerabilities and Exposures project identifies the +following problems: + +CVE-2006-5755 + + The NT bit maybe leaked into the next task which can local attackers + to cause a Denial of Service (crash) on systems which run the 'amd64' + flavour kernel. The stable distribution ('etch') was not believed to + be vulnerable to this issue at the time of release, however Bastian + Blank discovered that this issue still applied to the 'xen-amd64' and + 'xen-vserver-amd64' flavours that is resolved by this DSA. + +CVE-2007-4133 + + Hugh Dickins discovered a potential local DoS (panic) in hugetlbfs. + A misconversion of hugetlb_vmtruncate_list to prio_tree may allow + local users to trigger a BUG_ON() call in exit_mmap. + +CVE-2007-4573 + + Wojciech Purczynski discovered a vulnerability that can be exploitd + by a local user to obtain superuser privileges on x86_64 systems. + This resulted from improper clearing of the high bits of registers + during ia32 system call emulation. This vulnerability is relevant + to the Debian amd64 port as well as users of the i386 port who run + the amd64 linux-image flavour. + + DSA-1378 resolved this problem for the 'amd64' flavour kernels, but + Tim Wickberg and Ralf HemmenstÃdt reported an outstanding issue with + the 'xen-amd64' and 'xen-vserver-amd64' issues that is resolved by + this DSA. + +CVE-2007-5093 + + Alex Smith discovered an issue with the pwc driver for certain webcam + devices. If the device is removed while a userspace application has it + open, the driver will wait for userspace to close the device, resulting + in a blocked USB subsystem. This issue is of low security impact as + it requires the attacker to either have physical access to the system + or to convince a user with local access to remove the device on their + behalf. + +These problems have been fixed in the stable distribution in version +2.6.18.dfsg.1-13etch4. + +At the time of this DSA, only the build for the amd64 architecture is +available. Due to the severity of the amd64-specific issues, we are +releasing an incomplete update. This advisory will be updated once +other architecture builds become available. + +We recommend that you upgrade your kernel package immediately and reboot +the machine. If you have built a custom kernel from the kernel source +package, you will need to rebuild to take advantage of these fixes. + +Upgrade Instructions +-------------------- + +wget url + will fetch the file for you +dpkg -i file.deb + will install the referenced file. + +If you are using the apt-get package manager, use the line for +sources.list as given below: + +apt-get update + will update the internal database +apt-get upgrade + will install corrected packages + +You may use an automated update by adding the resources from the +footer to the proper configuration. + + +Debian GNU/Linux 4.0 alias etch +-------------------------------- + + Source archives: + + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch4.dsc + Size/MD5 checksum: 5672 37f70bdc04b866a5dbcaa8f849be618a + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch4.diff.gz + Size/MD5 checksum: 5321790 7bc41f428b95ef6fe99361ca8854e6da + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz + Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 + + Architecture independent components: + + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch4_all.deb + Size/MD5 checksum: 3586640 3bd5240a2610896cc497c62eb88b155c + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch4_all.deb + Size/MD5 checksum: 1083674 f8c4bf0032e87733d2ee3f2f1f739f9d + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch4_all.deb + Size/MD5 checksum: 1499612 10c0c285c4183493633f2b29f6036d14 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-13etch4_all.deb + Size/MD5 checksum: 41419632 8ced68949f94c78c5fc992deebdf1c85 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-5_2.6.18.dfsg.1-13etch4_all.deb + Size/MD5 checksum: 3739000 f73b86b37f56ab817c341c43bd4cf8fe + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-13etch4_all.deb + Size/MD5 checksum: 51982 4593b4bbf1f423b1d6e426602243defd + + AMD64 architecture: + + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 3165218 4f4764c3aef1f9e11201852b94467850 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 51516 a90387023090038a122da75482b981fd + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-amd64_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 51542 cb132c34f0684e6a7b1facc9432ecca2 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 269088 d3d721166785a2acfc475b8a87eb7de0 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 3188578 58346ab81a8dae1bbff87412b9d071a8 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 269454 ef04a599ceb19d37a544cd6f95000138 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 3331732 8b0e214847656f1fb6b2d35396db36a7 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 269772 1d3f9740c35d4510c6612bb645b1ef79 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 3354462 30fce94ecaa6650c7eb3307e76ad47d9 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 270790 4cd241518cb91e87bbcc62c09117accc + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 16800532 5cd7846a71c94945df71cf67b3d9f254 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 16840344 d264466281d7596876f18427dc7dad37 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 1648548 ff22e2a8c3f269295231b2b24289a892 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 1679922 f7061df614029b187d6883902b2053b7 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 15239984 c8de0964da37ad0d13a7c0b1a8dbe927 + http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 15257046 7fbf51b2580cdf39314d5cae996f8059 + http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 51500 d813a622add08eb6ca03f118af21e6c0 + http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch4_amd64.deb + Size/MD5 checksum: 51514 9f3b1193357e2b448f653e3dd8cac1ac + + These files will probably be moved into the stable distribution on + its next update. + +--------------------------------------------------------------------------------- +For apt-get: deb http://security.debian.org/ etch/updates main +For dpkg-ftp: ftp://security.debian.org/debian-security dists/etch/updates/main +Mailing list: debian-security-announce@lists.debian.org +Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> |