[Technik] [SECURITY] [DSA 1233-1] New Linux 2.6.8 packages fix several vulnerabilities

Noèl Köthe noel at debian.org
Sun Dec 10 22:41:33 CET 2006 

Am Sonntag, den 10.12.2006, 22:06 +0100 schrieb Dann Frazier:

> Debian Security Advisory DSA 1233-1                    security at debian.org
> http://www.debian.org/security/                               Dann Frazier
> December 10th, 2006                     http://www.debian.org/security/faq
> 
> Package        : kernel-source-2.6.8
> Vulnerability  : several
> Problem-Type   : local/remote
> Debian-specific: no
> CVE ID         : CVE-2006-3741 CVE-2006-4538 CVE-2006-4813 CVE-2006-4997
>                  CVE-2006-5174 CVE-2006-5619 CVE-2006-5649 CVE-2006-5751
>                  CVE-2006-5871

linux kernel-image auf cree und cupa aktualisiert.
Auf den anderen Systemen benutzen wir selbst gebaute kernel.

> The following matrix explains which kernel version for which architecture
> fix the problems mentioned above:
> 
>                                  Debian 3.1 (sarge)
>      Intel IA-32 architecture    2.6.8-16sarge6

changelog:
kernel-image-2.6.8-i386 (2.6.8-16sarge6) stable-security; urgency=high

  * Build against kernel-tree-2.6.8-16sarge6:
    * perfmon-fd-refcnt.dpatch
      [SECURITY][ia64] Fix file descriptor leak in perfmonctl
      system call which could be used as a local denial of service attack
      by depleting the system of file descriptors
      See CVE-2006-3741
    * ia64-sparc-cross-region-mappings.dpatch
      [SECURITY] Prevent cross-region mappings on ia64 and sparc which
      could be used in a local DoS attack (system crash)
      See CVE-2006-4538
    * __block_prepare_write-recovery.dpatch
      [SECURITY] Fix an information leak in __block_prepare_write()
      See CVE-2006-4813
    * atm-clip-freed-skb-deref.dpatch
      [SECURITY] Avoid dereferencing an already freed skb, preventing a
      potential remote DoS (system crash) vector
      See CVE-2006-4997
    * ip6_flowlabel-lockup.dpatch
      [SECURITY] Fix local DoS attack vector (lockups, oopses) in the
      sequence handling for /proc/net/ip6_flowlabel
      See CVE-2006-5619
    * ppc-alignment-exception-table-check.dpatch
      [SECURITY][ppc] Avoid potential DoS which can be triggered by some
      futex ops
      See CVE-2006-5649
    * s390-uaccess-memleak.dpatch
      [SECURITY][s390] Fix memory leak in copy_from_user by clearing the
      remaining bytes of the kernel buffer after a fault on the userspace
      address in copy_from_user()
      See CVE-2006-5174
    * smbfs-honor-mount-opts.dpatch
      Honor uid, gid and mode mount options for smbfs even when unix extensions
      are enabled
      See CVE-2006-5871
    * bridge-get_fdb_entries-overflow.dpatch
      Protect against possible overflow in get_fdb_entries
      See CVE-2006-5751

 -- dann frazier <dannf at debian.org>  Tue,  5 Dec 2006 02:18:31 -0700

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20061210/98e7daa4/attachment.pgp

More information about the Technik mailing list