on Mon, Apr 16, 2001 at 02:08:20AM +0200, Wichert Akkerman ([EMAIL PROTECTED]) wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > - ------------------------------------------------------------------------ > Debian Security Advisory DSA-047-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Wichert Akkerman > April 16, 2001 > - ------------------------------------------------------------------------ > > > Package : various kernel packages > Problem type : multiple > Debian-specific: no > > The kernels used in Debian GNU/Linux 2.2 have been found to have > multiple security problems. This is a list of problems based > on the 2.2.19 release notes as found on http://www.linux.org.uk/ : > > * binfmt_misc used user pages directly > * the CPIA driver had an off-by-one error in the buffer code which made > it possible for users to write into kernel memory > * the CPUID and MSR drivers had a problem in the module unloading code > which could case a system crash if they were set to automatically load > and unload (please note that Debian does not automatically unload kernel > modules) > * There was a possible hang in the classifier code > * The getsockopt and setsockopt system calls did not handle sign bits > correctly which made a local DoS and other attacks possible > * The sysctl system call did not handle sign bits correctly which allowed > a user to write in kernel memory > * ptrace/exec races that could give a local user extra privileges > * possible abuse of a boundary case in the sockfilter code > * SYSV shared memory code could overwrite recently freed memory which might > cause problems > * The packet length checks in the masquerading code were a bit lax > (probably not exploitable) > * Some x86 assembly bugs caused the wrong number of bytes to be copied. > * A local user could deadlock the kernel due to bugs in the UDP port > allocation. > > All these problems are fixed in the 2.2.19 kernel, and it is highly > recommend that you upgrade machines to this kernel.
Does anyone know: - If these problems effected other 2.2.x kernels? - If they effected user-compiled kernels? Thanks. Cheers. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
pgpyv38l3jQZH.pgp
Description: PGP signature
