[Full-disclosure] [SECURITY] [DSA 2766-1] linux-2.6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2766-1secur...@debian.org http://www.debian.org/security/ Dann Frazier September 27, 2013 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2013-2141 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2239 CVE-2013-2851 CVE-2013-2852 CVE-2013-2888 CVE-2013-2892 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2141 Emese Revfy provided a fix for an information leak in the tkill and tgkill system calls. A local user on a 64-bit system maybe able to gain access to sensitive memory contents. CVE-2013-2164 Jonathan Salwan reported an information leak in the CD-ROM driver. A local user on a system with a malfunctioning CD-ROM drive could gain access to sensitive memory. CVE-2013-2206 Karl Heiss reported an issue in the Linux SCTP implementation. A remote user could cause a denial of service (system crash). CVE-2013-2232 Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6 subsystem. Local users could cause a denial of service by using an AF_INET6 socket to connect to an IPv4 destination. CVE-2013-2234 Mathias Krause reported a memory leak in the implementation of PF_KEYv2 sockets. Local users could gain access to sensitive kernel memory. CVE-2013-2237 Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2 sockets. Local users could gain access to sensitive kernel memory. CVE-2013-2239 Jonathan Salwan discovered multiple memory leaks in the openvz kernel flavor. Local users could gain access to sensitive kernel memory. CVE-2013-2851 Kees Cook reported an issue in the block subsystem. Local users with uid 0 could gain elevated ring 0 privileges. This is only a security issue for certain specially configured systems. CVE-2013-2852 Kees Cook reported an issue in the b43 network driver for certain Broadcom wireless devices. Local users with uid 0 could gain elevated ring 0 privileges. This is only a security issue for certain specially configured systems. CVE-2013-2888 Kees Cook reported an issue in the HID driver subsystem. A local user, with the ability to attach a device, could cause a denial of service (system crash). CVE-2013-2892 Kees Cook reported an issue in the pantherlord HID device driver. Local users with the ability to attach a device could cause a denial of service or possibly gain elevated privileges. For the oldstable distribution (squeeze), this problem has been fixed in version 2.6.32-48squeeze4. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+48squeeze4 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSRhLtAAoJEBv4PF5U/IZA18oP/jpZRZu3XXN7t4GOLeH94vgg OyKwG+EyltAjYAq4XfCjUens5SfH8BylfXITpEkq2d2AWVI/K2fsuStpDbeHLtPo p1+x3s1xQynxQLPrnqZlOqs58iHEnKF/A9NyJHu/rAO1iA24B8hcNGPTWEL6007Z MWqJ0avaTXtgvOk/jRumR3qVlW0fskK5uS9lIVRX/S2WWQ2LPLwJ9URLV6YGeoi5 gyMGCMgkqiMQsGt4CTCoLjk26R/W70ed138088sZOMqHxaMlAImDClOMpnD9i/2g XQ9mP0htmcyCdDB6I2H4QCQ6+YzAi424EL2j5b4ZX4NMjHs0sUYNfYWY/mRyg2kB o6GI+ZRXl7N02nZw6ugFU/HTk7J2IVFbtYUf7KclJR74QkcKTSFxTOKZQp4ElZU2 gvdL4764JK8IfW0dk+jK7uzENWfu+U1JT8t+Ta8iuLKf+dx7BDT8uX9ebfSELJxo 5RX1OdmUcgIJsRxngPkr79QGIV13s1G/Af3dFqDGjCeOqlKS96OuatpkA45hwjEr LSKoVRX63zePo8Ru7NH6OLNI37RGCxHOwGO5Xu0lOR7NAizQ2afvcDnKfAh7DV9D Pg
[Full-disclosure] [SECURITY] [DSA 2745-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2745-1secur...@debian.org http://www.debian.org/security/ Dann Frazier August 28, 2013 http://www.debian.org/security/faq - -- Package: linux Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2013-1059 CVE-2013-2148 CVE-2013-2164 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2851 CVE-2013-2852 CVE-2013-4162 CVE-2013-4163 Debian Bug : 701744 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1059 Chanam Park reported an issue in the Ceph distributed storage system. Remote users can cause a denial of service by sending a specially crafted auth_reply message. CVE-2013-2148 Dan Carpenter reported an information leak in the filesystem wide access notification subsystem (fanotify). Local users could gain access to sensitive kernel memory. CVE-2013-2164 Jonathan Salwan reported an information leak in the CD-ROM driver. A local user on a system with a malfunctioning CD-ROM drive could gain access to sensitive memory. CVE-2013-2232 Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6 subsystem. Local users could cause a denial of service by using an AF_INET6 socket to connect to an IPv4 destination. CVE-2013-2234 Mathias Krause reported a memory leak in the implementation of PF_KEYv2 sockets. Local users could gain access to sensitive kernel memory. CVE-2013-2237 Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2 sockets. Local users could gain access to sensitive kernel memory. CVE-2013-2851 Kees Cook reported an issue in the block subsystem. Local users with uid 0 could gain elevated ring 0 privileges. This is only a security issue for certain specially configured systems. CVE-2013-2852 Kees Cook reported an issue in the b43 network driver for certain Broadcom wireless devices. Local users with uid 0 could gain elevated ring 0 privileges. This is only a security issue for certain specially configured systems. CVE-2013-4162 Hannes Frederic Sowa reported an issue in the IPv6 networking subsystem. Local users can cause a denial of service (system crash). CVE-2013-4163 Dave Jones reported an issue in the IPv6 networking subsystem. Local users can cause a denial of service (system crash). This update also includes a fix for a regression in the Xen subsystem. For the stable distribution (wheezy), these problems has been fixed in version 3.2.46-1+deb7u1. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 7.0 (wheezy) user-mode-linux 3.2-2um-1+deb7u2 We recommend that you upgrade your linux and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSHqwmAAoJEBv4PF5U/IZAeWAP/2JqPMgJJ57Jbl37/5K7OKUP +aMeKi4Rg7lz1nEu+0L6g5+FI+bBH4QKvxQtVeODniUBbsMGeTqcJuYi1aRo7Dkk 7/eGLdwkqBoEQ3aezSTx9l09VWJVaTmVUoX3Zpp9A0Gqzgdf/DhiMC2os7bDKIVx gMvG97jTnD5irwsur3w9r27e3VQTtL5PU5TtG9Wm4K8jaKMhphMSZ6UCJj2kcot6 fJ2jzNF9AE+mor8WHWWXllp+b/kqP1mb3w06qkb7vN46RhEoYqGB7ey3n82V62pl /oArzFS9tO3YBewqoY/8TvLnIaefrJ4UhlO++icQxZ0yElrXdQYvLodS88MYOuXe CrIeCBwAF8cE9rfXKlwejh4hB7aRTXeq4vcrk2gN5daYL1ks5qVfouo79RYlGavX o1QZ0awt3qdv30O8dlyJt+MMVZ+W+plcoDbQ+h+YrOnblViZDXsxOVk1pwKvsxDy DKW7OOobh7RqJIQVg6LVq5O3JSRmb8RIWcKf8IxcamgG4ZJTcBeh5Zhv7CvhcnEd vC2qYxUypzxYyB3f4R6U9X/PbgjHJZcsD5XgAEPso8izv2qDp16RnDPFlFMpX4bA tKDnRnV6luYNgJlJZ91v2b4wEOTVG+mfpQCQrRT3THoA7aOJs7N6Jy7V2BuwfLTY ytYGfnxtbQQE3fQupyOy =EtQ/ -END PGP SIGNATURE- ___ Full-Disclosure -
[Full-disclosure] [SECURITY] [DSA 2669-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2669-1secur...@debian.org http://www.debian.org/security/ Dann Frazier May 15, 2013http://www.debian.org/security/faq - -- Package: linux Vulnerability : privilege escalation/denial of service/information leak Problem type : local Debian-specific: no CVE Id(s) : CVE-2013-0160 CVE-2013-1796 CVE-2013-1929 CVE-2013-1979 CVE-2013-2015 CVE-2013-2094 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234 CVE-2013-3235 CVE-2013-3301 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0160 vladz reported a timing leak with the /dev/ptmx character device. A local user could use this to determine sensitive information such as password length. CVE-2013-1796 Andrew Honig of Google reported an issue in the KVM subsystem. A user in a guest operating system could corrupt kernel memory, resulting in a denial of service. CVE-2013-1929 Oded Horovitz and Brad Spengler reported an issue in the device driver for Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach untrusted devices can create an overflow condition, resulting in a denial of service or elevated privileges. CVE-2013-1979 Andy Lutomirski reported an issue in the socket level control message processing subsystem. Local users maybe able to gain eleveated privileges. CVE-2013-2015 Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local users with the ability to mount a specially crafted filesystem can cause a denial of service (infinite loop). CVE-2013-2094 Tommie Rantala discovered an issue in the perf subsystem. An out-of-bounds access vulnerability allows local users to gain elevated privileges. CVE-2013-3076 Mathias Krauss discovered an issue in the userspace interface for hash algorithms. Local users can gain access to sensitive kernel memory. CVE-2013-3222 Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM) protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3223 Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3224 Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users can gain access to sensitive kernel memory. CVE-2013-3225 Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3227 Mathias Krauss discovered an issue in the Communication CPU to Application CPU Interface (CAIF). Local users can gain access to sensitive kernel memory. CVE-2013-3228 Mathias Krauss discovered an issue in the IrDA (infrared) subsystem support. Local users can gain access to sensitive kernel memory. CVE-2013-3229 Mathias Krauss discovered an issue in the IUCV support on s390 systems. Local users can gain access to sensitive kernel memory. CVE-2013-3231 Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2 protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3234 Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose) protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3235 Mathias Krauss discovered an issue in the Transparent Inter Process Communication (TIPC) protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3301 Namhyung Kim reported an issue in the tracing subsystem. A privileged local user could cause a denial of service (system crash). This vulnerabililty is not applicable to Debian systems by default. For the stable distribution (wheezy), this problem has been fixed in version 3.2.41-2+deb7u1. Note: Updates are currently available for the amd64, i386, ia64, s390, s390x and sparc architectures. Updates for the remaining architectures will be released as they become available. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 7.0 (wheezy) user-mode-linux 3.2-2um-1+deb7u1 We recommend that you upgrade your linux and user-mode-linux packages. Note: D
[Full-disclosure] [SECURITY] [DSA 2668-1] linux-2.6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2668-1secur...@debian.org http://www.debian.org/security/ Dann Frazier May 14, 2013http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-4508 CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542 CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6548 CVE-2012-6549 CVE-2013-0349 CVE-2013-0914 CVE-2013-1767 CVE-2013-1773 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796 CVE-2013-1798 CVE-2013-1826 CVE-2013-1860 CVE-2013-1928 CVE-2013-1929 CVE-2013-2015 CVE-2013-2634 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234 CVE-2013-3235 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2121 Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU mapping of memory slots used in KVM device assignment. Local users with the ability to assign devices could cause a denial of service due to a memory page leak. CVE-2012-3552 Hafid Lin reported an issue in the IP networking subsystem. A remote user can cause a denial of service (system crash) on servers running applications that set options on sockets which are actively being processed. CVE-2012-4461 Jon Howell reported a denial of service issue in the KVM subsystem. On systems that do not support the XSAVE feature, local users with access to the /dev/kvm interface can cause a system crash. CVE-2012-4508 Dmitry Monakhov and Theodore Ts'o reported a race condition in the ext4 filesystem. Local users could gain access to sensitive kernel memory. CVE-2012-6537 Mathias Krause discovered information leak issues in the Transformation user configuration interface. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2012-6539 Mathias Krause discovered an issue in the networking subsystem. Local users on 64-bit systems can gain access to sensitive kernel memory. CVE-2012-6540 Mathias Krause discovered an issue in the Linux virtual server subsystem. Local users can gain access to sensitive kernel memory. Note: this issue does not affect Debian provided kernels, but may affect custom kernels built from Debian's linux-source-2.6.32 package. CVE-2012-6542 Mathias Krause discovered an issue in the LLC protocol support code. Local users can gain access to sensitive kernel memory. CVE-2012-6544 Mathias Krause discovered issues in the Bluetooth subsystem. Local users can gain access to sensitive kernel memory. CVE-2012-6545 Mathias Krause discovered issues in the Bluetooth RFCOMM protocol support. Local users can gain access to sensitive kernel memory. CVE-2012-6546 Mathias Krause discovered issues in the ATM networking support. Local users can gain access to sensitive kernel memory. CVE-2012-6548 Mathias Krause discovered an issue in the UDF file system support. Local users can obtain access to sensitive kernel memory. CVE-2012-6549 Mathias Krause discovered an issue in the isofs file system support. Local users can obtain access to sensitive kernel memory. CVE-2013-0349 Anderson Lizardo discovered an issue in the Bluetooth Human Interface Device Protocol (HIDP) stack. Local users can obtain access to sensitive kernel memory. CVE-2013-0914 Emese Revfy discovered an issue in the signal implementation. Local users maybe able to bypass the address space layout randomization (ASLR) facility due to a leaking of information to child processes. CVE-2013-1767 Greg Thelen reported an issue in the tmpfs virtual memory filesystem. Local users with sufficient privilege to mount filesystems can cause a denial of service or possibly elevated privileges due to a use-after- free defect. CVE-2013-1773 Alan Stern provided a fix for a defect in the UTF8->UTF16 string conversion facility used by the VFAT filesystem. A local user could cause a buffer overflow condition, resulting in a denial of service or potentially elevated privileges. CVE-2013-1774 Wolfgang Frisch provided a fix for a NULL-pointer dereference defect in the driver for some serial USB
[Full-disclosure] [SECURITY] [DSA 2632-1] linux-2.6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2632-1secur...@debian.org http://www.debian.org/security/ Dann Frazier February 25, 2013 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2013-0231 CVE-2013-0871 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0231 Jan Beulich provided a fix for an issue in the Xen PCI backend drivers. Users of guests on a system using passed-through PCI devices can create a denial of service of the host system due to the use of non-ratelimited kernel log messages. CVE-2013-0871 Suleiman Souhlal and Salman Qazi of Google, with help from Aaron Durbin and Michael Davidson of Google, discovered an issue in the ptrace subsystem. Due to a race condition with PTRACE_SETREGS, local users can cause kernel stack corruption and execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-48squeeze1. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+48squeeze1 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Thanks to Micah Anderson for proof reading this text. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJRLBVjAAoJEBv4PF5U/IZAu4kP/jZv5pYzgQxM89D3a2GKaaSk qZV9IHYItKaX2rWURo0vjilp0WZVASCgPX9YB3J+oTxZeMboeRVVllLIwW2L+V0B zGeQeCZM6YJmc32sGRX+8JNjdeLioDK0vTSzwhUVVJHgO7mYCuWxn8nv2edyyYYL M0qjAuwZQMuGuDeF8vH5Ef2wNibZeMavqq33OQWr7Yi32hNJdgSzojwQ4lSv81U1 YR+lMJFLnPL9BMUY4kNrGJ4eYxr5rpI4FKEItp0zPsOaskU7zIiV0oWOthUM7sk3 ljagXj/3w/a6dUqH3anAYEB7gU1wwQmHwtbQTnBGnFVgTY+P26FVWq3XEy80Fb0u K2f5OHi6ChGFXRZmprhjRq/LxlkFLWO/YUtEFpudu2qTesSq9FXRQzfRWD1FLTxS +t6RbyAEKpCdakVGjIM7zzEo6XzVC5iZBWa15c8rthuJmJtC9zvwEQTx4pVnxwNo aCqih+BbmJCZWPjDV4Csw61oRh9bDHZrvGqyw1aPrZmefeJ0VvGiwRE9Hf607Aby 2fenrRULteAvZfASZx7IuFaoXT90MKRJMb+Ha2pUyG5dt6t1xU2IQf/NZ+ib/8nl R1LxICNeHbSkcesbtWVfs11zE88FYikK/h2ZbCtF6jalUSQvIpLFDmYpKRlChUQA 4WsJP7RDW9NNCcsAwuxG =7Aaz -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2469-1] linux-2.6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2469-1secur...@debian.org http://www.debian.org/security/ Dann Frazier May 10, 2012http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2011-4086 CVE-2012-0879 CVE-2012-1601 CVE-2012-2123 CVE-2012-2133 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4086 Eric Sandeen reported an issue in the journaling layer for EXT4 filesystems (jbd2). Local users can cause buffers to be accessed after they have been torn down, resulting in a denial of service (DoS) due to a system crash. CVE-2012-0879 Louis Rilling reported two reference counting issues in the CLONE_IO feature of the kernel. Local users can prevent io context structures from being freed, resulting in a denial of service. CVE-2012-1601 Michael Ellerman reported an issue in the KVM subsystem. Local users could cause a denial of service (NULL pointer dereference) by creating VCPUs before a call to KVM_CREATE_IRQCHIP. CVE-2012-2123 Steve Grubb reported in an issue in fcaps, a filesystem-based capabilities system. Personality flags set using this mechanism, such as the disabling of address space randomization, may persist across suid calls. CVE-2012-2133 Shachar Raindel discovered a use-after-free bug in the hugepages quota implementation. Local users with permission to use hugepages via the hugetlbfs implementation may be able to cause a denial of service (system crash). For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-44. Updates are currently only available for the amd64, i386 and sparc ports. NOTE: Updated linux-2.6 packages will also be made available in the release of Debian 6.0.5, scheduled to take place the weekend of 2012.05.12. This pending update will be version 2.6.32-45, and provides an additional fix for build failures on some architectures. Users for whom this update is not critical, and who may wish to avoid multiple reboots, should consider waiting for the 6.0.5 release before updating, or installing the 2.6.32-45 version ahead of time from proposed-updates. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+44 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPq+L0AAoJEBv4PF5U/IZAif4P/37pRiZO/yTy5yZfIUUJFc25 THOrPGJfioLuFocGgd84+3YdC1tIPR4mFZLJbYWVmpD94x9d13Pdowt5kyaofmye UYGl6Z5RPYQuwY1W4dFq29wEpcte1kwFXqmiCr14uEx6H0T2FAzvgN9YjTtQCt9t r/6gkjn0NfzLnhVlER6RjMJGABW1hTUf9lME1urUCD/D8hBJwP5snjCFxjZgbeHt NNp1vOV7pkj8DTKmSlCpmQFm1QpPM9Ix+4tCvmBG5S2pKDWtQ0O9oZlk0/e9grMU CDUxtQy95NfSX2vIcHyNv8fwVMjtu6PxsgQPU/x6H7MPcn45Ys8Yf0ztmYilltAc HNCswIF1hH62DOssX46JlTjcRhtNGOuGEyvzqL0sQyLbJB7xNuqQ7jYpGVyXuWCY zAyN2OzgTeMoLzly+ZRT/m8lHh58WCXPC5lNtgU0ICxmdwudTEYa1J2HOaCvPWwd Lki/t2c4Zv8Cs0o1BFd1OYwgTetOa2hFxAX61+Hr2TKeIayBgruX/VWZmd/m6S0v fR+5JwiiRxh7YXLgTOZf+4rBeYHi/XBmcKMOiB/RQYUnq1+kWH46kOowqq2WbaTN SBFTCxQNI1rwjdJ4YrL5NwOixzCwypp4MYzhw58/+pLsuUfpUqBp88GRkiS2DqNm rGAnURG2dPbD6A/7UiVE =ztHh -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2443-1] linux-2.6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2443-1secur...@debian.org http://www.debian.org/security/ Dann Frazier March 26, 2012 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2009-4307 CVE-2011-1833 CVE-2011-4347 CVE-2012-0045 CVE-2012-1090 CVE-2012-1097 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4307 Nageswara R Sastry reported an issue in the ext4 filesystem. Local users with the privileges to mount a filesystem can cause a denial of service (BUG) by providing a s_log_groups_per_flex value greater than 31. CVE-2011-1833 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered an information leak in the eCryptfs filesystem. Local users were able to mount arbitrary directories. CVE-2011-4347 Sasha Levin reported an issue in the device assignment functionality in KVM. Local users with permission to access /dev/kvm could assign unused pci devices to a guest and cause a denial of service (crash). CVE-2012-0045 Stephan Barwolf reported an issue in KVM. Local users in a 32-bit guest running on a 64-bit system can crash the guest with a syscall instruction. CVE-2012-1090 CAI Qian reported an issue in the CIFS filesystem. A reference count leak can occur during the lookup of special files, resulting in a denial of service (oops) on umount. CVE-2012-1097 H. Peter Anvin reported an issue in the regset infrastructure. Local users can cause a denial of service (NULL pointer dereference) by triggering the write methods of readonly regsets. For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-41squeeze2. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+41squeeze2 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Thanks to Micah Anderson for proof reading this text. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJPcQrKAAoJEBv4PF5U/IZAk8gP/3h2aMieT/brr09ExUnI1JQY 5GFYvlKrDJoL+G84NkwNldJKZ5vFm5MAsbpbFCdV9pDvpq4q0wfzjA2CwINmItLI QVwBSqbwXgBytngERabQr20wEaXVnHZP7tPZlEkVHOejRZOcamUncptiIFgSuaH0 ILYdriM35A6QID5evUXiBK56yBQAa8I+qJ1qH+V/ezEJY/bdrcIfWUFU8bdizcFy G+Y4lH/5ls6XaZfDC1rLCEBhWu448gL4OilkgJ3LeffsShnXUaSheAOU3TulzZPQ F5p0IhpXQ8LoVIl8N6JY/6p53M7qWuiIF9saoriJzDSqJaftHrJ/Ka73Ps5i+8zK wANNIhYAM8tK8Fnr4EIU2uYmJHSuCbBnqe0VPfcJdUJQ4q9M8N9w5nkAboPOmIS1 ULzOeznSPNoxPozNrIfi6Xr2jQaUzsjo4Ths4XtC1PuDk78Ci2C/Gfn2x7B+ye+6 TO/2oQiJ2rnp8SWQ9hOMi5Oc3YDE+v324n7on6vX97zpexnblntSj9FdMbgOnQCg 452VpkgtOdgpUeBIt304n2McsB+Uqsyg6Rkop1KsijW6uW3JRFhkSvYz2Ag0Qcz6 1P9W5Y+HLbg41REUyExrGTw7mPNtxZaRhfu1fAHLX1DqAijlwArrvtnyq6SudHNL BrZnJUyot/f3smdFF5xD =gjmU -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA-2393-1] bip security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2393-1 secur...@debian.org http://www.debian.org/security/ dann frazier January 25, 2012 http://www.debian.org/security/faq - - Package: bip Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2012-0806 Debian Bug : 657217 Julien Tinnes reported a buffer overflow in the bip multiuser irc proxy which may allow arbitrary code execution by remote users. The oldstable distribution (lenny) is not affected by this problem. For the stable distribution (squeeze), this problem has been fixed in version 0.8.2-1squeeze4. For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your bip packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPICWGAAoJEBv4PF5U/IZAAEoP/iOr/SSzKlqTOt+UBuf/gTKi XFPJyj1oGqn4vmEltdxkjkLyEzV9t+dR9GswJLZr7OmYXMthF9+L8jQ8+27fu+lN ovVNQ27TYVYXCcAYqSGYlOXqM34Lelgiz4sjkbJ+1pr+lPlwUepNA1M0w7C2ZyZ1 JBDZegYWuDC7Y0GwerwJY5HWWntDxe13TrpgCcaeoo7GTQHeh2sHGdcWJsj1LfTa Dv8Im0tgCLhEsYCM/QWRV9eRZdBDzNTzfmbT7B22rMA/elKFFq6ZDn5P7YEVzPsV WIKpJorWSp0LP1lt/AzussOLqHXy2B5YXqpQGSsM+TLruKuOqSBvkZx5uRgBXVMA d8jMKCnofBtmV6AistiSE0bE/55nsVyvFG2w7Fmau69NnDZHzP+wM+oT1xi8CY7h GwHSOmx33Suan1ZPvxZqguRYyVU6dPvYfsal7qD+Tbiu0NqCI75xdjJZLPN1OLsr gtkQEjl6p9hPYBL47lcCpmJuy4JExIz9Qb2EF2y5h0Px0KnTaxehMgno0oslIllc DU1Fl+CluE2vF/XNgoPN8v83K0pPueaq9ODn03gshq8cqSUOrnd9ROGu7FncHrk/ qpDhcgAdoCOOY0fQEi+23Oyrq8npKvONxh0NKKkv1mf+sEG5U7Nn3qDtMNrMmTmf H5u7r6FWJveDt/AXwaV2 =LEek -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2389-1] linux-2.6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2389-1secur...@debian.org http://www.debian.org/security/ Dann Frazier January 15, 2012http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2011-2183 CVE-2011-2213 CVE-2011-2898 CVE-2011-3353 CVE-2011-4077 CVE-2011-4110 CVE-2011-4127 CVE-2011-4611 CVE-2011-4622 CVE-2011-4914 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2183 Andrea Righi reported an issue in KSM, a memory-saving de-duplication feature. By exploiting a race with exiting tasks, local users can cause a kernel oops, resulting in a denial of service. CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop. CVE-2011-2898 Eric Dumazet reported an information leak in the raw packet socket implementation. CVE-2011-3353 Han-Wen Nienhuys reported a local denial of service issue issue in the FUSE (Filesystem in Userspace) support in the linux kernel. Local users could cause a buffer overflow, leading to a kernel oops and resulting in a denial of service. CVE-2011-4077 Carlos Maiolino reported an issue in the XFS filesystem. A local user with the ability to mount a filesystem could corrupt memory resulting in a denial of service or possibly gain elevated privileges. CVE-2011-4110 David Howells reported an issue in the kernel's access key retention system which allow local users to cause a kernel oops leading to a denial of service. CVE-2011-4127 Paolo Bonzini of Red Hat reported an issue in the ioctl passthrough support for SCSI devices. Users with permission to access restricted portions of a device (e.g. a partition or a logical volume) can obtain access to the entire device by way of the SG_IO ioctl. This could be exploited by a local user or privileged VM guest to achieve a privilege escalation. CVE-2011-4611 Maynard Johnson reported an issue with the perf support on POWER7 systems that allows local users to cause a denial of service. CVE-2011-4622 Jan Kiszka reported an issue in the KVM PIT timer support. Local users with the permission to use KVM can cause a denial of service by starting a PIT timer without first setting up the irqchip. CVE-2011-4914 Ben Hutchings reported various bounds checking issues within the ROSE protocol support in the kernel. Remote users could possibly use this to gain access to sensitive memory or cause a denial of service. For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-39squeeze1. Updates for issues impacting the oldstable distribution (lenny) will be available soon. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+39squeeze1 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPEz16AAoJEBv4PF5U/IZAgUYP/0vzIc/bZJ1WTirzoElrzXpL VSN+apE3WHyjHyVzEEncKgXM3HglNjhs+HXlaiWFQsa6bDuzHB3R4GMaj+uUt6jC jLIVWiuPn3EWGUTRKA2wNtqMYl+nKAU2uYCo0aXV5WXii9rr3GBqxjShsgkE8Ak3 X4s25KePGwNF0dU9gg6ylhv97gtyilp1rDhiIOgJcSkY2Mi93E4+p030cwZlxnKB Mm5Pr94K6JASyIbBEILLZDEc6qJilkoem81b8Pds2O9FagGbTd9QfwwaEwwUUqZp fXbEHtd+9tvz3db5VFrp48UmV7Oi9lx30kW5h3tdV0R0P15W8QFaIxvwwuLNtcnL rYK0mF4pqJS9x5aA+vzZSxsETcFCa7NzE468mt8RF4d5kXjd1hGZ/8w3QYlYp95c wg1fIbNe3ChdypT3XxmkUDKyzMHPzjyxCoyEg3SQBDn8wJqrQ1SvUB3aBfv/7ju6 6gNEqoyrcMXrnChWDzz8Fc2fXLHMv1w3wNFchl2GSCkP2SpapvqPF/N55FhM/eZd TI1iOnHUFMgAyLcWFDav3yePQSh+SmMF4jftjFuc+XBgZvalTIbiPdUsQ7/AJmdg PnQwFULq8kV7zrsBYaK97hjgH83k73IGa40WrIfs1dX+2bCccnIFYFqMrCYQUNVW 2FCy34dWqbQlEpgRK0Az =rgcP -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -
[Full-disclosure] [SECURITY] [DSA 2310-1] linux-2.6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2310-1 secur...@debian.org http://www.debian.org/security/ dann frazier September 22, 2011 http://www.debian.org/security/faq - - Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2009-4067 CVE-2011-0712 CVE-2011-1020 CVE-2011-2209 CVE-2011-2211 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2525 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191 Debian Bug : 633738 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4067 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for Auerswald PBX/System Telephone USB devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device. CVE-2011-0712 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq module, a USB driver for Native Instruments USB audio devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device. CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. CVE-2011-2209 Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the alpha architecture. Local users could obtain access to sensitive kernel memory. CVE-2011-2211 Dan Rosenberg discovered an issue in the osf_wait4() system call on the alpha architecture permitting local users to gain elevated privileges. CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop. CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (cpu time and memory). CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths. CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert. CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message. CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session. CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service. This update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768 (Debian: #633738) For the oldstable distribution (lenny), this problem has been fixed in version 2.6.26-26lenny4. Updates for arm and alpha are not yet available, but will be released as soon as possible. Updates for the hppa and ia64 architectures will be included in the upcoming 5.0.9 point release. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage
[Full-disclosure] [SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2303-2secur...@debian.org http://www.debian.org/security/ Dann Frazier September 10, 2011 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723 CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191 Debian Bug : 640966 The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a regression that can result in an oops during invalid accesses to /proc//maps files. The text of the original advisory is reproduced for reference: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. CVE-2011-1576 Ryan Sweat discovered an issue in the VLAN implementation. Local users may be able to cause a kernel memory leak, resulting in a denial of service. CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (cpu time and memory). CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths. CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert. CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2517 It was discovered that the netlink-based wireless configuration interface performed insufficient length validation when parsing SSIDs, resulting in buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a denial of service. CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message. CVE-2011-2700 Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the driver for the Si4713 FM Radio Transmitter driver used by N900 devices. Local users could exploit this issue to cause a denial of service or potentially gain elevated privileges. CVE-2011-2723 Brent Meshier reported an issue in the GRO (generic receive offload) implementation. This can be exploited by remote users to create a denial of service (system crash) in certain network device configurations. CVE-2011-2905 Christian Ohm discovered that the 'perf' analysis tool searches for its config files in the current working directory. This could lead to denial of service or potential privilege escalation if a user with elevated privileges is tricked into running 'perf' in a directory under the control of the attacker. CVE-2011-2909 Vasiliy Kulikov of Openwall discovered that a programming error in the Comedi driver could lead to the information disclosure through leaked stack memory. CVE-2011-2918 Vince Weaver discovered that incorrect handling of software event overflows in the 'perf' analysis tool could lead to local denial of service. CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session.
[Full-disclosure] [SECURITY] [DSA 2303-1] linux-2.6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2303-1secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff, Dann Frazier September 8, 2011 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723 CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. CVE-2011-1576 Ryan Sweat discovered an issue in the VLAN implementation. Local users may be able to cause a kernel memory leak, resulting in a denial of service. CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (cpu time and memory). CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths. CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert. CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2517 It was discovered that the netlink-based wireless configuration interface performed insufficient length validation when parsing SSIDs, resulting in buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a denial of service. CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message. CVE-2011-2700 Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the driver for the Si4713 FM Radio Transmitter driver used by N900 devices. Local users could exploit this issue to cause a denial of service or potentially gain elevated privileges. CVE-2011-2723 Brent Meshier reported an issue in the GRO (generic receive offload) implementation. This can be exploited by remote users to create a denial of service (system crash) in certain network device configurations. CVE-2011-2905 Christian Ohm discovered that the 'perf' analysis tool searches for its config files in the current working directory. This could lead to denial of service or potential privilege escalation if a user with elevated privileges is tricked into running 'perf' in a directory under the control of the attacker. CVE-2011-2909 Vasiliy Kulikov of Openwall discovered that a programming error in the Comedi driver could lead to the information disclosure through leaked stack memory. CVE-2011-2918 Vince Weaver discovered that incorrect handling of software event overflows in the 'perf' analysis tool could lead to local denial of service. CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session. CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service. This update also includes a fix for a regression introd
[Full-disclosure] [SECURITY] [DSA 2264-1] linux-2.6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2264-1 secur...@debian.org http://www.debian.org/security/ dann frazier June 18, 2011 http://www.debian.org/security/faq - - Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2010-2524 CVE-2010-3875 CVE-2010-4075 CVE-2010-4655 CVE-2011-0695 CVE-2011-0710 CVE-2011-0711 CVE-2011-0726 CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1093 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1477 CVE-2011-1493 CVE-2011-1577 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1768 CVE-2011-1776 CVE-2011-2022 CVE-2011-2182 Debian Bug : 618485 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2524 David Howells reported an issue in the Common Internet File System (CIFS). Local users could cause arbitrary CIFS shares to be mounted by introducing malicious redirects. CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to sensitive kernel memory. CVE-2010-4075 Dan Rosenberg reported an issue in the tty layer that may allow local users to obtain access to sensitive kernel memory. CVE-2010-4655 Kees Cook discovered several issues in the ethtool interface which may allow local users with the CAP_NET_ADMIN capability to obtain access to sensitive kernel memory. CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can exploit a race condition to cause a denial of service (kernel panic). CVE-2011-0710 Al Viro reported an issue in the /proc//status interface on the s390 architecture. Local users could gain access to sensitive memory in processes they do not own via the task_show_regs entry. CVE-2011-0711 Dan Rosenberg reported an issue in the XFS filesystem. Local users may obtain access to sensitive kernel memory. CVE-2011-0726 Kees Cook reported an issue in the /proc/pid/stat implementation. Local users could learn the text location of a process, defeating protections provided by address space layout randomization (ASLR). CVE-2011-1010 Timo Warns reported an issue in the Linux support for Mac partition tables. Local users with physical access could cause a denial of service (panic) by adding a storage device with a malicious map_count value. CVE-2011-1012 Timo Warns reported an issue in the Linux support for Mac partition tables. Local users with physical access could cause a denial of service (panic) by adding a storage device with a malicious map_count value. CVE-2011-1017 Timo Warns reported an issue in the Linux support for LDM partition tables. Users with physical access can gain access to sensitive kernel memory or gain elevated privileges by adding a storage device with a specially crafted LDM partition. CVE-2011-1078 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1079 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users with the CAP_NET_ADMIN capability can cause a denial of service (kernel Oops). CVE-2011-1080 Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1090 Neil Horman discovered a memory leak in the setacl() call on NFSv4 filesystems. Local users can exploit this to cause a denial of service (Oops). CVE-2011-1093 Johan Hovold reported an issue in the Datagram Congestion Control Protocol (DCCP) implementation. Remote users could cause a denial of service by sending data after closing a socket. CVE-2011-1160 Peter Huewe reported an issue in the Linux kernel's support for TPM security chips. Local users with permission to open the device can gain access to sensitive kernel memory. CVE-2011-1163 Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. Users with physical access can
[Full-disclosure] [SECURITY] [DSA 2240-1] linux-2.6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2240-1secur...@debian.org http://www.debian.org/security/ dann frazier May 24, 2011http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726 CVE-2011-1016 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1476 CVE-2011-1477 CVE-2011-1478 CVE-2011-1493 CVE-2011-1494 CVE-2011-1495 CVE-2011-1585 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1770 CVE-2011-1776 CVE-2011-2022 Debian Bug(s) : Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to sensitive kernel memory. CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can exploit a race condition to cause a denial of service (kernel panic). CVE-2011-0711 Dan Rosenberg reported an issue in the XFS filesystem. Local users may obtain access to sensitive kernel memory. CVE-2011-0726 Kees Cook reported an issue in the /proc/pid/stat implementation. Local users could learn the text location of a process, defeating protections provided by address space layout randomization (ASLR). CVE-2011-1016 Marek Olšák discovered an issue in the driver for ATI/AMD Radeon video chips. Local users could pass arbitrary values to video memory and the graphics translation table, resulting in denial of service or escalated privileges. On default Debian installations, this is exploitable only by members of the 'video' group. CVE-2011-1078 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1079 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users with the CAP_NET_ADMIN capability can cause a denial of service (kernel Oops). CVE-2011-1080 Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1090 Neil Horman discovered a memory leak in the setacl() call on NFSv4 filesystems. Local users can explot this to cause a denial of service (Oops). CVE-2011-1160 Peter Huewe reported an issue in the Linux kernel's support for TPM security chips. Local users with permission to open the device can gain access to sensitive kernel memory. CVE-2011-1163 Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted OSF partition. CVE-2011-1170 Vasiliy Kulikov reported an issue in the Netfilter arp table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1171 Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1172 Vasiliy Kulikov reported an issue in the Netfilter IP6 table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1173 Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. Local users can obtain access to sensitive kernel memory on systems that use this rare hardware. CVE-2011-1180 Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. Remote attackers within IR device range can cause a denial of service or possibly gain elevated privileges. CVE-2011-1182 Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information. CVE-2011-1476 Dan Rosenberg reported issues in the Open Sound System MIDI interface that allow local users to ca
[Full-disclosure] [SECURITY] [DSA 2153-1] linux-2.6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-2153-1 secur...@debian.org http://www.debian.org/security/ dann frazier January 30, 2011 http://www.debian.org/security/faq - - Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2010-0435 CVE-2010-3699 CVE-2010-4158 CVE-2010-4162 CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248 CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346 CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565 CVE-2010-4649 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0435 Gleb Napatov reported an issue in the KVM subsystem that allows virtual machines to cause a denial of service of the host machine by executing mov to/from DR instructions. CVE-2010-3699 Keir Fraser provided a fix for an issue in the Xen subsystem. A guest can cause a denial of service on the host by retaining a leaked reference to a device. This can result in a zombie domain, xenwatch process hangs, and xm command failures. CVE-2010-4158 Dan Rosenberg discovered an issue in the socket filters subsystem, allowing local unprivileged users to obtain the contents of sensitive kernel memory. CVE-2010-4162 Dan Rosenberg discovered an overflow issue in the block I/O subsystem that allows local users to map large numbers of pages, resulting in a denial of service due to invocation of the out of memory killer. CVE-2010-4163 Dan Rosenberg discovered an issue in the block I/O subsystem. Due to improper validation of iov segments, local users can trigger a kernel panic resulting in a denial of service. CVE-2010-4242 Alan Cox reported an issue in the Bluetooth subsystem. Local users with sufficient permission to access HCI UART devices can cause a denial of service (NULL pointer dereference) due to a missing check for an existing tty write operation. CVE-2010-4243 Brad Spengler reported a denial-of-service issue in the kernel memory accounting system. By passing large argv/envp values to exec, local users can cause the out of memory killer to kill processes owned by other users. CVE-2010-4248 Oleg Nesterov reported an issue in the POSIX CPU timers subsystem. Local users can cause a denial of service (Oops) due to incorrect assumptions about thread group leader behavior. CVE-2010-4249 Vegard Nossum reported an issue with the UNIX socket garbage collector. Local users can consume all of LOWMEM and decrease system performance by overloading the system with inflight sockets. CVE-2010-4258 Nelson Elhage reported an issue in Linux oops handling. Local users may be able to obtain elevated privileges if they are able to trigger an oops with a process' fs set to KERNEL_DS. CVE-2010-4342 Nelson Elhage reported an issue in the econet protocol. Remote attackers can cause a denial of service by sending an Acorn Universal Networking packet over UDP. CVE-2010-4346 Tavis Ormandy discovered an issue in the install_special_mapping routine which allows local users to bypass the mmap_min_addr security restriction. Combined with an otherwise low severity local denial of service vulnerability (NULL pointer dereference), a local user could obtain elevated privileges. CVE-2010-4526 Eugene Teo reported a race condition in the Linux SCTP implementation. Remote users can cause a denial of service (kernel memory corruption) by transmitting an ICMP unreachable message to a locked socket. CVE-2010-4527 Dan Rosenberg reported two issues in the OSS soundcard driver. Local users with access to the device (members of group 'audio' on default Debian installations) may contain access to sensitive kernel memory or cause a buffer overflow, potentially leading to an escalation of privileges. CVE-2010-4529 Dan Rosenberg reported an issue in the Linux kernel IrDA socket implementation on non-x86 architectures. Local users may be able to gain access to sensitive kernel memory via a specially crafted IRLMP_ENUMDEVICES getsockopt call. CVE-2010-4565 Dan Rosenberg reported an issue in the Linux CAN protocol implementation. Local users can obtain the address of a kernel heap object which might help facilitate system exploitation. CVE-201
[Full-disclosure] [SECURITY] [DSA 2126-1] New Linux 2.6.26 packages fix several issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - -- Debian Security Advisory DSA-2126-1secur...@debian.org http://www.debian.org/security/ dann frazier November 26, 2010 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2010-2963 CVE-2010-3067 CVE-2010-3296 CVE-2010-3297 CVE-2010-3310 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442 CVE-2010-3448 CVE-2010-3477 CVE-2010-3705 CVE-2010-3848 CVE-2010-3849 CVE-2010-3850 CVE-2010-3858 CVE-2010-3859 CVE-2010-3873 CVE-2010-3874 CVE-2010-3875 CVE-2010-3876 CVE-2010-3877 CVE-2010-3880 CVE-2010-4072 CVE-2010-4073 CVE-2010-4074 CVE-2010-4078 CVE-2010-4079 CVE-2010-4080 CVE-2010-4081 CVE-2010-4083 CVE-2010-4164 Debian Bug(s) : Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2963 Kees Cook discovered an issue in the v4l 32-bit compatibility layer for 64-bit systems that allows local users with /dev/video write permission to overwrite arbitrary kernel memory, potentially leading to a privilege escalation. On Debian systems, access to /dev/video devices is restricted to members of the 'video' group by default. CVE-2010-3067 Tavis Ormandy discovered an issue in the io_submit system call. Local users can cause an integer overflow resulting in a denial of service. CVE-2010-3296 Dan Rosenberg discovered an issue in the cxgb network driver that allows unprivileged users to obtain the contents of sensitive kernel memory. CVE-2010-3297 Dan Rosenberg discovered an issue in the eql network driver that allows local users to obtain the contents of sensitive kernel memory. CVE-2010-3310 Dan Rosenberg discovered an issue in the ROSE socket implementation. On systems with a rose device, local users can cause a denial of service (kernel memory corruption). CVE-2010-3432 Thomas Dreibholz discovered an issue in the SCTP protocol that permits a remote user to cause a denial of service (kernel panic). CVE-2010-3437 Dan Rosenberg discovered an issue in the pktcdvd driver. Local users with permission to open /dev/pktcdvd/control can obtain the contents of sensitive kernel memory or cause a denial of service. By default on Debian systems, this access is restricted to members of the group 'cdrom'. CVE-2010-3442 Dan Rosenberg discovered an issue in the ALSA sound system. Local users with permission to open /dev/snd/controlC0 can create an integer overflow condition that causes a denial of service. By default on Debian systems, this access is restricted to members of the group 'audio'. CVE-2010-3448 Dan Jacobson reported an issue in the thinkpad-acpi driver. On certain Thinkpad systems, local users can cause a denial of service (X.org crash) by reading /proc/acpi/ibm/video. CVE-2010-3477 Jeff Mahoney discovered an issue in the Traffic Policing (act_police) module that allows local users to obtain the contents of sensitive kernel memory. CVE-2010-3705 Dan Rosenberg reported an issue in the HMAC processing code in the SCTP protocol that allows remote users to create a denial of service (memory corruption). CVE-2010-3848 Nelson Elhage discovered an issue in the Econet protocol. Local users can cause a stack overflow condition with large msg->msgiovlen values that can result in a denial of service or privilege escalation. CVE-2010-3849 Nelson Elhage discovered an issue in the Econet protocol. Local users can cause a denial of service (oops) if a NULL remote addr value is passed as a parameter to sendmsg(). CVE-2010-3850 Nelson Elhage discovered an issue in the Econet protocol. Local users can assign econet addresses to arbitrary interfaces due to a missing capabilities check. CVE-2010-3858 Brad Spengler reported an issue in the setup_arg_pages() function. Due to a bounds-checking failure, local users can create a denial of service (kernel oops). CVE-2010-3859 Dan Rosenberg reported an issue in the TIPC protocol. When the tipc module is loaded, local users can gain elevated privileges via the sendmsg() system call. CVE-2010-3873 Dan Rosenberg reported an issue in the X.25 network protocol. Local users can cause heap corruption, resulting in a denial of service (kerne
[Full-disclosure] [SECURITY] [DSA 2110-1] New Linux 2.6.26 packages fix several issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2110-1secur...@debian.org http://www.debian.org/security/ dann frazier September 17, 2010 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local Debian-specific: no CVE Id(s) : CVE-2010-2492 CVE-2010-2954 CVE-2010-3078 CVE-2010-3080 CVE-2010-3081 Debian Bug(s) : Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2492 Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer overflow condition may allow local users to cause a denial of service or gain elevated privileges. CVE-2010-2954 Tavis Ormandy reported an issue in the irda subsystem which may allow local users to cause a denial of service via a NULL pointer dereference. CVE-2010-3078 Dan Rosenberg discovered an issue in the XFS file system that allows local users to read potentially sensitive kernel memory. CVE-2010-3080 Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation layer. Local users with sufficient privileges to open /dev/sequencer (by default on Debian, this is members of the 'audio' group) can cause a denial of service via a NULL pointer dereference. CVE-2010-3081 Ben Hawkes discovered an issue in the 32-bit compatibility code for 64-bit systems. Local users can gain elevated privileges due to insufficient checks in compat_alloc_user_space allocations. For the stable distribution (lenny), this problem has been fixed in version 2.6.26-25lenny1. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+25lenny1 Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, armel, hppa, i386, ia64, mipsel, powerpc, and sparc. Updates for other architectures will be released as they become available. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-25lenny1.diff.gz Size/MD5 checksum: 7975777 f39bbdb91ea404d5174d636e3722c995 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-25lenny1.dsc Size/MD5 checksum: 5778 76122adfa3afe005deb3399383a2bd32 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-25lenny1_all.deb Size/MD5 checksum: 48768982 07edfb93c4b92a09d816c7142bdca0ca http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-25lenny1_all.deb Size/MD5 checksum: 112362 26c3562b8492b990a07741994b54d5ff http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-25lenny1_all.deb Size/MD5 checksum: 4629662 f7a91bed6e26fd5a36cb0d882df15892 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-25lenny1_all.deb Size/MD5 checksum: 2961806 6992f6d3a88e41e804e1d1179b6f9c43 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-25lenny1_all.deb Size/MD5 checksum: 127628 b7c6d712c237cae69a3ab3efca80cf11 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-25lenny1_all.deb Size/MD5 checksum: 1775764 46f01e171d2686b95d916e7713b4186f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-25lenny1_alpha.deb Size/MD5 checksum: 3549986 07802097454a9b2390589322ae5fdd0d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-25lenny1_alpha.deb Size/MD5 checksum
[Full-disclosure] [SECURITY] [DSA 2094-1] New Linux 2.6.26 packages fix several issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2094-1secur...@debian.org http://www.debian.org/security/ dann frazier August 19, 2010 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local Debian-specific: no CVE Id(s) : CVE-2009-4895 CVE-2010-2226 CVE-2010-2240 CVE-2010-2248 CVE-2010-2521 CVE-2010-2798 CVE-2010-2803 CVE-2010-2959 CVE-2010-3015 Debian Bug(s) : 589179 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4895 Kyle Bader reported an issue in the tty subsystem that allows local users to create a denial of service (NULL pointer dereference). CVE-2010-2226 Dan Rosenberg reported an issue in the xfs filesystem that allows local users to copy and read a file owned by another user, for which they only have write permissions, due to a lack of permission checking in the XFS_SWAPEXT ioctl. CVE-2010-2240 Rafal Wojtczuk reported an issue that allows users to obtain escalated privileges. Users must already have sufficient privileges to execute or connect clients to an Xorg server. CVE-2010-2248 Suresh Jayaraman discovered an issue in the CIFS filesystem. A malicious file server can set an incorrect "CountHigh" value, resulting in a denial of service (BUG_ON() assertion). CVE-2010-2521 Neil Brown reported an issue in the NFSv4 server code. A malicious client could trigger a denial of service (Oops) on a server due to a bug in the read_buf() routine. CVE-2010-2798 Bob Peterson reported an issue in the GFS2 file system. A file system user could cause a denial of service (Oops) via certain rename operations. CVE-2010-2803 Kees Cook reported an issue in the DRM (Direct Rendering Manager) subsystem. Local users with sufficient privileges (local X users or members of the 'video' group on a default Debian install) could acquire access to sensitive kernel memory. CVE-2010-2959 Ben Hawkes discovered an issue in the AF_CAN socket family. An integer overflow condition may allow local users to obtain elevated privileges. CVE-2010-3015 Toshiyuki Okajima reported an issue in the ext4 filesystem. Local users could trigger a denial of service (BUG assertion) by generating a specific set of filesystem operations. This update also includes fixes a regression introduced by a previous update. See the referenced Debian bug page for details. For the stable distribution (lenny), this problem has been fixed in version 2.6.26-24lenny1. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+24lenny1 Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, armel, hppa, i386, ia64, mipsel, powerpc, s390 and sparc. Updates for arm and mips will be released as they become available. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-24lenny1.dsc Size/MD5 checksum: 5778 0ce8e36117eece3c4b469d73be862cd3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-24lenny1.diff.gz Size/MD5 checksum: 7952972 d3496a509cd9024910b5ee2cad4b5c70 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-24lenny1_all.deb Size/MD5 checksum: 48766186 ae5653c62cd9e1631c02af9ebab6a93d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-24lenny1_all.deb Size/MD5 checksum: 4630140 1ae9b5193a604a5943cbe3580d5f8191 http://security.debian.o
[Full-disclosure] [SECURITY] [DSA 2053-1] New Linux 2.6.26 packages fix several issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2053-1secur...@debian.org http://www.debian.org/security/ dann frazier May 25, 2010http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local Debian-specific: no CVE Id(s) : CVE-2009-4537 CVE-2010-0727 CVE-2010-1083 CVE-2010-1084 CVE-2010-1086 CVE-2010-1087 CVE-2010-1088 CVE-2010-1162 CVE-2010-1173 CVE-2010-1187 CVE-2010-1437 CVE-2010-1446 CVE-2010-1451 Debian Bug(s) : 573071 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4537 Fabian Yamaguchi reported a missing check for Ethernet frames larger than the MTU in the r8169 driver. This may allow users on the local network to crash a system, resulting in a denial of service. CVE-2010-0727 Sachin Prabhu reported an issue in the GFS2 filesystem. Local users can trigger a BUG() altering the permissions on a locked file, resulting in a denial of service. CVE-2010-1083 Linus Torvalds reported an issue in the USB subsystem, which may allow local users to obtain portions of sensitive kernel memory. CVE-2010-1084 Neil Brown reported an issue in the Bluetooth subsystem that may permit remote attackers to overwrite memory through the creation of large numbers of sockets, resulting in a denial of service. CVE-2010-1086 Ang Way Chuang reported an issue in the DVB subsystem for Digital TV adapters. By creating a specially-encoded MPEG2-TS frame, a remote attacker could cause the receiver to enter an endless loop, resulting in a denial of service. CVE-2010-1087 Trond Myklebust reported an issue in the NFS filesystem. A local user may cause an oops by sending a fatal signal during a file truncation operation, resulting in a denial of service. CVE-2010-1088 Al Viro reported an issue where automount symlinks may not be followed when LOOKUP_FOLLOW is not set. This has an unknown security impact. CVE-2010-1162 Catalin Marinas reported an issue in the tty subsystem that allows local attackers to cause a kernel memory leak, possibly resulting in a denial of service. CVE-2010-1173 Chris Guo from Nokia China and Jukka Taimisto and Olli Jarva from Codenomicon Ltd reported an issue in the SCTP subsystem that allows a remote attacker to cause a denial of service using a malformed init package. CVE-2010-1187 Neil Hormon reported an issue in the TIPC subsystem. Local users can cause a denial of service by way of a NULL pointer dereference by sending datagrams through AF_TIPC before entering network mode. CVE-2010-1437 Toshiyuki Okajima reported a race condition in the keyring subsystem. Local users can cause memory corruption via keyctl commands that access a keyring in the process of being deleted, resulting in a denial of service. CVE-2010-1446 Wufei reported an issue with kgdb on the PowerPC architecture, allowing local users to write to kernel memory. Note: this issue does not affect binary kernels provided by Debian. The fix is provided for the benefit of users who build their own kernels from Debian source. CVE-2010-1451 Brad Spengler reported an issue on the SPARC architecture that allows local users to execute non-executable pages. This update also includes fixes a regression introduced by a previous update. See the referenced Debian bug page for details. For the stable distribution (lenny), these problems have been fixed in version 2.6.26-22lenny1. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+22lenny1 Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, arm, armel
[Full-disclosure] [SECURITY] [DSA 2012-1] New Linux 2.6.26 packages fix several issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2012-1secur...@debian.org http://www.debian.org/security/ dann frazier March 11, 2010 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2009-3725 CVE-2010-0622 Debian Bug(s) : 568561 570554 Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3725 Philipp Reisner reported an issue in the connector subsystem which allows unprivileged users to send netlink packets. This allows local users to manipulate settings for uvesafb devices which are normally reserved for privileged users. CVE-2010-0622 Jermome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service (oops). This update also includes fixes for regressions introduced by previous updates. See the referenced Debian bug pages for details. For the stable distribution (lenny), this problem has been fixed in version 2.6.26-21lenny4. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+21lenny4 Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny4.dsc Size/MD5 checksum: 5778 654eb4987f9f2853b393ab6be6d64fb4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny4.diff.gz Size/MD5 checksum: 7768525 3b2021343de67e0e44a1fea6375d5b07 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-21lenny4_all.deb Size/MD5 checksum: 124758 7d6ca8cdb3c826d60830bec04703ca15 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-21lenny4_all.deb Size/MD5 checksum: 1765822 cae11a267708271e220ff80842771b49 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-21lenny4_all.deb Size/MD5 checksum: 48683994 759775a26d4b421ddc417f08abf21e14 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-21lenny4_all.deb Size/MD5 checksum: 2730552 4d0740fb0605d849c5fbf304d24cce07 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-21lenny4_all.deb Size/MD5 checksum: 4630404 2ef909c6ce8d12e1c4a7ca94ce94141a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-21lenny4_all.deb Size/MD5 checksum: 109452 3003dfc231736c4edaa2ad07558ade6b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-21lenny4_alpha.deb Size/MD5 checksum: 367442 ae54c048cfcf07312eedb4a060e16714 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-21lenny4_alpha.deb Size/MD5 checksum: 108924 52cd1ac16de0efe804a44e63a67a3197 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_alpha.deb Size/MD5 checksum: 743318 d3249f39cea733dae50082df74ec829c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-21lenny4_alpha.deb Size/MD5 checksum: 28476886 43e3e0acdcb907f1709016b519a98c19 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-21lenny4_alpha.deb Size/MD5 checksum: 29187648 4c27d524d470ea9f840b17e71d0ef45a http
[Full-disclosure] [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2010 secur...@debian.org http://www.debian.org/security/ Dann Frazier March 10, 2010 http://www.debian.org/security/faq - Package: kvm Vulnerability : privilege escalation/denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2010-0298 CVE-2010-0306 CVE-2010-0309 CVE-2010-0419 Several local vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0298 & CVE-2010-0306 Gleb Natapov discovered issues in the KVM subsystem where missing permission checks (CPL/IOPL) permit a user in a guest system to denial of service a guest (system crash) or gain escalated privileges with the guest. CVE-2010-0309 Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service (crash) of the host system. CVE-2010-0419 Paolo Bonzini found a bug in KVM that can be used to bypass proper permission checking while loading segment selectors. This potentially allows privileged guest users to execute privileged instructions on the host system. For the stable distribution (lenny), this problem has been fixed in version 72+dfsg-5~lenny5. For the testing distribution (squeeze), and the unstable distribution (sid), these problems will be addressed within the linux-2.6 package. We recommend that you upgrade your kvm package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Debian (stable) - --- Stable updates are available for amd64 and i386. Source archives: http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny5.dsc Size/MD5 checksum: 1341 14718fcd8584519702b567233d31abd6 http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg.orig.tar.gz Size/MD5 checksum: 3250251 899a66ae2ea94e994e06f637e1afef4a http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny5.diff.gz Size/MD5 checksum:51204 40d0b0ba8df5fbd8cfc0c837b0da4db2 Architecture independent packages: http://security.debian.org/pool/updates/main/k/kvm/kvm-source_72+dfsg-5~lenny5_all.deb Size/MD5 checksum: 159990 7a50d4ad7242107fa3443fcf6a30197d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny5_amd64.deb Size/MD5 checksum: 1110560 df3bcd5f384fc054863dac9947f60ddb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny5_i386.deb Size/MD5 checksum: 1034558 4f74cdb89f87634ef7c44c2a2d488a1a These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-annou...@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFLl+JRhuANDBmkLRkRAtr3AJ9uPXlNVrRuGY1QZT2T3vIwtY0MYwCfef5P NcutcP4hDhz3/fvl9zLjOjI= =iNSd -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2004-1] New Linux 2.6.24 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2004-1secur...@debian.org http://www.debian.org/security/ Dann Frazier February 27, 2010 http://www.debian.org/security/faq - -- Package: linux-2.6.24 Vulnerability : privilege escalation/denial of service/sensitive memory leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2009-2691 CVE-2009-2695 CVE-2009-3080 CVE-2009-3726 CVE-2009-3889 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4308 CVE-2009-4536 CVE-2009-4538 CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0410 CVE-2010-0415 CVE-2010-0622 NOTE: This kernel update marks the final planned kernel security update for the 2.6.24 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2691 Steve Beattie and Kees Cook reported an information leak in the maps and smaps files available under /proc. Local users may be able to read this data for setuid processes while the ELF binary is being loaded. CVE-2009-2695 Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. CVE-2009-3080 Dave Jones reported an issue in the gdth SCSI driver. A missing check for negative offsets in an ioctl call could be exploited by local users to create a denial of service or potentially gain elevated privileges. CVE-2009-3726 Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call. CVE-2009-3889 Joe Malicki discovered an issue in the megaraid_sas driver. Insufficient permissions on the sysfs dbg_lvl interface allow local users to modify the debug logging behavior. CVE-2009-4005 Roel Kluin discovered an issue in the hfc_usb driver, an ISDN driver for Colognechip HFC-S USB chip. A potential read overflow exists which may allow remote users to cause a denial of service condition (oops). CVE-2009-4020 Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem. CVE-2009-4021 Anana V. Avati discovered an issue in the fuse subsystem. If the system is sufficiently low on memory, a local user can cause the kernel to dereference an invalid pointer resulting in a denial of service (oops) and potentially an escalation of privileges. CVE-2009-4138 Jay Fenlason discovered an issue in the firewire stack that allows local users to cause a denial of service (oops or crash) by making a specially crafted ioctl call. CVE-2009-4308 Ted Ts'o discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (NULL pointer dereference). For this to be exploitable, the local user must have sufficient privileges to mount a filesystem. CVE-2009-4536 & CVE-2009-4538 Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted Ethernet frames. CVE-2010-0003 Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. CVE-2010-0291 Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service (system panic) or obtain elevated privileges. CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory). CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of servi
[Full-disclosure] [SECURITY] [DSA 2003-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2003-1secur...@debian.org http://www.debian.org/security/ Dann Frazier February 22, 2010 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2009-3080 CVE-2009-3726 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021 CVE-2009-4536 CVE-2010-0007 CVE-2010-0410 CVE-2010-0415 CVE-2010-0622 NOTE: This kernel update marks the final planned kernel security update for the 2.6.18 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date. A final update that includes fixes for these issues in the 2.6.24 kernel is also in preparation and will be released shortly. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3080 Dave Jones reported an issue in the gdth SCSI driver. A missing check for negative offsets in an ioctl call could be exploited by local users to create a denial of service or potentially gain elevated privileges. CVE-2009-3726 Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call. CVE-2009-4005 Roel Kluin discovered an issue in the hfc_usb driver, an ISDN driver for Colognechip HFC-S USB chip. A potential read overflow exists which may allow remote users to cause a denial of service condition (oops). CVE-2009-4020 Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem. CVE-2009-4021 Anana V. Avati discovered an issue in the fuse subsystem. If the system is sufficiently low on memory, a local user can cause the kernel to dereference an invalid pointer resulting in a denial of service (oops) and potentially an escalation of privileges. CVE-2009-4536 Fabian Yamaguchi reported an issue in the e1000 driver for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames. CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory). CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory. CVE-2010-0622 Jermome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service (oops). This update also fixes a regression introduced by a previous security update that caused problems booting on certain s390 systems. For the oldstable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-26etch2. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.26etch2 user-mode-linux 2.6.18-1um-2etch.26etch2 Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/
[Full-disclosure] [SECURITY] [DSA 1915-1] New Linux 2.6.26 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1915-1secur...@debian.org http://www.debian.org/security/ dann frazier October 22, 2009http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service/sensitive memory leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2009-2695 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3286 CVE-2009-3290 CVE-2009-3613 Notice: Debian 5.0.4, the next point release of Debian 'lenny', will include a new default value for the mmap_min_addr tunable. This change will add an additional safeguard against a class of security vulnerabilities known as "NULL pointer dereference" vulnerabilities, but it will need to be overridden when using certain applications. Additional information about this change, including instructions for making this change locally in advance of 5.0.4 (recommended), can be found at: http://wiki.debian.org/mmap_min_addr Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2695 Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. CVE-2009-2903 Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp"N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. CVE-2009-2908 Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service (kernel oops) by causing a dentry value to go negative. CVE-2009-2909 Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt() can result in a denial of service (kernel oops). CVE-2009-2910 Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the 'amd64' kernel do not properly sanitize registers for 32-bit processes. CVE-2009-3001 Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. CVE-2009-3002 Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area Network (CAN) implementations. Local users can exploit these issues to gain access to kernel memory. CVE-2009-3286 Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. CVE-2009-3290 Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory. CVE-2009-3613 Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service (IOMMU space exhaustion and system crash) by transmitting a large amount of jumbo frames. For the stable distribution (lenny), this problem has been fixed in version 2.6.26-19lenny1. For the oldstable distribution (etch), these problems, where applicable, will be fixed in updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+19lenny1 Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are u
[Full-disclosure] [SECURITY] [DSA 1872-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1872-1secur...@debian.org http://www.debian.org/security/ dann frazier August 24, 2009 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : denial of service/privilege escalation/information leak Problem type : local Debian-specific: no CVE Id(s) : CVE-2009-2698 CVE-2009-2846 CVE-2009-2847 CVE-2009-2848 CVE-2009-2849 Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation or a leak of sensitive memory. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2698 Herbert Xu discovered an issue in the way UDP tracks corking status that could allow local users to cause a denial of service (system crash). Tavis Ormandy and Julien Tinnes discovered that this issue could also be used by local users to gain elevated privileges. CVE-2009-2846 Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. CVE-2009-2847 Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. CVE-2009-2848 Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service (memory corruption). CVE-2009-2849 Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service (oops). For the oldstable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-24etch4. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.24etch4 user-mode-linux 2.6.18-1um-2etch.24etch4 Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch4.diff.gz Size/MD5 checksum: 5562205 77430d6cfab939a4d1c82fab6ab70af3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch4.dsc Size/MD5 checksum: 5672 733c4de16e92e78c23341c948c2b3e37 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4.tar.gz Size/MD5 checksum:59372 8f60164e762c338a2d2079eda83c9b68 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4.dsc Size/MD5 checksum: 740 710f999fbfec7dbbee77d348a1dd244e http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch4.diff.gz Size/MD5 checksum:21030 6d4d20763b630aa689b0b138ded756b2 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch4.dsc Size/MD5 checksum: 892 e4bec3b34d424dea506a3a6ed4f815e4 Architecture independent packages: http://security.debian.org/po
[Full-disclosure] [SECURITY] [DSA 1865-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1865-1secur...@debian.org http://www.debian.org/security/ dann frazier Aug 16, 2009http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : denial of service/privilege escalation Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2009-1385 CVE-2009-1389 CVE-2009-1630 CVE-2009-1633 CVE-2009-2692 Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1385 Neil Horman discovered a missing fix from the e1000 network driver. A remote user may cause a denial of service by way of a kernel panic triggered by specially crafted frame sizes. CVE-2009-1389 Michael Tokarev discovered an issue in the r8169 network driver. Remote users on the same LAN may cause a denial of service by way of a kernel panic triggered by receiving a large size frame. CVE-2009-1630 Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount. CVE-2009-1633 Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption. CVE-2009-2692 Tavis Ormandy and Julien Tinnes discovered an issue with how the sendpage function is initialized in the proto_ops structure. Local users can exploit this vulnerability to gain elevated privileges. For the oldstable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-24etch3. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.24etch3 user-mode-linux 2.6.18-1um-2etch.24etch3 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Oldstable updates are available for alpha, amd64, hppa, i386, ia64, mipsel, powerpc, s390 and sparc. Updates for arm and mips will be released as they become available. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch3.diff.gz Size/MD5 checksum: 5502587 1f75cb7f5ffbc73b1e2b0b4a97a4818a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch3.dsc Size/MD5 checksum: 5672 29c50f41751371587d0b9419b16d4062 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch3.dsc Size/MD5 checksum: 892 cfc19bff4c8dfbbf1409ea4580c9e65c http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch3.diff.gz Size/MD5 checksum:20832 aae14eef6d9bfa7c75286e2a13d52e86 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch3.tar.gz Size/MD5 checksum:59187 32a278830ac1d6ff997fdb78449be295 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch3.dsc Size/MD5 checksum: 740 43f7e80adde3c68ab2867570d5c3538b Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6
[Full-disclosure] [SECURITY] [DSA 1864-1] New Linux 2.6.24 packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1864-1secur...@debian.org http://www.debian.org/security/ Dann Frazier Aug 16, 2009http://www.debian.org/security/faq - -- Package: linux-2.6.24 Vulnerability : privilege escalation Problem type : local Debian-specific: no CVE Id(s) : CVE-2009-2692 A vulnerability has been discovered in the Linux kernel that may lead to privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem: CVE-2009-2692 Tavis Ormandy and Julien Tinnes discovered an issue with how the sendpage function is initialized in the proto_ops structure. Local users can exploit this vulnerability to gain elevated privileges. For the oldstable distribution (etch), this problem has been fixed in version 2.6.24-6~etchnhalf.8etch3. We recommend that you upgrade your linux-2.6.24 packages. Note: Debian 'etch' includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian 'etch' concludes. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, lower severity 2.6.18 and 2.6.24 updates will typically release in a staggered or "leap-frog" fashion. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Oldstable updates are available for alpha, amd64, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. The arm update will be released once the build becomes available. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch3.dsc Size/MD5 checksum: 5117 260db0dd510bc8ae520d70d8f2d777a7 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch3.diff.gz Size/MD5 checksum: 4042082 086b8b219adb642aea83d54aff143ca4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.8etch3_all.deb Size/MD5 checksum:97098 e4397c771b232a614bb9a71bedcdbb95 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb Size/MD5 checksum: 932316 e2a6efbb1a3efbfead7ed4c0ce505b07 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb Size/MD5 checksum: 1544288 aa3d7bda9d030128966127256dcbcee2 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb Size/MD5 checksum: 46863740 a61a335af22645db849cd8eb505ac0af http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb Size/MD5 checksum:82706 155fbfde7a84b13d3ec47e736974417f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb Size/MD5 checksum: 4262452 a52a4d41a03e278f55b4a8a25d9ef4a8 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.8etch3_alpha.deb Size/MD5 checksum:82304 48ea456ff4fe13e7f31da69a7dc35ba0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch3_alpha.deb Size/MD5 checksum: 328286 f16d82a2cca45c9f72c54e0089c525f4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch3_alpha.deb Size/MD5 checksum: 26639542 32dd7c467e6d7587535cfe64931ceb0c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch3_alpha.deb Size/MD5 checksum: 3453506 3fdb9082af544d607c7a88617184070c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2
[Full-disclosure] [SECURITY] [DSA 1862-1] New Linux 2.6.26 packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1862-1secur...@debian.org http://www.debian.org/security/ dann frazier Aug 14, 2009http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation Problem type : local Debian-specific: no CVE Id(s) : CVE-2009-2692 A vulnerability has been discovered in the Linux kernel that may lead to privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem: CVE-2009-2692 Tavis Ormandy and Julien Tinnes discovered an issue with how the sendpage function is initialized in the proto_ops structure. Local users can exploit this vulnerability to gain elevated privileges. For the stable distribution (lenny), this problem has been fixed in version 2.6.26-17lenny2. For the oldstable distribution (etch), this problem will be fixed in updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+17lenny2 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are currently available for alpha, amd64, armel, hppa, i386, ia64, powerpc, and s390. Updates for arm, mips, mipsel and sparc will be released as they become available. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-17lenny2.dsc Size/MD5 checksum: 5777 778d506d29d58629169fb094440a670f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-17lenny2.diff.gz Size/MD5 checksum: 7358563 38994c775f27acf823b0b95bf754db3b Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-17lenny2_all.deb Size/MD5 checksum: 48704700 b9db7b38d2e6b475c589bf0a06adbe12 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-17lenny2_all.deb Size/MD5 checksum: 1763974 f11261edc6cdca9cca17867b8780c1a5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-17lenny2_all.deb Size/MD5 checksum: 105480 bdcd78ed992cc7ee56e61fd172eab707 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-17lenny2_all.deb Size/MD5 checksum: 4626246 b2ccc2b63627a18e639e6ea895bba516 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-17lenny2_all.deb Size/MD5 checksum: 2306612 14fc083581d9b30ffdd57416f13463e6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-17lenny2_all.deb Size/MD5 checksum: 120812 9c25118292fbc8ca8e0deef89b8ac7ee alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-17lenny2_alpha.deb Size/MD5 checksum: 29154078 226201e7b09d11de896b2d315f2e05a1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-17lenny2_alpha.deb Size/MD5 checksum: 370554 be4db289f1284b9ea320908964031771 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-17lenny2_alpha.deb Size/MD5 checksum: 28445388 2d3f4d92ce24404d507e07d4b3c7faed http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny2_alpha.deb Size/MD5 checksum: 752348 9abad746737d1a6c73c629d88556631b http://security.debia
[Full-disclosure] [SECURITY] [DSA 1846-1] New kvm packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1846-1 secur...@debian.org http://www.debian.org/security/ Dann Frazier July 28, 2009 http://www.debian.org/security/faq - Package: kvm Vulnerability : denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2009-2287 Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service (hang) by providing an invalid cr3 value to the KVM_SET_SREGS call. For the stable distribution (lenny), these problems have been fixed in version 72+dfsg-5~lenny2. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your kvm packages, and rebuild any kernel modules you have built from a kvm-source package version. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for amd64 and i386. Source archives: http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg.orig.tar.gz Size/MD5 checksum: 3250251 899a66ae2ea94e994e06f637e1afef4a http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny2.dsc Size/MD5 checksum: 1340 e95d1e3129dd6eb2d7b139504a8682d5 http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny2.diff.gz Size/MD5 checksum:40508 22d3f4b490752c1db13affc506896f59 Architecture independent packages: http://security.debian.org/pool/updates/main/k/kvm/kvm-source_72+dfsg-5~lenny2_all.deb Size/MD5 checksum: 157856 593b7d018dc15553d1c690c941ff0dd7 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny2_amd64.deb Size/MD5 checksum: 1105650 e29a433d9d83be7bf22dfb8297e3b63f i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny2_i386.deb Size/MD5 checksum: 1034054 39113a71cf5fdbafcaed9f3f58ae2369 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-annou...@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKb92ChuANDBmkLRkRArWNAJ9fyxXVbz8s4NriMRf3Dl6DA+fnOACffBm5 LdoNhA2mQO3lBJ+ZQvWQ9y8= =iVSU -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1844-1] New Linux 2.6.24 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1844-1secur...@debian.org http://www.debian.org/security/ Dann Frazier July 28, 2009 http://www.debian.org/security/faq - -- Package: linux-2.6.24 Vulnerability : denial of service/privilege escalation Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2009-1385 CVE-2009-1389 CVE-2009-1630 CVE-2009-1633 CVE-2009-1895 CVE-2009-1914 CVE-2009-1961 CVE-2009-2406 CVE-2009-2407 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1385 Neil Horman discovered a missing fix from the e1000 network driver. A remote user may cause a denial of service by way of a kernel panic triggered by specially crafted frame sizes. CVE-2009-1389 Michael Tokarev discovered an issue in the r8169 network driver. Remote users on the same LAN may cause a denial of service by way of a kernel panic triggered by receiving a large size frame. CVE-2009-1630 Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount. CVE-2009-1633 Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption. CVE-2009-1895 Julien Tinnes and Tavis Ormandy reported and issue in the Linux vulnerability code. Local users can take advantage of a setuid binary that can either be made to dereference a NULL pointer or drop privileges and return control to the user. This allows a user to bypass mmap_min_addr restrictions which can be exploited to execute arbitrary code. CVE-2009-1914 Mikulas Patocka discovered an issue in sparc64 kernels that allows local users to cause a denial of service (crash) by reading the /proc/iomem file. CVE-2009-1961 Miklos Szeredi reported an issue in the ocfs2 filesystem. Local users can create a denial of service (filesystem deadlock) using a particular sequence of splice system calls. CVE-2009-2406 CVE-2009-2407 Ramon de Carvalho Valle discovered two issues with the eCryptfs layered filesystem using the fsfuzzer utility. A local user with permissions to perform an eCryptfs mount may modify the contents of a eCryptfs file, overflowing the stack and potentially gaining elevated privileges. For the stable distribution (etch), these problems have been fixed in version 2.6.24-6~etchnhalf.8etch2. We recommend that you upgrade your linux-2.6.24 packages. Note: Debian 'etch' includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian 'etch' concludes. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, lower severity 2.6.18 and 2.6.24 updates will typically release in a staggered or "leap-frog" fashion. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch2.diff.gz Size/MD5 checksum: 4046697 0c540aa51d64fd0f41fefda0370a7d57 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch2.dsc Size/MD5 checksum: 5117 8149bb152305e615760fd5accc516b17 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb Size/MD5 checksum: 931690 8230f79880ab579b104e9b34029cc97d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6
[Full-disclosure] [SECURITY] [DSA 1845-1] New Linux 2.6.26 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1845-1secur...@debian.org http://www.debian.org/security/ dann frazier Jun 28, 2009http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : denial of service, privilege escalation Problem type : local Debian-specific: no CVE Id(s) : CVE-2009-1895 CVE-2009-2287 CVE-2009-2406 CVE-2009-2407 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1895 Julien Tinnes and Tavis Ormandy reported an issue in the Linux personality code. Local users can take advantage of a setuid binary that can either be made to dereference a NULL pointer or drop privileges and return control to the user. This allows a user to bypass mmap_min_addr restrictions which can be exploited to execute arbitrary code. CVE-2009-2287 Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service (hang) by providing an invalid cr3 value to the KVM_SET_SREGS call. CVE-2009-2406 CVE-2009-2407 Ramon de Carvalho Valle discovered two issues with the eCryptfs layered filesystem using the fsfuzzer utility. A local user with permissions to perform an eCryptfs mount may modify the contents of a eCryptfs file, overflowing the stack and potentially gaining elevated privileges. For the stable distribution (lenny), these problems have been fixed in version 2.6.26-17lenny1. For the oldstable distribution (etch), these problems, where applicable, will be fixed in updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+17lenny1 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-17lenny1.diff.gz Size/MD5 checksum: 7379386 e39e1610a5bf0ecf7213c7d0cdf2d2b8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-17lenny1.dsc Size/MD5 checksum: 5777 af1732ba4824c10f33f9f9d47646b71e Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-17lenny1_all.deb Size/MD5 checksum: 1796746 513b2bc4b33984b4b8aee8fe5eba0eb6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-17lenny1_all.deb Size/MD5 checksum: 121474 6a5b4b1258d5413a289c622f53618048 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-17lenny1_all.deb Size/MD5 checksum: 49364258 a711fe6f43baac15f31ec8410cca0208 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-17lenny1_all.deb Size/MD5 checksum: 2306752 c927a4be24692ff4ba314437ad3cb858 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-17lenny1_all.deb Size/MD5 checksum: 4846320 eed4194a6f0c2622b89d0f4f22bce41f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-17lenny1_all.deb Size/MD5 checksum: 105386 b363ddaddee39208f28189904b441
[Full-disclosure] [SECURITY] [DSA 1809-1] New Linux 2.6.26 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1809-1secur...@debian.org http://www.debian.org/security/ dann frazier Jun 01, 2009http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : denial of service, privilege escalation Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2009-1630 CVE-2009-1633 CVE-2009-1758 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1630 Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount. CVE-2009-1633 Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption. CVE-2009-1758 Jan Beulich discovered an issue in Xen where local guest users may cause a denial of service (oops). This update also fixes a regression introduced by the fix for CVE-2009-1184 in 2.6.26-15lenny3. This prevents a boot time panic on systems with SELinux enabled. For the stable distribution (lenny), these problems have been fixed in version 2.6.26-15lenny3. For the oldstable distribution (etch), these problems, where applicable, will be fixed in future updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+15lenny3 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny3.diff.gz Size/MD5 checksum:13441 46517a06496e67f876a403f660e4b4eb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny3.dsc Size/MD5 checksum: 1272 70aae2d1f8ec5b7308408ce834de634c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-15lenny3.dsc Size/MD5 checksum: 5777 8cd859a06cd6331d2d9ccdc952b0c597 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um.orig.tar.gz Size/MD5 checksum:12566 58cd8b7f3a51b2272c9afc10b81551cc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-15lenny3.diff.gz Size/MD5 checksum: 7345643 ff734f4ccc5f35f2523ba2b016505094 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-15lenny3_all.deb Size/MD5 checksum: 4624804 b1ed811e84897fed9bd787941049fcac http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-15lenny3_all.deb Size/MD5 checksum: 104234 9de9e145bfc32ec0991a3f351b51a420 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-15lenny3_all.deb Size/MD5 checksum: 119590 e16bd6d918d369c0c03c14125d696671 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-15lenny3_all.deb Size/MD5 checksum: 2270224 5cf29ebfb992106e057386b0317c041e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-15lenny3_all.deb Size/MD5 checksum: 48704082 ad86ccd2802ad28120de00
[Full-disclosure] [SECURITY] [DSA 1800-1] New Linux 2.6.26 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1800-1secur...@debian.org http://www.debian.org/security/ dann frazier May 15, 2009http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : denial of service/privilege escalation/sensitive memory leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2009-0028 CVE-2009-0834 CVE-2009-0835 CVE-2009-0859 CVE-2009-1046 CVE-2009-1072 CVE-2009-1184 CVE-2009-1192 CVE-2009-1242 CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a sensitive memory leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0028 Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent. CVE-2009-0834 Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details. CVE-2009-0835 Roland McGrath discovered an issue on amd64 kernels with CONFIG_SECCOMP enabled. By making a specially crafted syscall, local users can bypass access restrictions. CVE-2009-0859 Jiri Olsa discovered that a local user can cause a denial of service (system hang) using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled. This issue does not affect prebuilt Debian kernels. CVE-2009-1046 Mikulas Patocka reported an issue in the console subsystem that allows a local user to cause memory corruption by selecting a small number of 3-byte UTF-8 characters. CVE-2009-1072 Igor Zhbanov reported that nfsd was not properly dropping CAP_MKNOD, allowing users to create device nodes on file systems exported with root_squash. CVE-2009-1184 Dan Carpenter reported a coding issue in the selinux subsystem that allows local users to bypass certain networking checks when running with compat_net=1. CVE-2009-1192 Shaohua Li reported an issue in the AGP subsystem they may allow local users to read sensitive kernel memory due to a leak of uninitialized memory. CVE-2009-1242 Benjamin Gilbert reported a local denial of service vulnerability in the KVM VMX implementation that allows local users to trigger an oops. CVE-2009-1265 Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialized kernel memory that may contain sensitive data. CVE-2009-1337 Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. CVE-2009-1338 Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to reach processes outside of the current process namespace. CVE-2009-1439 Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount. For the stable distribution (lenny), these problems have been fixed in version 2.6.26-15lenny2. For the oldstable distribution (etch), these problems, where applicable, will be fixed in future updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+15lenny2 You may use an automated
[Full-disclosure] [SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1787-1secur...@debian.org http://www.debian.org/security/ Dann Frazier May 2, 2009 http://www.debian.org/security/faq - -- Package: linux-2.6.24 Vulnerability : denial of service/privilege escalation/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2008-4307 CVE-2008-5079 CVE-2008-5395 CVE-2008-5700 CVE-2008-5701 CVE-2008-5702 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0834 CVE-2009-0859 CVE-2009-1046 CVE-2009-1192 CVE-2009-1242 CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4307 Bryn M. Reeves reported a denial of service in the NFS filesystem. Local users can trigger a kernel BUG() due to a race condition in the do_setlk function. CVE-2008-5079 Hugo Dias reported a DoS condition in the ATM subsystem that can be triggered by a local user by calling the svc_listen function twice on the same socket and reading /proc/net/atm/*vc. CVE-2008-5395 Helge Deller discovered a denial of service condition that allows local users on PA-RISC systems to crash a system by attempting to unwind a stack contiaining userspace addresses. CVE-2008-5700 Alan Cox discovered a lack of minimum timeouts on SG_IO requests, which allows local users of systems using ATA to cause a denial of service by forcing drives into PIO mode. CVE-2008-5701 Vlad Malov reported an issue on 64-bit MIPS systems where a local user could cause a system crash by crafing a malicious binary which makes o32 syscalls with a number less than 4000. CVE-2008-5702 Zvonimir Rakamaric reported an off-by-one error in the ib700wdt watchdog driver which allows local users to cause a buffer underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl call. CVE-2009-0028 Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent. CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory. CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users, permitting remote code execution. CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption). CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 byts from a sysfs entry. CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation. CVE-2009-0834 Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details. CVE-2009-0859 Jiri Olsa discovered that a local user can cause a denial of service (system hang) using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled. This issue does not affect prebuilt Debian kernels. CVE-2009-1046 Mikulas Patocka reported an issue in the console subsystem that allows a local user to cause memory corruption by selecting a small number of 3-byte UTF-8 characters. CVE-2009-1192 Shaohua Li reported an issue in the AGP subsystem they may allow local users to read sensitive kernel memory due to a leak of uninitialized memory. CVE-2009-1242 Benjamin Gilbert reported a local denial of service vulnerability in the KVM VMX implementation that allows local users to trigger
[Full-disclosure] [SECURITY] [DSA 1749-1] New Linux 2.6.26 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1749-1secur...@debian.org http://www.debian.org/security/ dann frazier March 20, 2009 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : denial of service/privilege escalation/sensitive memory leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2009-0029 CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322 CVE-2009-0676 CVE-2009-0675 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory. CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users. CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption). CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 byts from a sysfs entry. CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation. CVE-2009-0746 Sami Liedes reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when accessing a specially crafted corrupt filesystem. CVE-2009-0747 David Maciejak reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem. CVE-2009-0748 David Maciejak reported an additional issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem. For the stable distribution (lenny), these problems have been fixed in version 2.6.26-13lenny2. For the oldstable distribution (etch), these problems, where applicable, will be fixed in future updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-13lenny2.diff.gz Size/MD5 checksum: 7582454 57f388d55f402654ff834b30b22aadef http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-13lenny2.dsc Size/MD5 checksum: 5777 6bc12d58cd44d1965c3407ea2b1d9e77 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-1_2.6.26-13lenny2_all.deb Size/MD5 checksum: 117120 d801fa4d8fe73c8e8cbaa751e90e65e8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-13lenny2_all.deb Size/MD5 checksum: 2119816 9d47a407a3776ff118fa001a296637b2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-13lenny2_all.deb Size/MD5 checksum: 1791570 b4d9768d893217fab73ae97671a67b0f http
[Full-disclosure] [SECURITY] [DSA 1687-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1687-1secur...@debian.org http://www.debian.org/security/ dann frazier Dec 15, 2008http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : denial of service/privilege escalation Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2008-3527 CVE-2008-3528 CVE-2008-4554 CVE-2008-4576 CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029 CVE-2008-5079 CVE_2008-5182 CVE-2008-5300 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3527 Tavis Ormandy reported a local DoS and potential privilege escalation in the Virtual Dynamic Shared Objects (vDSO) implementation. CVE-2008-3528 Eugene Teo reported a local DoS issue in the ext2 and ext3 filesystems. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to output error messages in an infinite loop. CVE-2008-4554 Milos Szeredi reported that the usage of splice() on files opened with O_APPEND allows users to write to the file at arbitrary offsets, enabling a bypass of possible assumed semantics of the O_APPEND flag. CVE-2008-4576 Vlad Yasevich reported an issue in the SCTP subsystem that may allow remote users to cause a local DoS by triggering a kernel oops. CVE-2008-4933 Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to overrun a buffer, resulting in a system oops or memory corruption. CVE-2008-4934 Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that results in a kernel oops due to an unchecked return value. CVE-2008-5025 Eric Sesterhenn reported a local DoS issue in the hfs filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a filesystem with a corrupted catalog name length, resulting in a system oops or memory corruption. CVE-2008-5029 Andrea Bittau reported a DoS issue in the unix socket subsystem that allows a local user to cause memory corruption, resulting in a kernel panic. CVE-2008-5079 Hugo Dias reported a DoS condition in the ATM subsystem that can be triggered by a local user by calling the svc_listen function twice on the same socket and reading /proc/net/atm/*vc. CVE_2008-5182 Al Viro reported race conditions in the inotify subsystem that may allow local users to acquire elevated privileges. CVE-2008-5300 Dann Frazier reported a DoS condition that allows local users to cause the out of memory handler to kill off privileged processes or trigger soft lockups due to a starvation issue in the unix socket subsystem. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-23etch1. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Note: Debian 'etch' includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian 'etch' concludes. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, lower severity 2.6.18 and 2.6.24 updates will typically release in a staggered or "leap-frog" fashion. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.23etch1 user-mode-linux 2.6.18-1um-2etch.23etch1 You may use an automated update by
[Full-disclosure] [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1681-1[EMAIL PROTECTED] http://www.debian.org/security/ Dann Frazier, Alexander Prinsier December 04, 2008 http://www.debian.org/security/faq - -- Package: linux-2.6.24 Vulnerability : denial of service/privilege escalation Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2008-3528 CVE-2008-4554 CVE-2008-4576 CVE-2008-4618 CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029 CVE-2008-5134 CVE-2008-5182 CVE-2008-5300 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3528 Eugene Teo reported a local DoS issue in the ext2 and ext3 filesystems. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to output error messages in an infinite loop. CVE-2008-4554 Milos Szeredi reported that the usage of splice() on files opened with O_APPEND allows users to write to the file at arbitrary offsets, enabling a bypass of possible assumed semantics of the O_APPEND flag. CVE-2008-4576 Vlad Yasevich reported an issue in the SCTP subsystem that may allow remote users to cause a local DoS by triggering a kernel oops. CVE-2008-4618 Wei Yongjun reported an issue in the SCTP subsystem that may allow remote users to cause a local DoS by triggering a kernel panic. CVE-2008-4933 Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to overrun a buffer, resulting in a system oops or memory corruption. CVE-2008-4934 Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that results in a kernel oops due to an unchecked return value. CVE-2008-5025 Eric Sesterhenn reported a local DoS issue in the hfs filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a filesystem with a corrupted catalog name length, resulting in a system oops or memory corruption. CVE-2008-5029 Andrea Bittau reported a DoS issue in the unix socket subsystem that allows a local user to cause memory corruption, resulting in a kernel panic. CVE-2008-5134 Johannes Berg reported a remote DoS issue in the libertas wireless driver, which can be triggered by a specially crafted beacon/probe response. CVE-2008-5182 Al Viro reported race conditions in the inotify subsystem that may allow local users to acquire elevated privileges. CVE-2008-5300 Dann Frazier reported a DoS condition that allows local users to cause the out of memory handler to kill off privileged processes or trigger soft lockups due to a starvation issue in the unix socket subsystem. For the stable distribution (etch), these problems have been fixed in version 2.6.24-6~etchnhalf.7. We recommend that you upgrade your linux-2.6.24 packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.7.diff.gz Size/MD5 checksum: 3951605 2c2f19150d409bc91052c159bfc2618a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.7.dsc Size/MD5 checksum: 5107 5491cd0340d5f730a95e70844e786646 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.7_all.deb Size/MD5 checksum: 4259978 f92e913356662607598cb222d5dff90b
[Full-disclosure] [SECURITY] [DSA 1676-1] New flamethrower packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1676-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier December 01, 2008 http://www.debian.org/security/faq - Package: flamethrower (0.1.8-1+etch1) Vulnerability : insecure temp file generation Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-5141 Debian Bug : 506350 Dmitry E. Oboukhov discovered that flamethrower creates predictable temporary filenames, which may lead to a local denial of service through a symlink attack. For the stable distribution (etch), this problem has been fixed in version 0.1.8-1+etch1. For the unstable distribution (sid), this problem has been fixed in version 0.1.8-2. We recommend that you upgrade your flamethrower package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1.diff.gz Size/MD5 checksum: 3138 f6263743cb41f4f75ab9f4dbc76a71a5 http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8.orig.tar.gz Size/MD5 checksum:23485 04e1b6c5b4e72879e8aa69fcccb0491f http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1.dsc Size/MD5 checksum: 598 4a880e477706f57bcfb806eb46a81922 Architecture independent packages: http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1_all.deb Size/MD5 checksum:16880 fbc0c1b237503a9d88521b444e4319e0 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJNGi7huANDBmkLRkRAtmHAJ46ID1fo23mpT0LaR+58dF75sgdaACgk1R2 I73MleBHGf32hPSwMhRRQbY= =qNZs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1655-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier Oct 16, 2008http://www.debian.org/security/faq - -- Package: linux-2.6.24 Vulnerability : denial of service/information leak/privilege escalation Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-1514 CVE-2008-3525 CVE-2008-3831 CVE-2008-4113 CVE-2008-4445 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a leak of sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1514 Jan Kratochvil reported a local denial of service vulnerability in the ptrace interface for the s390 architecture. Local users can trigger an invalid pointer dereference, leading to a system panic. CVE-2008-3525 Eugene Teo reported a lack of capability checks in the kernel driver for Granch SBNI12 leased line adapters (sbni), allowing local users to perform privileged operations. CVE-2008-3831 Olaf Kirch discovered an issue with the i915 driver that may allow local users to cause memory corruption by use of an ioctl with insufficient privilege restrictions. CVE-2008-4113/CVE-2008-4445 Eugene Teo discovered two issues in the SCTP subsystem which allow local users to obtain access to sensitive memory when the SCTP-AUTH extension is enabled. For the stable distribution (etch), these problems have been fixed in version 2.6.24-6~etchnhalf.6. We recommend that you upgrade your linux-2.6.24 packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mipsel, powerpc, s390 and sparc. An update for mips will be made available soon. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.dsc Size/MD5 checksum: 5107 48de15915d82e55c28f531d9c03f8ba0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.diff.gz Size/MD5 checksum: 3930604 d56abb873a5dc719332b1d6536656c15 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.6_all.deb Size/MD5 checksum: 754490 9b4effa960f1d60cd0b5ed6ea2eeb276 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.6_all.deb Size/MD5 checksum:96114 a486ac629244fe13cacbaad4a888ad68 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.6_all.deb Size/MD5 checksum: 4467464 8881c194d888d42a8504df8ebb7dac6a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.6_all.deb Size/MD5 checksum:81296 7c3acdec53210e758132df5fe8f96bf4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.6_all.deb Size/MD5 checksum: 1574790 098f0ba09349695dab163ec3c4e1b213 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.6_all.deb Size/MD5 checksum: 46934056 27dcac10ac224dbf0ea3c96e60c2c4e1 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.6_alpha.deb Size/MD5 checksum: 329948 add3abe6143d13abc68965961dbdcd6f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.6_alpha.deb Size/MD5 checksum:80800 be0ab1a9e34201c60264fca5800c5674 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.6_alpha.deb Size/MD5 checksum:80824 2108b32684fe0c28b4293f5411eac78f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.6_alpha.deb Size/MD5 checksum: 26729636
[Full-disclosure] [SECURITY] [DSA 1653-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1653-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier Oct 13, 2008http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : denial of service/privilege escalation Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2007-6716 CVE-2008-1514 CVE-2008-3276 CVE-2008-3525 CVE-2008-3833 CVE-2008-4210 CVE-2008-4302 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6716 Joe Jin reported a local denial of service vulnerability that allows system users to trigger an oops due to an improperly initialized data structure. CVE-2008-1514 Jan Kratochvil reported a local denial of service vulnerability in the ptrace interface for the s390 architecture. Local users can trigger an invalid pointer dereference, leading to a system panic. CVE-2008-3276 Eugene Teo reported an integer overflow in the DCCP subsystem that may allow remote attackers to cause a denial of service in the form of a kernel panic. CVE-2008-3525 Eugene Teo reported a lack of capability checks in the kernel driver for Granch SBNI12 leased line adapters (sbni), allowing local users to perform privileged operations. CVE-2008-3833 The S_ISUID/S_ISGID bits were not being cleared during an inode splice, which, under certain conditions, can be exploited by local users to obtain the privileges of a group for which they are not a member. Mark Fasheh reported this issue. CVE-2008-4210 David Watson reported an issue in the open()/creat() system calls which, under certain conditions, can be exploited by local users to obtain the privileges of a group for which they are not a member. CVE-2008-4302 A coding error in the splice subsystem allows local users to attempt to unlock a page structure that has not been locked, resulting in a system crash. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-22etch3. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.22etch3 user-mode-linux 2.6.18-1um-2etch.22etch3 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch3.dsc Size/MD5 checksum: 740 493907f0ec1dd35b585f1d719b47c7a2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-22etch3.dsc Size/MD5 checksum: 5672 fa1b554733916f434e7c5d2cbb14ef39 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.22etch3.diff.gz Size/MD5 checksum:18523 59f086bfef3cfc72e88f551f4af9be4e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-22etch3.diff.gz Size/MD5 checksum: 5437298 bfacdfd59de2d0b136e7eb0581c16419 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.22etch3.dsc Size/MD5 checksum: 892 d977e436c0c36127480632bf12ddb409 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch3.tar.gz Size/MD5 checksum:56943 707244b97c9b0d88024b496383bb0506 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1
[Full-disclosure] [SECURITY] [DSA 1636-1] New Linux 2.6.24 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1636-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier Sep 11, 2008http://www.debian.org/security/faq - -- Package: linux-2.6.24 Vulnerability : denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2008-3272 CVE-2008-3275 CVE-2008-3276 CVE-2008-3526 CVE-2008-3534 CVE-2008-3535 CVE-2008-3792 CVE-2008-3915 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or leak sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3272 Tobias Klein reported a locally exploitable data leak in the snd_seq_oss_synth_make_info() function. This may allow local users to gain access to sensitive information. CVE-2008-3275 Zoltan Sogor discovered a coding error in the VFS that allows local users to exploit a kernel memory leak resulting in a denial of service. CVE-2008-3276 Eugene Teo reported an integer overflow in the DCCP subsystem that may allow remote attackers to cause a denial of service in the form of a kernel panic. CVE-2008-3526 Eugene Teo reported a missing bounds check in the SCTP subsystem. By exploiting an integer overflow in the SCTP_AUTH_KEY handling code, remote attackers may be able to cause a denial of service in the form of a kernel panic. CVE-2008-3534 Kel Modderman reported an issue in the tmpfs filesystem that allows local users to crash a system by triggering a kernel BUG() assertion. CVE-2008-3535 Alexey Dobriyan discovered an off-by-one-error in the iov_iter_advance function which can be exploited by local users to crash a system, resulting in a denial of service. CVE-2008-3792 Vlad Yasevich reported several NULL pointer reference conditions in the SCTP subsystem that can be triggered by entering sctp-auth codepaths when the AUTH feature is inactive. This may allow attackers to cause a denial of service condition via a system panic. CVE-2008-3915 Johann Dahm and David Richter reported and issue in the nfsd subsystem that may allow remote attackers to cause a denial of service via a buffer overflow. For the stable distribution (etch), these problems have been fixed in version 2.6.24-6~etchnhalf.5. We recommend that you upgrade your linux-2.6.24 packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.5.dsc Size/MD5 checksum: 5107 77e0185b5d5efa18885eae513acffa6a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.5.diff.gz Size/MD5 checksum: 3932827 40cb2fb2852c48b6da11ef1e0c59a8fa http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.5_all.deb Size/MD5 checksum:81100 0382c2c77051367e8efd9d3d933f85ef http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.5_all.deb Size/MD5 checksum: 4259616 a87291ee36a46fc9c5c040f83afa7f9f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.5_all.deb Size/MD5 checksum: 46858178 d62d102e8478bb14caa6d0303c68ff6b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb Size/MD5 checksum: 749438 9312478438ae81439074ceec72d3a349 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.5_all.deb Size/MD5 checksum: 1548872 1a56b95a09b2caf8e6347578755d5ba6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb Size/MD5 checksum:95464 9950e248bbe489b6fb60e3e9af1c alpha architecture (DEC Alpha) http
[Full-disclosure] [SECURITY] [DSA 1630-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1630-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier Aug 21, 2008http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : denial of service/information leak Problem type : several Debian-specific: no CVE Id(s) : CVE-2007-6282 CVE-2008-0598 CVE-2008-2729 CVE-2008-2812 CVE-2008-2826 CVE-2008-2931 CVE-2008-3272 CVE-2008-3275 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6282 Dirk Nehring discovered a vulnerability in the IPsec code that allows remote users to cause a denial of service by sending a specially crafted ESP packet. CVE-2008-0598 Tavis Ormandy discovered a vulnerability that allows local users to access uninitialized kernel memory, possibly leaking sensitive data. This issue is specific to the amd64-flavour kernel images. CVE-2008-2729 Andi Kleen discovered an issue where uninitialized kernel memory was being leaked to userspace during an exception. This issue may allow local users to gain access to sensitive data. Only the amd64-flavour Debian kernel images are affected. CVE-2008-2812 Alan Cox discovered an issue in multiple tty drivers that allows local users to trigger a denial of service (NULL pointer dereference) and possibly obtain elevated privileges. CVE-2008-2826 Gabriel Campana discovered an integer overflow in the sctp code that can be exploited by local users to cause a denial of service. CVE-2008-2931 Miklos Szeredi reported a missing privilege check in the do_change_type() function. This allows local, unprivileged users to change the properties of mount points. CVE-2008-3272 Tobias Klein reported a locally exploitable data leak in the snd_seq_oss_synth_make_info() function. This may allow local users to gain access to sensitive information. CVE-2008-3275 Zoltan Sogor discovered a coding error in the VFS that allows local users to exploit a kernel memory leak resulting in a denial of service. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-22etch2. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.22etch2 user-mode-linux 2.6.18-1um-2etch.22etch2 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-22etch2.diff.gz Size/MD5 checksum: 5378366 80a876fbcded8984ff47308cf2ece776 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch2.dsc Size/MD5 checksum: 740 080fa46e372743186c973658347ceee1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.22etch2.dsc Size/MD5 checksum: 892 30580beb633eb4806c40d659f552cd88 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-22etch2.dsc Size/MD5 checksum: 5672 780d93329a4cedaad9d0539c1cc400ac http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.22etch2.diff.gz Size/MD5 checksum:18180 2b9bbd3f4bcc3852320fc60d6947607e http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch2.tar.gz Size/MD5 checksum:56550 01fd54902e7ac7c3035c5176f1deae3c
[Full-disclosure] [SECURITY] [DSA 1592-2] New Linux 2.6.18 packages fix overflow conditions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1592-2[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier Jun 09, 2008http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : heap overflow Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2008-1673 CVE-2008-2358 Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1673 Wei Wang from McAfee reported a potential heap overflow in the ASN.1 decode code that is used by the SNMP NAT and CIFS subsystem. Exploitation of this issue may lead to arbitrary code execution. This issue is not believed to be exploitable with the pre-built kernel images provided by Debian, but it might be an issue for custom images built from the Debian-provided source package. CVE-2008-2358 Brandon Edwards of McAfee Avert labs discovered an issue in the DCCP subsystem. Due to missing feature length checks it is possible to cause an overflow they may result in remote arbitrary code execution. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch6. This updated advisory adds the linux-2.6 build for mipsel which was not yet available at the time of DSA-1592-1. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.18etch6 user-mode-linux 2.6.18-1um-2etch.18etch6 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch6.diff.gz Size/MD5 checksum: 5352776 53665fdbfd435768445f5769815a6f0f http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch6.dsc Size/MD5 checksum: 892 19fedcf7c50efef11cafccae07e0633e http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch6.dsc Size/MD5 checksum: 740 6d352c2fd23224c19ce6bd5f16e426a2 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch6.diff.gz Size/MD5 checksum:17450 e69f4b95dd204d627a5f45b1912fb428 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch6.dsc Size/MD5 checksum: 5672 ad355fcc4fd43b811ea42d25e453f07b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch6.tar.gz Size/MD5 checksum:55758 da75950eb5b906da82a0eb14e3df0a24 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-18etch6_all.deb Size/MD5 checksum: 3718034 4a0772868c474a21d84a5759109fead8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-18etch6_all.deb Size/MD5 checksum: 1084558 3339b6103ae3d4b978a2f793b6c7b4a4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-18etch6_all.deb Size/MD5 checksum: 41461134 0b1d8c9944f19c4ab4fe6ba26149724d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-18etch6_all.deb Size/MD5 checksum:54744 21d56790fe466ad9835168c4200fc83d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-18etch6_all.deb Size/MD5 checksum: 3589420 9b6d24f908606a6fb80d6ba6d5b162fd http://security.debian.org/pool/updates
[Full-disclosure] [SECURITY] [DSA 1592-1] New Linux 2.6.18 packages fix overflow conditions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1592-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier Jun 09, 2008http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : heap overflow Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2008-1673 CVE-2008-2358 Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1673 Wei Wang from McAfee reported a potential heap overflow in the ASN.1 decode code that is used by the SNMP NAT and CIFS subsystem. Exploitation of this issue may lead to arbitrary code execution. This issue is not believed to be exploitable with the pre-built kernel images provided by Debian, but it might be an issue for custom images built from the Debian-provided source package. CVE-2008-2358 Brandon Edwards of McAfee Avert labs discovered an issue in the DCCP subsystem. Due to missing feature length checks it is possible to cause an overflow they may result in remote arbitrary code execution. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch6. The linux-2.6/mipsel build was not yet available at the time of this advisory. This advisory will be updated when this this build becomes available. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.18etch6 user-mode-linux 2.6.18-1um-2etch.18etch6 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, powerpc, s390 and sparc. http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch6.diff.gz Size/MD5 checksum: 5352776 53665fdbfd435768445f5769815a6f0f http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch6.dsc Size/MD5 checksum: 892 19fedcf7c50efef11cafccae07e0633e http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch6.dsc Size/MD5 checksum: 740 6d352c2fd23224c19ce6bd5f16e426a2 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch6.diff.gz Size/MD5 checksum:17450 e69f4b95dd204d627a5f45b1912fb428 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch6.dsc Size/MD5 checksum: 5672 ad355fcc4fd43b811ea42d25e453f07b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch6.tar.gz Size/MD5 checksum:55758 da75950eb5b906da82a0eb14e3df0a24 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-18etch6_all.deb Size/MD5 checksum: 3718034 4a0772868c474a21d84a5759109fead8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-18etch6_all.deb Size/MD5 checksum: 1084558 3339b6103ae3d4b978a2f793b6c7b4a4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-18etch6_all.deb Size/MD5 checksum: 41461134 0b1d8c9944f19c4ab4fe6ba26149724d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-18etch6_all.deb Size/MD5 checksum:54744 21d56790fe466ad9835168c4200fc83d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-18etch6_all.deb Size/MD5 checksum: 3589420 9b6d24f908606a6fb80d6ba6d5b162fd http
[Full-disclosure] [SECURITY] [DSA 1588-2] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1588-2[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier May 30, 2008http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : denial of service Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2007-6712 CVE-2008-1615 CVE-2008-2136 CVE-2008-2137 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6712 Johannes Bauer discovered an integer overflow condition in the hrtimer subsystem on 64-bit systems. This can be exploited by local users to trigger a denial of service (DoS) by causing the kernel to execute an infinite loop. CVE-2008-1615 Jan Kratochvil reported a local denial of service condition that permits local users on systems running the amd64 flavor kernel to cause a system crash. CVE-2008-2136 Paul Harks discovered a memory leak in the Simple Internet Transition (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited by remote users to cause a denial of service condition. CVE-2008-2137 David Miller and Jan Lieskovsky discovered issues with the virtual address range checking of mmaped regions on the sparc architecture that may be exploited by local users to cause a denial of service. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch5. This updated advisory adds the linux-2.6 build for s390 and the fai-kernels build for powerpc which were not yet available at the time of DSA-1588-1. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.18etch5 user-mode-linux 2.6.18-1um-2etch.18etch5 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch5.dsc Size/MD5 checksum: 5672 70da3d3fa9c813c51429d8b5d3b2e8ea http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch5.dsc Size/MD5 checksum: 740 94f5cb267a06c1dec878da90b9f1dd83 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch5.diff.gz Size/MD5 checksum: 5351147 abe5e0484f16f812708afc484e161bc5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch5.diff.gz Size/MD5 checksum:17351 2f7dba888df3958188615ea041eca743 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch5.tar.gz Size/MD5 checksum:55660 0538ff4f7178e76ea127ebef056d6b06 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch5.dsc Size/MD5 checksum: 892 be5c0a2ad62acc5172513a9ce287c94c Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-18etch5_all.deb Size/MD5 checksum: 41462358 4a72841c24a18efce23193d77f367fe1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-18etch5_all.deb Size/MD5 checksum: 3718002 4f526d410be4803e0caa37b49447f4d2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-18etch5_all.deb Size/MD5 checksum: 1083076 615903cc33714c0cfa8dbcc48772a939 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1
[Full-disclosure] [SECURITY] [DSA 1588-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1588-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier May 27, 2008http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : denial of service Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2007-6712 CVE-2008-1615 CVE-2008-2136 CVE-2008-2137 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6712 Johannes Bauer discovered an integer overflow condition in the hrtimer subsystem on 64-bit systems. This can be exploited by local users to trigger a denial of service (DoS) by causing the kernel to execute an infinite loop. CVE-2008-1615 Jan Kratochvil reported a local denial of service condition that permits local users on systems running the amd64 flavor kernel to cause a system crash. CVE-2008-2136 Paul Harks discovered a memory leak in the Simple Internet Transition (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited by remote users to cause a denial of service condition. CVE-2008-2137 David Miller and Jan Lieskovsky discovered issues with the virtual address range checking of mmaped regions on the sparc architecture that may be exploited by local users to cause a denial of service. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch5. Builds for linux-2.6/s390 and fai-kernels/powerpc were not yet available at the time of this advisory. This advisory will be updated as these builds become available. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.18etch5 user-mode-linux 2.6.18-1um-2etch.18etch5 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch5.dsc Size/MD5 checksum: 5672 70da3d3fa9c813c51429d8b5d3b2e8ea http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch5.dsc Size/MD5 checksum: 740 94f5cb267a06c1dec878da90b9f1dd83 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch5.diff.gz Size/MD5 checksum: 5351147 abe5e0484f16f812708afc484e161bc5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch5.diff.gz Size/MD5 checksum:17351 2f7dba888df3958188615ea041eca743 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch5.tar.gz Size/MD5 checksum:55660 0538ff4f7178e76ea127ebef056d6b06 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch5.dsc Size/MD5 checksum: 892 be5c0a2ad62acc5172513a9ce287c94c Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-18etch5_all.deb Size/MD5 checksum: 41462358 4a72841c24a18efce23193d77f367fe1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-18etch5_all.deb Size/MD5 checksum: 3718002 4f526d410be4803e0caa37b49447f4d2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-18etch5_all.deb Size/MD5 checksum: 1083076 615903cc33714c0cfa8dbcc48772a939 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1
[Full-disclosure] [SECURITY] [DSA 1575-1] New Linux 2.6.18 packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1575-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier May 12, 2008http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-1669 A vulnerability has been discovered in the Linux kernel that may lead to a denial of service. The Common Vulnerabilities and Exposures project identifies the following problem: CVE-2008-1669 Alexander Viro discovered a race condition in the fcntl code that may permit local users on multi-processor systems to execute parallel code paths that are otherwise prohibited and gain re-ordered access to the descriptor table. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch4. For the unstable distribution(sid), this problem has been fixed in version 2.6.25-2. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.18etch4 user-mode-linux 2.6.18-1um-2etch.18etch4 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch4.diff.gz Size/MD5 checksum: 5380601 fdeea171383e4f2b28681cb57e18311f http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch4.diff.gz Size/MD5 checksum:17055 e671d2d9ed938611fac71e45908671d3 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch4.tar.gz Size/MD5 checksum:55356 a95f284c712b322474ebd24519035b92 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch4.dsc Size/MD5 checksum: 892 12943999e33ef77f6550ca04ccd5c364 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch4.dsc Size/MD5 checksum: 5672 82556c696d9f9f1c320a0975ef31ac02 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch4.dsc Size/MD5 checksum: 740 e5937aef10d1ef2d190f1a04275e3dcb Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-18etch4_all.deb Size/MD5 checksum: 3738628 e03d1f066003e55b56b076a6d5bfe9c2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-18etch4_all.deb Size/MD5 checksum: 1082922 8196102aa4d116568276243f8faffecb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-18etch4_all.deb Size/MD5 checksum: 41465144 e9886e618ae60e2b9ab2c5820dce8afc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-18etch4_all.deb Size/MD5 checksum: 1587588 2fd1d00e29e82a591ea56efa920774b4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-18etch4_all.deb Size/MD5 checksum:54370 4586baf53f0e4bddc31fbf75889568e9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-18etch4_all.deb Size/MD5 checksum: 3590096 06cd3697db0fea75ee231c0eb2bbcce3 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch4_alpha.deb Size/MD5 checksum: 23462536 5ad2334df61a2f25159154b78718c540 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18
[Full-disclosure] [SECURITY] [DSA 1565-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1565-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier May 1, 2008 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : several vulnerabilities Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-6694 CVE-2008-0007 CVE-2008-1294 CVE-2008-1375 Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6694 Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). CVE-2008-0007 Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. CVE-2008-1294 David Peer discovered that users could escape administrator imposed cpu time limitations (RLIMIT_CPU) by setting a limit of 0. CVE-2008-1375 Alexander Viro discovered a race condition in the directory notification subsystem that allows local users to cause a Denial of Service (oops) and possibly result in an escalation of priveleges. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch3. The unstable (sid) and testing distributions will be fixed soon. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.18etch3 user-mode-linux 2.6.18-1um-2etch.18etch3 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch3.dsc Size/MD5 checksum: 740 950fed7ed7c289cfea9c1b39f0f41bc0 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch2.dsc Size/MD5 checksum: 740 6f6faa132a53e808bcc61823d140290a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch3.diff.gz Size/MD5 checksum: 5395308 ae08d42b58cd3cf93a23fe31615ac2fd http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch3.dsc Size/MD5 checksum: 892 ca5cdee7568704bc9f6c58f786d0daae http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch3.tar.gz Size/MD5 checksum:55267 981e9a0a1d79b1605164588eef7da492 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch3.dsc Size/MD5 checksum: 5672 4e4714f542968b30b2c3f94e203e1e04 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch2.tar.gz Size/MD5 checksum:55185 0a46d75b3ced870a96ea41b900f1ecaa http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch2.diff.gz Size/MD5 checksum:16873 868c1f27ad2c8db782bbd2bdc3618d70 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch2.dsc Size/MD5 checksum: 892 52c602d55bdc301a0622ed8a63745f29 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch3.diff.gz Size/MD5 checksum:16968 ff1657e11545a0f557b623962c52 Architecture independent packages: http://security.debian.org/pool
[Full-disclosure] [SECURITY] [DSA 1505-1] New alsa-driver packages fix kernel memory leak
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1505 [EMAIL PROTECTED] http://www.debian.org/security/ dann frazier February 22, 2008 http://www.debian.org/security/faq - Package: alsa-driver Vulnerability : kernel memory leak Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-4571 Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module. Local users could exploit this issue to obtain sensitive information from the kernel (CVE-2007-4571). For the stable distribution (etch), this problem has been fixed in version 1.0.13-5etch1. This issue was already fixed for the version of ALSA provided by linux-2.6 in DSA 1479. For the oldstable distribution (sarge), this problem has been fixed in version 1.0.8-7sarge1. The prebuilt modules provided by alsa-modules-i386 have been rebuilt to take advantage of this update, and are available in version 1.0.8+2sarge2. For the unstable distributions (sid), this problem was fixed in version 1.0.15-1. We recommend that you upgrade your alsa-driver and alsa-modules-i386 packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The prebuilt modules update coincides with an ABI change in the 2.4.27 kernel in oldstable (see DSA 1503). If you are using the prebuilt modules provided by one of the alsa-modules-i386 packages, you will need to update your kernel to the new ABI before you can use the updated version of that package. For more information about Debian kernel ABI changes, see: http://wiki.debian.org/DebianKernelABIChanges Any modules manually built from the alsa-source package will need to be rebuilt against the updated alsa-source package to inherit this fix. You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.8-7sarge1.dsc Size/MD5 checksum: 856 948be734bc12fb0ff08dfc1955d5e77d http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.8-7sarge1.diff.gz Size/MD5 checksum: 150046 050e64b0872e80fb3151a4392d80dd08 http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.8.orig.tar.gz Size/MD5 checksum: 2493810 5d5e44e35ed109e2c293a20bd9d68489 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-i386_1.0.8+2sarge2.dsc Size/MD5 checksum: 1121 2e094a561912a0acf6cc5edf3f122ca8 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-i386_1.0.8+2sarge2.tar.gz Size/MD5 checksum: 5249 1604fe719636c98547f287653a7cf0a8 Architecture independent packages: http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-headers_1.0.8-7sarge1_all.deb Size/MD5 checksum:13140 faa9b7ad33aeaa2dd7855616b9744a08 http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-source_1.0.8-7sarge1_all.deb Size/MD5 checksum: 2003186 e5d0518e4fce125fe34a3fa22693e462 http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-base_1.0.8-7sarge1_all.deb Size/MD5 checksum: 113854 7f369a8728e533884cd2ff081047f18a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-386_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 1262528 ff0e8032f0ea8b5ea174c97a7dd20da7 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-686_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 1369022 2c141d44bb23f0ff23fc4051a064dbe9 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-386_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 4396 7329077b0171010fb61d5c3bc18eb306 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-k7-smp_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 1381190 874346a5f9bbce101ce1effbb10209aa http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-k7-smp_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 4478 172afe01c05d84d413c730f92265d985 http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-686-smp_1.0.8+2sarge2_i386.deb Size/MD5 checksum: 1412810 cc8bf0b6f778ca428dd1f2aa219898a7 http
[Full-disclosure] [SECURITY] [DSA 1504-1] New Linux kernel 2.6.8 packages fix several issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1504 [EMAIL PROTECTED] http://www.debian.org/security/ dann frazier February 22, 2008 http://www.debian.org/security/faq - Package: kernel-source-2.6.8 (2.6.8-17sarge1) Vulnerability : several Problem-Type : local Debian-specific: no CVE ID : CVE-2006-5823 CVE-2006-6054 CVE-2006-6058 CVE-2006-7203 CVE-2007-1353 CVE-2007-2172 CVE-2007-2525 CVE-2007-3105 CVE-2007-3739 CVE-2007-3740 CVE-2007-3848 CVE-2007-4133 CVE-2007-4308 CVE-2007-4573 CVE-2007-5093 CVE-2007-6063 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-5823 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem. CVE-2006-6054 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext2 filesystem. CVE-2006-6058 LMH reported an issue in the minix filesystem that allows local users with mount privileges to create a DoS (printk flood) by mounting a specially crafted corrupt filesystem. CVE-2006-7203 OpenVZ Linux kernel team reported an issue in the smbfs filesystem which can be exploited by local users to cause a DoS (oops) during mount. CVE-2007-1353 Ilja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory. CVE-2007-2172 Thomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update. CVE-2007-2525 Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory. CVE-2007-3105 The PaX Team discovered a potential buffer overflow in the random number generator which may permit local users to cause a denial of service or gain additional privileges. This issue is not believed to effect default Debian installations where only root has sufficient privileges to exploit it. CVE-2007-3739 Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. CVE-2007-3740 Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentinally relaxed permissions. CVE-2007-3848 Wojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries. CVE-2007-4133 Hugh Dickins discovered a potential local DoS (panic) in hugetlbfs. A misconversion of hugetlb_vmtruncate_list to prio_tree may allow local users to trigger a BUG_ON() call in exit_mmap. CVE-2007-4308 Alan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges. CVE-2007-4573 Wojciech Purczynski discovered a vulnerability that can be exploited by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavour. CVE-2007-5093 Alex Smith discovered an issue with the pwc driver for certain webcam devices. If the device is removed while a userspace application has it open, the driver will wait for userspace to close the device, resulting in a blocked USB subsystem. This issue is of low security impact as it requires the attacker to either have physical access to the system or to convince a user with local access to remove the device on their behalf. CVE-2007-6063 Venustech AD-LAB discovered a a buffer overflow in the isdn
[Full-disclosure] [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 packages fix several issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1503 [EMAIL PROTECTED] http://www.debian.org/security/ dann frazier February 22, 2008 http://www.debian.org/security/faq - Package: kernel-source-2.4.27 (2.4.27-10sarge6) Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE ID : CVE-2004-2731 CVE-2006-4814 CVE-2006-5753 CVE-2006-5823 CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353 CVE-2007-1592 CVE-2007-2172 CVE-2007-2525 CVE-2007-3848 CVE-2007-4308 CVE-2007-4311 CVE-2007-5093 CVE-2007-6063 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2004-2731 infamous41md reported multiple integer overflows in the Sbus PROM driver that would allow for a DoS (Denial of Service) attack by a local user, and possibly the execution of arbitrary code. CVE-2006-4814 Doug Chapman discovered a potential local DoS (deadlock) in the mincore function caused by improper lock handling. CVE-2006-5753 Eric Sandeen provided a fix for a local memory corruption vulnerability resulting from a misinterpretation of return values when operating on inodes which have been marked bad. CVE-2006-5823 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem. CVE-2006-6053 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext3 filesystem. CVE-2006-6054 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext2 filesystem. CVE-2006-6106 Marcel Holtman discovered multiple buffer overflows in the Bluetooth subsystem which can be used to trigger a remote DoS (crash) and potentially execute arbitray code. CVE-2007-1353 Ilja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory. CVE-2007-1592 Masayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops). CVE-2007-2172 Thomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update. CVE-2007-2525 Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory. CVE-2007-3848 Wojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries. CVE-2007-4308 Alan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges. CVE-2007-4311 PaX team discovered an issue in the random driver where a defect in the reseeding code leads to a reduction in entropy. CVE-2007-5093 Alex Smith discovered an issue with the pwc driver for certain webcam devices. If the device is removed while a userspace application has it open, the driver will wait for userspace to close the device, resulting in a blocked USB subsystem. This issue is of low security impact as it requires the attacker to either have physical access to the system or to convince a user with local access to remove the device on their behalf. CVE-2007-6063 Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl handling, exploitable by a local user. CVE-2007-6151 ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory leading by issuing ioctls with unterminated data. CVE-2007-6206 Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core
[Full-disclosure] [SECURITY] [DSA 1494-2] New linux-2.6 packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1494-2[EMAIL PROTECTED] http://www.debian.org/security/ Florian Weimer, dann frazier February 12, 2008 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : missing access checks Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-0010 CVE-2008-0163 CVE-2008-0600 The vmsplice system call did not properly verify address arguments passed by user space processes, which allowed local attackers to overwrite arbitrary kernel memory, gaining root privileges (CVE-2008-0010, CVE-2008-0600). In the vserver-enabled kernels, a missing access check on certain symlinks in /proc enabled local attackers to access resources in other vservers (CVE-2008-0163). For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch1. In addition to these fixes, this update also incorporates changes from the upcoming point release of the stable distribution. Some architecture builds were not yet available at the time of DSA-1494-1. This update to DSA-1494 provides linux-2.6 packages for these remaining architectures, as well as additional binary packages that are built from source code provided by linux-2.6. The old stable distribution (sarge) is not affected by this problem. The unstable (sid) and testing distributions will be fixed soon. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.18etch1 user-mode-linux 2.6.18-1um-2etch.18etch1 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, sparc and s390. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch1.diff.gz Size/MD5 checksum: 5379550 6a28d0278e4abe270c0c1f69ed463b9c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch1.dsc Size/MD5 checksum: 5680 684a9ddb3b6975ce30764b26377f9162 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch1.dsc Size/MD5 checksum: 740 42ad7f3b4925c86466a12f6af1f60d34 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch1.tar.gz Size/MD5 checksum:56178 1d940e99b60ea13d97af2a2c7091b7ca http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch1.dsc Size/MD5 checksum: 892 a316e3449f9cd0bbf497ad704c1d78ec http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch1.diff.gz Size/MD5 checksum:16048 b62c78f80dbe59c81827b4d7cf1c3997 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-18etch1_all.deb Size/MD5 checksum: 3753320 1e23b46c2d099b80cc0502c1ebb72e1b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-18etch1_all.deb Size/MD5 checksum:53924 5bd9cd783c6e8fdc37ccfe767578616d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-18etch1_all.deb Size/MD5 checksum: 1582740 8f6c460f657f081dcb367688ddf695a7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-18etch1_all.deb Size/MD5 checksum: 42181646 6d8046bfab1037093850d4194ab7e205 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-18etch1_all.deb Size/MD5 checksum: 1105710 744ef385a2799906634ea3bb0c96e481 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18
[Full-disclosure] [SECURITY] [DSA 1436-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1436-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier December 20th, 2007 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : several Problem-Type : local Debian-specific: no CVE ID : CVE-2006-6058 CVE-2007-5966 CVE-2007-6063 CVE-2007-6206 CVE-2007-6417 Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-6058 LMH reported an issue in the minix filesystem that allows local users with mount privileges to create a DoS (printk flood) by mounting a specially crafted corrupt filesystem. CVE-2007-5966 Warren Togami discovered an issue in the hrtimer subsystem that allows a local user to cause a DoS (soft lockup) by requesting a timer sleep for a long period of time leading to an integer overflow. CVE-2007-6063 Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl handling, exploitable by a local user. CVE-2007-6206 Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. CVE-2007-6417 Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch6. The following matrix lists additional packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.13etch6 user-mode-linux 2.6.18-1um-2etch.13etch6 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch6.dsc Size/MD5 checksum: 5672 863a2970b1127f1153c87f1180cc4320 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch6.diff.gz Size/MD5 checksum: 5339982 f31fc2e3f3258488eaff03c0ff25a2c6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch6.dsc Size/MD5 checksum: 740 58fb42d955417a79ec2c90a02d7f6038 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch6.tar.gz Size/MD5 checksum:55222 220eb2bded2b3163b197ab036b114fc9 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch6.dsc Size/MD5 checksum: 892 e0fa554911fa41d2efcb2882b0609d24 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch6.diff.gz Size/MD5 checksum:15179 9680aeea48a27d5a31aedf3c7f00d6ef http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 Architecture independent components: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch6_all.deb Size/MD5 checksum: 3588370 f41b002c7fa48204ec849d40b4854fd2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch6_all.deb Size/MD5 checksum: 1084760 a0d7ce49bb5038cf2a1730ddc1f0f022 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch6_all.deb Size/MD5 checksum: 1523992
[Full-disclosure] [SECURITY] [DSA 1428-2] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1428-2[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier December 11th, 2007 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE ID : CVE-2007-3104 CVE-2007-4997 CVE-2007-5500 CVE-2007-5904 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: This is an update to DSA 1428-1 which omitted a reference to CVE-2007-5904. CVE-2007-3104 Eric Sandeen provided a backport of Tejun Heo's fix for a local denial of service vulnerability in sysfs. Under memory pressure, a dentry structure maybe reclaimed resulting in a bad pointer dereference causing an oops during a readdir. CVE-2007-4997 Chris Evans discovered an issue with certain drivers that make use of the Linux kernel's ieee80211 layer. A remote user could generate a malicious 802.11 frame that could result in a denial of service (crash). The ipw2100 driver is known to be affected by this issue, while the ipw2200 is believed not to be. CVE-2007-5500 Scott James Remnant diagnosed a coding error in the implementation of ptrace which could be used by a local user to cause the kernel to enter an infinite loop. CVE-2007-5904 Przemyslaw Wegrzyn discovered an issue in the CIFS filesystem that could allow a malicious server to cause a denial of service (crash) by overflowing a buffer. These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch5. The following matrix lists additional packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.13etch5 user-mode-linux 2.6.18-1um-2etch.13etch5 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch5.dsc Size/MD5 checksum: 5672 390c88b29fe653c12f7018972b1695bc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch5.diff.gz Size/MD5 checksum: 5346730 d4a7f5af03847fd4bd0fcb3c60d5a4d0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch5.dsc Size/MD5 checksum: 740 3ae815ccec78eeb526c0c79092b1edfa http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch5.tar.gz Size/MD5 checksum:54893 693538d4949750917d0ee76900f1161b http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch5.dsc Size/MD5 checksum: 892 b51719d9d6aa64d2ab6e393dcfb78a4e http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch5.diff.gz Size/MD5 checksum:14898 9369f1a12b7fcbba4d34efd07bd42c91 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 Architecture independent components: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch5_all.deb Size/MD5 checksum: 3749030 dfe5d1d809db9b0d7fa2e4cfb3994f41 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch5_all.deb Size/MD5 checksum: 1102996 906d72085e36fb0891075234f5307aef http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch5_all.deb Size/MD5 checksum
[Full-disclosure] [SECURITY] [DSA 1481-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1428-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier December 10th, 2007 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE ID : CVE-2007-3104 CVE-2007-4997 CVE-2007-5500 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3104 Eric Sandeen provided a backport of Tejun Heo's fix for a local denial of service vulnerability in sysfs. Under memory pressure, a dentry structure maybe reclaimed resulting in a bad pointer dereference causing an oops during a readdir. CVE-2007-4997 Chris Evans discovered an issue with certain drivers that make use of the Linux kernel's ieee80211 layer. A remote user could generate a malicious 802.11 frame that could result in a denial of service (crash). The ipw2100 driver is known to be affected by this issue, while the ipw2200 is believed not to be. CVE-2007-5500 Scott James Remnant diagnosed a coding error in the implementation of ptrace which could be used by a local user to cause the kernel to enter an infinite loop. These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch5. The following matrix lists additional packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.13etch5 user-mode-linux 2.6.18-1um-2etch.13etch5 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch5.dsc Size/MD5 checksum: 5672 390c88b29fe653c12f7018972b1695bc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch5.diff.gz Size/MD5 checksum: 5346730 d4a7f5af03847fd4bd0fcb3c60d5a4d0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch5.dsc Size/MD5 checksum: 740 3ae815ccec78eeb526c0c79092b1edfa http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch5.tar.gz Size/MD5 checksum:54893 693538d4949750917d0ee76900f1161b http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch5.dsc Size/MD5 checksum: 892 b51719d9d6aa64d2ab6e393dcfb78a4e http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch5.diff.gz Size/MD5 checksum:14898 9369f1a12b7fcbba4d34efd07bd42c91 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 Architecture independent components: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch5_all.deb Size/MD5 checksum: 3749030 dfe5d1d809db9b0d7fa2e4cfb3994f41 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch5_all.deb Size/MD5 checksum: 1102996 906d72085e36fb0891075234f5307aef http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch5_all.deb Size/MD5 checksum: 1517932 02d89435b8513826e56b3d77ba321100 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-13etch5_all.deb Size/MD5 checksum: 42114292 9fb346134b26571afb1c7097be826d9e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.1
[Full-disclosure] [SECURITY] [DSA 1381-2] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1381-2[EMAIL PROTECTED]
http://www.debian.org/security/ Dann Frazier
October 12th, 2007 http://www.debian.org/security/faq
- --
Package: linux-2.6
Vulnerability : several
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-5755 CVE-2007-4133 CVE-2007-4573 CVE-2007-5093
Several local vulnerabilities have been discovered in the Linux kernel
that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2006-5755
The NT bit maybe leaked into the next task which can local attackers
to cause a Denial of Service (crash) on systems which run the 'amd64'
flavour kernel. The stable distribution ('etch') was not believed to
be vulnerable to this issue at the time of release, however Bastian
Blank discovered that this issue still applied to the 'xen-amd64' and
'xen-vserver-amd64' flavours, and is resolved by this DSA.
CVE-2007-4133
Hugh Dickins discovered a potential local DoS (panic) in hugetlbfs.
A misconversion of hugetlb_vmtruncate_list to prio_tree may allow
local users to trigger a BUG_ON() call in exit_mmap.
CVE-2007-4573
Wojciech Purczynski discovered a vulnerability that can be exploited
by a local user to obtain superuser privileges on x86_64 systems.
This resulted from improper clearing of the high bits of registers
during ia32 system call emulation. This vulnerability is relevant
to the Debian amd64 port as well as users of the i386 port who run
the amd64 linux-image flavour.
DSA-1378 resolved this problem for the 'amd64' flavour kernels, but
Tim Wickberg and Ralf Hemmenst?dt reported an outstanding issue with
the 'xen-amd64' and 'xen-vserver-amd64' issues that is resolved by
this DSA.
CVE-2007-5093
Alex Smith discovered an issue with the pwc driver for certain webcam
devices. If the device is removed while a userspace application has it
open, the driver will wait for userspace to close the device, resulting
in a blocked USB subsystem. This issue is of low security impact as
it requires the attacker to either have physical access to the system
or to convince a user with local access to remove the device on their
behalf.
These problems have been fixed in the stable distribution in version
2.6.18.dfsg.1-13etch4.
This is an update to DSA-1381-1 which included only amd64 binaries for
linux-2.6. Builds for all other architectures are now available, as well as
rebuilds of ancillary packages that make use of the included linux source.
The following matrix lists additional packages that were rebuilt for
compatability with or to take advantage of this update:
Debian 4.0 (etch)
fai-kernels 1.17+etch.13etch4
kernel-patch-openvz 028.18.1etch5
user-mode-linux 2.6.18-1um-2etch.13etch4
We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.
Upgrade Instructions
-
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
-
Source archives:
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch4.dsc
Size/MD5 checksum: 740 6dd1d21aea0566d84f12a4dcffa7d791
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch4.tar.gz
Size/MD5 checksum:54614 886f8a7388d3063b30cbab365c9fd4cb
http://security.debian.org/pool/updates/main/k/kernel-patch-openvz/kernel-patch-openvz_028.18.1etch5.dsc
Size/MD5 checksum: 588 409655afa6a2969a5a2fae79c767c9cc
http://security.debian.org/pool/updates/main/k/kernel-patch-openvz/kernel-patch-openvz_028.18.1etch5.tar.gz
Size/MD5 checksum: 1578706 5a8084827360750b14648d5b997647e4
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch4.dsc
Size/MD5 checksum: 5672 37f70bdc04b866a5dbcaa8f849be618a
http://security.debian.org/pool/updates/main/l/linux-2.6/lin
[Full-disclosure] [SECURITY] [DSA 1381-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1381-1[EMAIL PROTECTED]
http://www.debian.org/security/ Dann Frazier
October 2nd, 2007 http://www.debian.org/security/faq
- --
Package: linux-2.6
Vulnerability : several
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-5755 CVE-2007-4133 CVE-2007-4573 CVE-2007-5093
Several local vulnerabilities have been discovered in the Linux kernel
that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2006-5755
The NT bit maybe leaked into the next task which can local attackers
to cause a Denial of Service (crash) on systems which run the 'amd64'
flavour kernel. The stable distribution ('etch') was not believed to
be vulnerable to this issue at the time of release, however Bastian
Blank discovered that this issue still applied to the 'xen-amd64' and
'xen-vserver-amd64' flavours, and is resolved by this DSA.
CVE-2007-4133
Hugh Dickins discovered a potential local DoS (panic) in hugetlbfs.
A misconversion of hugetlb_vmtruncate_list to prio_tree may allow
local users to trigger a BUG_ON() call in exit_mmap.
CVE-2007-4573
Wojciech Purczynski discovered a vulnerability that can be exploited
by a local user to obtain superuser privileges on x86_64 systems.
This resulted from improper clearing of the high bits of registers
during ia32 system call emulation. This vulnerability is relevant
to the Debian amd64 port as well as users of the i386 port who run
the amd64 linux-image flavour.
DSA-1378 resolved this problem for the 'amd64' flavour kernels, but
Tim Wickberg and Ralf Hemmenst?dt reported an outstanding issue with
the 'xen-amd64' and 'xen-vserver-amd64' issues that is resolved by
this DSA.
CVE-2007-5093
Alex Smith discovered an issue with the pwc driver for certain webcam
devices. If the device is removed while a userspace application has it
open, the driver will wait for userspace to close the device, resulting
in a blocked USB subsystem. This issue is of low security impact as
it requires the attacker to either have physical access to the system
or to convince a user with local access to remove the device on their
behalf.
These problems have been fixed in the stable distribution in version
2.6.18.dfsg.1-13etch4.
At the time of this DSA, only the build for the amd64 architecture is
available. Due to the severity of the amd64-specific issues, we are
releasing an incomplete update. This advisory will be updated once
other architecture builds become available.
We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.
Upgrade Instructions
-
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
-
Source archives:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch4.dsc
Size/MD5 checksum: 5672 37f70bdc04b866a5dbcaa8f849be618a
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch4.diff.gz
Size/MD5 checksum: 5321790 7bc41f428b95ef6fe99361ca8854e6da
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060
Architecture independent components:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch4_all.deb
Size/MD5 checksum: 3586640 3bd5240a2610896cc497c62eb88b155c
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch4_all.deb
Size/MD5 checksum: 1083674 f8c4bf0032e87733d2ee3f2f1f739f9d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch4_all.deb
Size/MD5 checksum: 1499612 10c0c285c4183493633f2b29f6036d14
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-13etch4_all.deb
Size/MD5 checksum: 41419632
[Full-disclosure] [SECURITY] [DSA 1365-3] New id3lib3.8.3 packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - -- Debian Security Advisory DSA 1365-3[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff, Dann Frazier October 2nd, 2007 http://www.debian.org/security/faq - - -- Package: id3lib3.8.3 Vulnerability : programming error Problem-Type : local Debian-specific: no CVE ID : CVE-2007-4460 Debian Bug : 438540 Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks. This update to DSA-1365-2 provides missing packages for the mipsel architecture for the stable distribution (etch). For the oldstable distribution (sarge) this problem has been fixed in version 3.8.3-4.1sarge1. For the stable distribution (etch) this problem has been fixed in version 3.8.3-6etch1. For the unstable distribution (sid) this problem has been fixed in version 3.8.3-7. We recommend that you upgrade your id3lib3.8.3 packages. Upgrade Instructions - - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - - Source archives: http://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-4.1sarge1.dsc Size/MD5 checksum: 655 94eda5191994c0dbe0146a85a9e94737 http://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-4.1sarge1.diff.gz Size/MD5 checksum: 134382 b45300bc3341dbedf90f4c593462794f http://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3.orig.tar.gz Size/MD5 checksum: 950726 19f27ddd2dda4b2d26a559a4f0f402a7 Alpha architecture: http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_alpha.deb Size/MD5 checksum: 200738 a089ad12c4ddd30a4f6fdb340b3c9c26 http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_alpha.deb Size/MD5 checksum: 358668 6a3178d16f20a2a4228133a0f692d197 AMD64 architecture: http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_amd64.deb Size/MD5 checksum: 190378 90cfc4e6ab66afc0618946eda78ce66d http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_amd64.deb Size/MD5 checksum: 295174 79e8d0882c54ffceabff4b4b527317cb ARM architecture: http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_arm.deb Size/MD5 checksum: 204106 ae12d537affbc35f82517dbba061b332 http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_arm.deb Size/MD5 checksum: 322872 607fdb462573a9d022338c5f011363e0 HP Precision architecture: http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_hppa.deb Size/MD5 checksum: 213312 5279c3416cd3d0c301439a8de2b70ee7 http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_hppa.deb Size/MD5 checksum: 349392 28751fdfecf730380b111537646cac03 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_i386.deb Size/MD5 checksum: 180852 10afd005f77c934946d1bcaf04998d92 http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_i386.deb Size/MD5 checksum: 258526 3bb1cb543f6b2ab1a4985dfa536dd3e5 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_ia64.deb Size/MD5 checksum: 214970 eb496451fad3c40a54f55dd55ff0e4d9 http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_ia64.deb Size/MD5 checksum: 371532 2a339fa9b2d875dccf416dc648b5d11a Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_m68k.deb Size/MD5 checksum: 190796 9d8b6bb6f224470ea1ac92d92015ad95 http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_m68k.deb Size/MD5 checksum: 263074 a5747d036e6df6f1170e8c2607cb632d Big endian MIPS architecture: http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_mips.deb Size/MD5 checksum: 197400
[Full-disclosure] [SECURITY] [DSA 1378-2] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1378-2[EMAIL PROTECTED] http://www.debian.org/security/ Dann Frazier September 28th, 2007http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : several Problem-Type : local Debian-specific: no CVE ID : CVE-2007-3731 CVE-2007-3739 CVE-2007-3740 CVE-2007-4573 CVE-2007-4849 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3731 Evan Teran discovered a potential local denial of service (oops) in the handling of PTRACE_SETREGS and PTRACE_SINGLESTEP requests. CVE-2007-3739 Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. CVE-2007-3740 Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentinally relaxed permissions. CVE-2007-4573 Wojciech Purczynski discovered a vulnerability that can be exploitd by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavour. CVE-2007-4849 Michael Stone reported an issue with the JFFS2 filesystem. Legacy modes for inodes that were created with POSIX ACL support enabled were not being written out to the medium, resulting in incorrect permissions upon remount. These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch3. This advisory has been updated to include a build for the arm architecture, which was not yet available at the time of DSA-1378-1. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.13etch3 user-mode-linux 2.6.18-1um-2etch.13etch3 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch3.dsc Size/MD5 checksum: 5672 c1bd844f7cda4fbe195633ca2f10e1ed http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch3.diff.gz Size/MD5 checksum: 5318081 24ff4c8f5d53eb3b7c9fe8a080827045 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch3.dsc Size/MD5 checksum: 740 ae1bf8aadf49ec47235774fac7f5cb06 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch3.tar.gz Size/MD5 checksum:54342 9c94bc12cef25ab30b5a66035c7588a2 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch3.dsc Size/MD5 checksum: 892 76ffc1795c64ab756e04659d71b448f7 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch3.diff.gz Size/MD5 checksum:14307 80979b335d9db66a3994b5c0f9f6136b http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 Architecture independent components: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch3_all.deb Size/MD5 checksum: 3586464 642f8635f26aa477585eede9fb3e3a8e http://security.debian.org/pool/updates/main/l/linux-2.6/
[Full-disclosure] [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1378-1[EMAIL PROTECTED] http://www.debian.org/security/ Dann Frazier September 27th, 2007http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : several Problem-Type : local Debian-specific: no CVE ID : CVE-2007-3731 CVE-2007-3739 CVE-2007-3740 CVE-2007-4573 CVE-2007-4849 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3731 Evan Teran discovered a potential local denial of service (oops) in the handling of PTRACE_SETREGS and PTRACE_SINGLESTEP requests. CVE-2007-3739 Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. CVE-2007-3740 Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentinally relaxed permissions. CVE-2007-4573 Wojciech Purczynski discovered a vulnerability that can be exploitd by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavour. CVE-2007-4849 Michael Stone reported an issue with the JFFS2 filesystem. Legacy modes for inodes that were created with POSIX ACL support enabled were not being written out to the medium, resulting in incorrect permissions upon remount. These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch3. At the time of this advisory, the build for the arm architecture has not yet completed. This advisory will be updated once the arm build is available. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.13etch3 user-mode-linux 2.6.18-1um-2etch.13etch3 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch3.dsc Size/MD5 checksum: 5672 c1bd844f7cda4fbe195633ca2f10e1ed http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch3.diff.gz Size/MD5 checksum: 5318081 24ff4c8f5d53eb3b7c9fe8a080827045 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch3.dsc Size/MD5 checksum: 740 ae1bf8aadf49ec47235774fac7f5cb06 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch3.tar.gz Size/MD5 checksum:54342 9c94bc12cef25ab30b5a66035c7588a2 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch3.dsc Size/MD5 checksum: 892 76ffc1795c64ab756e04659d71b448f7 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch3.diff.gz Size/MD5 checksum:14307 80979b335d9db66a3994b5c0f9f6136b http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 Architecture independent components: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch3_all.deb Size/MD5 checksum: 3586464 642f8635f26aa477585eede9fb3e3a8e http://security.debian.org/pool/updates/m
[Full-disclosure] [SECURITY] [DSA 1364-2] New vim packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - -- Debian Security Advisory DSA 1364-2[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier September 19th, 2007http://www.debian.org/security/faq - - -- Package: vim Vulnerability : several Problem-Type : local(remote) Debian-specific: no CVE ID : CVE-2007-2438 CVE-2007-2953 Several vulnerabilities have been discovered in the vim editor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2953 Ulf Harnhammar discovered that a format string flaw in helptags_one() from src/ex_cmds.c (triggered through the "helptags" command) can lead to the execution of arbitrary code. CVE-2007-2438 Editors often provide a way to embed editor configuration commands (aka modelines) which are executed once a file is opened. Harmful commands are filtered by a sandbox mechanism. It was discovered that function calls to writefile(), feedkeys() and system() were not filtered, allowing shell command execution with a carefully crafted file opened in vim. This updated advisory repairs issues with missing files in the packages for the oldstable distribution (sarge) for the alpha, mips, and mipsel architectures. For the oldstable distribution (sarge) these problems have been fixed in version 6.3-071+1sarge2. Sarge is not affected by CVE-2007-2438. For the stable distribution (etch) these problems have been fixed in version 7.0-122+1etch3. For the unstable distribution (sid) these problems have been fixed in version 7.1-056+1. We recommend that you upgrade your vim packages. Upgrade Instructions - - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - - Source archives: http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.dsc Size/MD5 checksum: 1376 a447ab6dba1d93c924841af4234e0f5b http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.diff.gz Size/MD5 checksum: 262331 96005f014eb64ad9e9056daf0f578582 http://security.debian.org/pool/updates/main/v/vim/vim_6.3.orig.tar.gz Size/MD5 checksum: 5624622 de1c964ceedbc13538da87d2d73fd117 Architecture independent components: http://security.debian.org/pool/updates/main/v/vim/vim-common_6.3-071+1sarge2_all.deb Size/MD5 checksum: 3424544 bd11013f7a21dfa3b6ba0c819eec5cc6 http://security.debian.org/pool/updates/main/v/vim/vim-doc_6.3-071+1sarge2_all.deb Size/MD5 checksum: 1649542 d7d8c03c0c8247a253dbb261fa40d983 Alpha architecture: http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2+b1_alpha.deb Size/MD5 checksum: 897132 9b1b19c22a65bd4046684a603ea60146 http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2+b1_alpha.deb Size/MD5 checksum: 987420 0f50e5570e94d0d24544770ffe0cf4f6 http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2+b1_alpha.deb Size/MD5 checksum: 945902 9a583b7323e9907362cd4a5b5dd9054d http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2+b1_alpha.deb Size/MD5 checksum: 942798 70d57f86db028310f41981c4a7b108a1 http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2+b1_alpha.deb Size/MD5 checksum: 882500 d7a02c364f09a4ae502b3cc9180b83b4 http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2+b1_alpha.deb Size/MD5 checksum: 959276 4895da0a62b9adf22868d7917bb5974e http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2+b1_alpha.deb Size/MD5 checksum: 954374 5e43d44823c54f75d58dd920b84675c5 http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2+b1_alpha.deb Size/MD5 checksum: 949052 2df101622632733db64ffb1a1be758e3 http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2+b1_alpha.deb Size/MD5 checksum: 953728 f36fba9f17e9364f87fe3fc9baab286a AMD64 architecture: http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_amd64.deb Size/MD5 checksum: 770114 6f1818ee5504c2b0a5e52ee8d41b1806 http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_amd64.deb Size/MD5 checksum
[Full-disclosure] [SECURITY] [DSA 1363-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1363-1[EMAIL PROTECTED] http://www.debian.org/security/ Dann Frazier August 31st, 2007 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE ID : CVE-2007-2172 CVE-2007-2875 CVE-2007-3105 CVE-2007-3843 CVE-2007-4308 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2172 Thomas Graf reported a typo in the IPV4 protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). The DECnet counterpart of this issue was already fixed in DSA-1356. CVE-2007-2875 iDefense reported a potential integer underflow in the cpuset filesystem which may permit local attackers to gain access to sensitive kernel memory. This vulnerability is only exploitable if the cpuset filesystem is mounted. CVE-2007-3105 The PaX Team discovered a potential buffer overflow in the random number generator which may permit local users to cause a denial of service or gain additional privileges. This issue is not believed to effect default Debian installations where only root has sufficient privileges to exploit it. CVE-2007-3843 A coding error in the CIFS subsystem permits the use of unsigned messages even if the client has been configured the system to enforce signing by passing the sec=ntlmv2i mount option. This may allow remote attackers to spoof CIFS network traffic. CVE-2007-4308 Alan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges. These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch2. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch5 user-mode-linux 2.6.18-1um-2etch4 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch2.dsc Size/MD5 checksum: 5672 0d32469058eb990ded360c98a66d027e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch2.diff.gz Size/MD5 checksum: 5310664 a99b3fdf8cd187d5209849229202d75c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 Architecture independent components: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch2_all.deb Size/MD5 checksum: 3587232 152d52b161fda741f7cab6b52035ede0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch2_all.deb Size/MD5 checksum: 1082150 5b702a589ad09771ade968eeba946998 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch2_all.deb Size/MD5 checksum: 1482942 c9d942021c5cacb75b443c2f63965632 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-13etch2_all.deb Size/MD5 checksum: 41417314 6d28d791ee48f4e20a4c3c7a772298f1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-5_2.6.18.dfsg.1-13etch2_all.deb Size/MD5 checksum: 3738432 570762f56596a615a46b654f9e96bda8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-13etch2_all.deb Size/MD5 checksum:51396 1ab0d6ab43a0f1f87446178bf4cbb4d3 Alpha
[Full-disclosure] [SECURITY] [DSA 1356-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1356-1[EMAIL PROTECTED] http://www.debian.org/security/ Dann Frazier August 15th, 2007 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE ID : CVE-2007-1353 CVE-2007-2172 CVE-2007-2453 CVE-2007-2525 CVE-2007-2876 CVE-2007-3513 CVE-2007-3642 CVE-2007-3848 CVE-2007-3851 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1353 Ilja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory. CVE-2007-2172 Thomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update. CVE-2007-2453 A couple of issues with random number generation were discovered. Slightly less random numbers resulted from hashing a subset of the available entropy. zero-entropy systems were seeded with the same inputs at boot time, resulting in repeatable series of random numbers. CVE-2007-2525 Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory. CVE-2007-2876 Vilmos Nebehaj discovered a NULL pointer dereference condition in the netfilter subsystem. This allows remote systems which communicate using the SCTP protocol to crash a system by creating a connection with an unknown chunk type. CVE-2007-3513 Oliver Neukum reported an issue in the usblcd driver which, by not limiting the size of write buffers, permits local users with write access to trigger a DoS by consuming all available memory. CVE-2007-3642 Zhongling Wen reported an issue in nf_conntrack_h323 where the lack of range checking may lead to NULL pointer dereferences. Remote attackers could exploit this to create a DoS condition (system crash). CVE-2007-3848 Wojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries. CVE-2007-3851 Dave Airlie reported that Intel 965 and above chipsets have relocated their batch buffer security bits. Local X server users may exploit this to write user data to arbitrary physical memory addresses. These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch1. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch4 user-mode-linux 2.6.18-1um-2etch3 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch1.dsc Size/MD5 checksum: 5672 ef2648e54c6ea1769b29ba191fc13083 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch1.diff.gz Size/MD5 checksum: 5306139 589297d453d15848b5879cf22eed7d40 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 Architecture independent components: http://security.debian.org/pool/updates/main
[Full-disclosure] [SECURITY] [DSA 1304-1] New Linux kernel 2.6.8 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1304-1[EMAIL PROTECTED] http://www.debian.org/security/ Dann Frazier June 16th, 2007 http://www.debian.org/security/faq - -- Package: kernel-source-2.6.8 Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE ID : CVE-2005-4811 CVE-2006-4814 CVE-2006-4623 CVE-2006-5753 CVE-2006-5754 CVE-2006-5757 CVE-2006-6053 CVE-2006-6056 CVE-2006-6060 CVE-2006-6106 CVE-2006-6535 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. This update also fixes a regression in the smbfs subsystem which was introduced in DSA-1233 which caused symlinks to be interpreted as regular files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-4811 David Gibson reported an issue in the hugepage code which could permit a local DoS (system crash) on appropriately configured systems. CVE-2006-4814 Doug Chapman discovered a potential local DoS (deadlock) in the mincore function caused by improper lock handling. CVE-2006-4623 Ang Way Chuang reported a remote DoS (crash) in the dvb driver which can be triggered by a ULE package with an SNDU length of 0. CVE-2006-5753 Eric Sandeen provided a fix for a local memory corruption vulnerability resulting from a misinterpretation of return values when operating on inodes which have been marked bad. CVE-2006-5754 Darrick Wong discovered a local DoS (crash) vulnerability resulting from the incorrect initialization of "nr_pages" in aio_setup_ring(). CVE-2006-5757 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted iso9660 filesystem. CVE-2006-6053 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext3 filesystem. CVE-2006-6056 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted hfs filesystem on systems with SELinux hooks enabled (Debian does not enable SELinux by default). CVE-2006-6060 LMH reported a potential local DoS (infinie loop) which could be exploited by a malicious user with the privileges to mount and read a corrupted NTFS filesystem. CVE-2006-6106 Marcel Holtman discovered multiple buffer overflows in the Bluetooth subsystem which can be used to trigger a remote DoS (crash) and potentially execute arbitray code. CVE-2006-6535 Kostantin Khorenko discovered an invalid error path in dev_queue_xmit() which could be exploited by a local user to cause data corruption. CVE-2007-0958 Santosh Eraniose reported a vulnerability that allows local users to read otherwise unreadable files by triggering a core dump while using PT_INTERP. This is related to CVE-2004-1073. CVE-2007-1357 Jean Delvare reported a vulnerability in the appletalk subsystem. Systems with the appletalk module loaded can be triggered to crash by other systems on the local network via a malformed frame. CVE-2007-1592 Masayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops). The following matrix explains which kernel version for which architecture fix the problems mentioned above: Debian 3.1 (sarge) Source 2.6.8-16sarge7 Alpha architecture 2.6.8-16sarge7 AMD64 architecture 2.6.8-16sarge7 HP Precision architecture 2.6.8-6sarge7 Intel IA-32 architecture2.6.8-16sarge7 Intel IA-64 architecture2.6.8-14sarge7 Motorola 680x0 architecture 2.6.8-4sarge7 PowerPC architecture2.6.8-12sarge7 IBM S/390 architecture 2.6.8-5sarge7 Sun Sparc architecture 2.6.8-15sarge7 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade
[Full-disclosure] [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- Debian Security Advisory DSA 1299-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier June 7th, 2007 http://www.debian.org/security/faq - --- Package: ipsec-tools Vulnerability : missing input sanitising Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-2524 It was discovered that a specially-crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service. The oldstable distribution (sarge) isn't affected by this problem. For the stable distribution (etch) this problem has been fixed in version 1:0.6.6-3.1. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your racoon package. Upgrade Instructions - - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1.dsc Size/MD5 checksum: 714 8b0036099ce66a7cbe83e54d0b904af2 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1.diff.gz Size/MD5 checksum:49981 087edd1d11957b09b2171900a9b11861 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6.orig.tar.gz Size/MD5 checksum: 914807 643a238e17148d242c603c511e28d029 Alpha architecture: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_alpha.deb Size/MD5 checksum:97060 2532ce5a61a9ddda86d2dc2b6c2fee0d http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_alpha.deb Size/MD5 checksum: 376370 d20d19e5fa8943b80a1a5678044e578c AMD64 architecture: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_amd64.deb Size/MD5 checksum:89052 8ff0a34a1fca0e232edcee6827233760 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_amd64.deb Size/MD5 checksum: 341854 44f25a0b80eb783aa1c8f6a971ca237d ARM architecture: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_arm.deb Size/MD5 checksum:89788 d5378073f43820e820d5abfab4ea19ac http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_arm.deb Size/MD5 checksum: 325002 fc60192e280377c8d802827fb35e9ccf HP Precision architecture: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_hppa.deb Size/MD5 checksum:93882 6a44a4a6f99bd607c47b993eb02ede0a http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_hppa.deb Size/MD5 checksum: 354128 130b95fb7d817148acc080b87d650033 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_i386.deb Size/MD5 checksum:84608 a5ae0d2e2a6c804a7bc28bd78b89b9a8 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_i386.deb Size/MD5 checksum: 329946 ecf6c9f4b86fa32b24ef7d395ec786bc Intel IA-64 architecture: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_ia64.deb Size/MD5 checksum: 113136 8bda8ebe0253f6a122ed55ae5594061c http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_ia64.deb Size/MD5 checksum: 467976 f10fd34a1511d2115429a07aa66c9505 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_mips.deb Size/MD5 checksum:89766 66e65d7dd8997376ec87419b9e578635 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_mips.deb Size/MD5 checksum: 344828 091f455c5364c6e086ccf3bab88b118d Little endian MIPS architecture: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_mipsel.deb Size/MD5 checksum:90078 23c815af2dd3b8caafbf51a36cc10f7e http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_mipsel.deb Size/MD5 checksum: 346628 c31717b5c9d124fb762dd6bff3f05179 PowerPC architecture: http://security.debian.org/pool/updates/main/i/ipsec-
[Full-disclosure] [SECURITY] [DSA 1286-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1286-1[EMAIL PROTECTED] http://www.debian.org/security/ Dann Frazier May 2nd, 2007 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE ID : CVE-2007-0005 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0005 Daniel Roethlisberger discovered two buffer overflows in the cm4040 driver for the Omnikey CardMan 4040 device. A local user or malicious device could exploit this to execute arbitrary code in kernel space. CVE-2007-0958 Santosh Eraniose reported a vulnerability that allows local users to read otherwise unreadable files by triggering a core dump while using PT_INTERP. This is related to CVE-2004-1073. CVE-2007-1357 Jean Delvare reported a vulnerability in the appletalk subsystem. Systems with the appletalk module loaded can be triggered to crash by other systems on the local network via a malformed frame. CVE-2007-1592 Masayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops). This problem has been fixed in the stable distribution in version 2.6.18.dfsg.1-12etch1. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17etch1 user-mode-linux 2.6.18-1um-2etch1 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Updated packages for the mips and mipsel architectures are not yet available. They will be provided later. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-12etch1.dsc Size/MD5 checksum: 5672 ac529ba78f040ff42c65c5fdbb04852c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-12etch1.diff.gz Size/MD5 checksum: 5323912 5869979391ab0ccc891707888be243b3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17etch1.dsc Size/MD5 checksum: 713 c63bdcb967491d8af364b338f22ecb67 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17etch1.tar.gz Size/MD5 checksum:49181 ddbe8092d35f31f230f8fe8f4c70fcf9 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch1.dsc Size/MD5 checksum: 865 2acf6514b90f220855703712887bfd42 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch1.diff.gz Size/MD5 checksum:12685 c5da30ad76557c4cc62a9551e6bba41e http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 Architecture independent components: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-12etch1_all.deb Size/MD5 checksum: 3585528 40ada0027fff7fa333827b8aaad0250d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-12etch1_all.deb Size/MD5 checksum: 1079530 487c4f3f8972fe2401ac6c8c09ecdbd7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-12etch1_all.deb Size/MD5 checksum: 1441798 93ee1d7bd1a3a80ff4330ba46685c7e4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-12etch1_all.deb
[Full-disclosure] [SECURITY] [DSA 1237-1] New Linux 2.4.27 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1237-1[EMAIL PROTECTED] http://www.debian.org/security/ Dann Frazier December 17th, 2006 http://www.debian.org/security/faq - -- Package: kernel-source-2.4.27 Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE ID : CVE-2006-4093 CVE-2006-4538 CVE-2006-4997 CVE-2006-5174 CVE-2006-5649 CVE-2006-5871 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-4093 Olof Johansson reported a local DoS (Denial of Service) vulnerability on the PPC970 platform. Unpriveleged users can hang the system by executing the "attn" instruction, which was not being disabled at boot. CVE-2006-4538 Kirill Korotaev reported a local DoS (Denial of Service) vulnerability on the ia64 and sparc architectures. A user could cause the system to crash by executing a malformed ELF binary due to insufficient verification of the memory layout. CVE-2006-4997 ADLab Venustech Info Ltd reported a potential remote DoS (Denial of Service) vulnerability in the IP over ATM subsystem. A remote system could cause the system to crash by sending specially crafted packets that would trigger an attempt to free an already-freed pointer resulting in a system crash. CVE-2006-5174 Martin Schwidefsky reported a potential leak of sensitive information on s390 systems. The copy_from_user function did not clear the remaining bytes of the kernel buffer after receiving a fault on the userspace address, resulting in a leak of uninitialized kernel memory. A local user could exploit this by appending to a file from a bad address. CVE-2006-5649 Fabio Massimo Di Nitto reported a potential remote DoS (Denial of Service) vulnerability on powerpc systems. The alignment exception only checked the exception table for -EFAULT, not for other errors. This can be exploited by a local user to cause a system crash (panic). CVE-2006-5871 Bill Allombert reported that various mount options are ignored by smbfs when UNIX extensions are enabled. This includes the uid, gid and mode options. Client systems would silently use the server-provided settings instead of honoring these options, changing the security model. This update includes a fix from Haroldo Gamal that forces the kernel to honor these mount options. Note that, since the current versions of smbmount always pass values for these options to the kernel, it is not currently possible to activate unix extensions by omitting mount options. However, this behavior is currently consistent with the current behavior of the next Debian release, 'etch'. The following matrix explains which kernel version for which architecture fix the problems mentioned above: Debian 3.1 (sarge) Source 2.4.27-10sarge5 Alpha architecture 2.4.27-10sarge5 ARM architecture2.4.27-2sarge5 Intel IA-32 architecture2.4.27-10sarge5 Intel IA-64 architecture2.4.27-10sarge5 Motorola 680x0 architecture 2.4.27-3sarge5 Big endian MIPS 2.4.27-10.sarge4.040815-2 Little endian MIPS 2.4.27-10.sarge4.040815-2 PowerPC architecture2.4.27-10sarge5 IBM S/390 architecture 2.4.27-2sarge5 Sun Sparc architecture 2.4.27-9sarge5 The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update: Debian 3.1 (sarge) fai-kernels 1.9.1sarge5 kernel-image-2.4.27-speakup 2.4.27-1.1sarge4 mindi-kernel2.4.27-2sarge4 systemimager3.2.3-6sarge4 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/L
