1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
<title>Debian testing security team - Advisory</title>
<link type="text/css" rel="stylesheet" href="../style.css">
<link rel="shortcut icon" href="http://www.debian.org/favicon.ico">
</head>
<body>
<div align="center">
<a href="http://www.debian.org/">
<img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a>
<a href="http://www.debian.org/">
<img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a>
</div>
<br />
<table class="reddy" width="100%">
<tr>
<td class="reddy">
<img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0"
alt="" width="15" height="16"></td>
<td rowspan="2" class="reddy">Debian testing security team - Advisory</td>
<td class="reddy">
<img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0"
alt="" width="16" height="16"></td>
</tr>
<tr>
<td class="reddy">
<img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0"
alt="" width="16" height="16"></td>
<td class="reddy">
<img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0"
alt="" width="15" height="16"></td>
</tr>
</table>
<!-- header -->
<h2>DTSA-16-1</h2>
<dl>
<dt>Date Reported:</dt>
<dd>September 15, 2005</dd>
<dt>Affected Package:</dt>
<dd><a href='http://packages.debian.org/src:linux-2.6'>linux-2.6</a></dd>
<dt>Vulnerability:</dt>
<dd>several holes</dd>
<dt>Problem-Scope:</dt>
<dd>remote</dd>
<dt>Debian-specific:</dt>
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098'>CVE-2005-2098</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099'>CVE-2005-2099</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456'>CVE-2005-2456</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2617'>CVE-2005-2617</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1913'>CVE-2005-1913</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1761'>CVE-2005-1761</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2457'>CVE-2005-2457</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458'>CVE-2005-2458</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459'>CVE-2005-2459</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2548'>CVE-2005-2548</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2302'>CVE-2004-2302</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1765'>CVE-2005-1765</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1762'>CVE-2005-1762</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1761'>CVE-2005-1761</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2555'>CVE-2005-2555</a>
<br></dd>
<br><dt>More information:</dt>
<dd>Several security related problems have been found in version 2.6 of the <br>
linux kernel. The Common Vulnerabilities and Exposures project identifies <br>
the following problems: <br>
<br>
CVE-2004-2302 <br>
<br>
Race condition in the sysfs_read_file and sysfs_write_file functions in <br>
Linux kernel before 2.6.10 allows local users to read kernel memory and <br>
cause a denial of service (crash) via large offsets in sysfs files. <br>
<br>
CVE-2005-1761 <br>
<br>
Vulnerability in the Linux kernel allows local users to cause a <br>
denial of service (kernel crash) via ptrace. <br>
<br>
CVE-2005-1762 <br>
<br>
The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 <br>
platform allows local users to cause a denial of service (kernel crash) via <br>
a "non-canonical" address. <br>
<br>
CVE-2005-1765 <br>
<br>
syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when <br>
running in 32-bit compatibility mode, allows local users to cause a denial <br>
of service (kernel hang) via crafted arguments. <br>
<br>
CVE-2005-1913 <br>
<br>
When a non group-leader thread called exec() to execute a different program <br>
while an itimer was pending, the timer expiry would signal the old group <br>
leader task, which did not exist any more. This caused a kernel panic. <br>
<br>
CVE-2005-2098 <br>
<br>
The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before <br>
2.6.12.5 contains an error path that does not properly release the session <br>
management semaphore, which allows local users or remote attackers to cause <br>
a denial of service (semaphore hang) via a new session keyring (1) with an <br>
empty name string, (2) with a long name string, (3) with the key quota <br>
reached, or (4) ENOMEM. <br>
<br>
CVE-2005-2099 <br>
<br>
The Linux kernel before 2.6.12.5 does not properly destroy a keyring that <br>
is not instantiated properly, which allows local users or remote attackers <br>
to cause a denial of service (kernel oops) via a keyring with a payload <br>
that is not empty, which causes the creation to fail, leading to a null <br>
dereference in the keyring destructor. <br>
<br>
CVE-2005-2456 <br>
<br>
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c <br>
in Linux kernel 2.6 allows local users to cause a denial of service (oops <br>
or deadlock) and possibly execute arbitrary code via a p->dir value that is <br>
larger than XFRM_POLICY_OUT, which is used as an index in the <br>
sock->sk_policy array. <br>
<br>
CVE-2005-2457 <br>
<br>
The driver for compressed ISO file systems (zisofs) in the Linux kernel <br>
before 2.6.12.5 allows local users and remote attackers to cause a denial <br>
of service (kernel crash) via a crafted compressed ISO file system. <br>
<br>
CVE-2005-2458 <br>
<br>
inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows <br>
remote attackers to cause a denial of service (kernel crash) via a <br>
compressed file with "improper tables". <br>
<br>
CVE-2005-2459 <br>
<br>
The huft_build function in inflate.c in the zlib routines in the Linux <br>
kernel before 2.6.12.5 returns the wrong value, which allows remote <br>
attackers to cause a denial of service (kernel crash) via a certain <br>
compressed file that leads to a null pointer dereference, a different <br>
vulnerbility than CVE-2005-2458. <br>
<br>
CVE-2005-2548 <br>
<br>
vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a denial <br>
of service (kernel oops from null dereference) via certain UDP packets that <br>
lead to a function call with the wrong argument, as demonstrated using <br>
snmpwalk on snmpd. <br>
<br>
CVE-2005-2555 <br>
<br>
Linux kernel 2.6.x does not properly restrict socket policy access to users <br>
with the CAP_NET_ADMIN capability, which could allow local users to conduct <br>
unauthorized activities via (1) ipv4/ip_sockglue.c and (2) <br>
ipv6/ipv6_sockglue.c. <br>
<br>
CVE-2005-2617 <br>
<br>
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 <br>
and later, on the amd64 architecture, does not check the return value of <br>
the insert_vm_struct function, which allows local users to trigger a memory <br>
leak via a 32-bit application with crafted ELF headers. <br>
<br>
In addition this update fixes some security issues that have not been <br>
assigned CVE ids: <br>
<br>
- Fix DST leak in icmp_push_reply(). Possible remote DoS? <br>
<br>
- NPTL signal delivery deadlock fix; possible local DoS. <br>
<br>
- fix a memory leak in devices seq_file implementation; local DoS. <br>
<br>
- Fix SKB leak in ip6_input_finish(); local DoS. <br>
</dd>
<br><dt>For the testing distribution (etch) this is fixed in version 2.6.12-6</dt>
<dt>For the unstable distribution (sid) this is fixed in version 2.6.12-6</dt>
</dl>
<p>
The Debian testing security team does not track security issues for the
stable (sarge) and oldstable (woody) distributions. If stable is vulnerable,
the Debian security team will make an announcement once a fix is ready.
</p>
<p>
Your system does not need to be configured to use the Debian testing security
archive to install this update. The fixed kernel packages are available
in the regular Debian testing archive.
</p>
<p>
To install the update, first run this command as root:
</p>
<p>
apt-get update
</p>
<p>
Next, install an appropriate kernel package for your architecture and
machine. The following kernel will work for all i386 machines:
</p>
<p>
apt-get install linux-image-2.6-386
</p>
<p>
However, you may prefer to install an optimised kernel for your machine:
</p>
<p>
apt-get install linux-image-2.6-686<br>
apt-get install linux-image-2.6-686-smp<br>
apt-get install linux-image-2.6-k7<br>
apt-get install linux-image-2.6-k7-smp<br>
</p>
<p>
For the amd64 architecture, chose one of these kernels:
</p>
<p>
apt-get install linux-image-2.6-amd64-generic<br>
apt-get install linux-image-2.6-amd64-k8<br>
apt-get install linux-image-2.6-amd64-k8-smp<br>
</p>
<p>
For the powerpc architecture, choose one of these kernels:
</p>
<p>
apt-get install linux-image-2.6-powerpc<br>
apt-get install linux-image-2.6-powerpc-smp<br>
apt-get install linux-image-2.6-powerpc64<br>
</p>
<p>
For the sparc architecture, choose one of these kernels:
</p>
<p>
apt-get install linux-image-2.6-sparc64<br>
apt-get install linux-image-2.6-sparc64-smp<br>
</p>
<p>
(Note that users of 32 bit sparc systems are no longer supported by the
2.6 kernel.)
</p>
<p>
For the alpha architecture, choose one of these kernels:
</p>
<p>
apt-get install linux-image-2.6-alpha-generic<br>
apt-get install linux-image-2.6-alpha-smp<br>
</p>
<p>
For the ia64 architecture, choose one of these kernels:
</p>
<p>
apt-get install linux-image-2.6-itanium<br>
apt-get install linux-image-2.6-itanium-smp<br>
apt-get install linux-image-2.6-mckinley<br>
apt-get install linux-image-2.6-mckinley-smp<br>
</p>
<p>
For the hppa architecture, choose one of these kernels:
</p>
<p>
apt-get install linux-image-2.6-parisc<br>
apt-get install linux-image-2.6-parisc-smp<br>
apt-get install linux-image-2.6-parisc64<br>
apt-get install linux-image-2.6-parisc64-smp<br>
</p>
<p>
For the s390 architecture, choose one of these kernels:
</p>
<p>
apt-get install linux-image-2.6-s390<br>
apt-get install linux-image-2.6-s390x<br>
</p>
<p>
For the arm architecture, choose one of these kernels:
</p>
<p>
apt-get install linux-image-2.6-footbridge<br>
apt-get install linux-image-2.6-ixp4xx<br>
apt-get install linux-image-2.6-rpc<br>
apt-get install linux-image-2.6-s3c2410<br>
</p>
<p>
For the m68k architecture, choose one of these kernels:
</p>
<p>
apt-get install linux-image-2.6-amiga<br>
apt-get install linux-image-2.6-atari<br>
apt-get install linux-image-2.6-bvme6000<br>
apt-get install linux-image-2.6-hp<br>
apt-get install linux-image-2.6-mac<br>
apt-get install linux-image-2.6-mvme147<br>
apt-get install linux-image-2.6-mvme16x<br>
apt-get install linux-image-2.6-q40<br>
apt-get install linux-image-2.6-sun3<br>
</p>
<p>
Updated kernels are not yet available for the mips and mipsel
architectures.
</p>
<p>
Note that you may also need to upgrade third-party modules that are not
included in the kernel package.
</p>
<p>
Finally, reboot the system, taking care to boot the new 2.6.12 kernel with
your bootloader.
<br>
<!-- footer -->
<hr>
<a href="http://validator.w3.org/check?uri=referer">
<img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a>
<a href="http://jigsaw.w3.org/css-validator/check/referer">
<img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!"
height="31" width="88"></a>
</body></html>
|
