[Technik] [SECURITY] [DSA 1184-1] New Linux 2.6.8 packages fix several vulnerabilities

Noèl Köthe noel at debian.org
Wed Sep 27 08:38:18 CEST 2006 

Am Montag, den 25.09.2006, 15:48 +0200 schrieb Martin Schulze:

> Debian Security Advisory DSA 1184-1                    security at debian.org
> http://www.debian.org/security/                               Dann Frazier
> September 25th, 2006                    http://www.debian.org/security/faq
> 
> Package        : kernel-source-2.6.8
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE IDs        : CVE-2004-2660 CVE-2005-4798 CVE-2006-1052 CVE-2006-1343
>                  CVE-2006-1528 CVE-2006-1855 CVE-2006-1856 CVE-2006-2444
>                  CVE-2006-2446 CVE-2006-2935 CVE-2006-2936 CVE-2006-3468
>                  CVE-2006-3745 CVE-2006-4093 CVE-2006-4145 CVE-2006-4535
> CERT advisory  : VU#681569
> BugTraq IDs    : 17203 17830 18081 18099 18101 18105 18847 19033 19396
>                  19562 19615 19666 20087

linux kernel 2.6.8 auf cupa, cree und crow aktualisiert.
cupa wurde auch bereits rebootet.
Die anderen Server (pima, pomo, yuma, cusa, kiowa, karuk, kansa und
acoma) haben von uns selber erstellte kernel und werden noch
aktualisiert.

> The following matrix explains which kernel version for which
> architecture fixes the problem mentioned above:

>     Intel IA-32 architecture         2.6.8-16sarge5

changelog:
kernel-image-2.6.8-i386 (2.6.8-16sarge5) stable-security; urgency=high

  * Build against kernel-tree-2.6.8-16sarge5:
    * [ERRATA] madvise_remove-restrict.dpatch
      [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with
      CVE-2006-1524. However, this patch fixes an mprotect issue that was
      split off from the original report into CVE-2006-2071. 2.6.8 is not
      vulnerable to CVE-2006-1524 the madvise_remove issue.
      See CVE-2006-2071
    * fs-ext3-bad-nfs-handle.dpatch
      [SECURITY] James McKenzie discovered a Denial of Service vulnerability
      in the NFS driver. When exporting an ext3 file system over NFS, a remote
      attacker could exploit this to trigger a file system panic by sending
      a specially crafted UDP packet.
      See CVE-2006-3468
    * direct-io-write-mem-leak.dpatch
      [SECURITY] Fix memory leak in O_DIRECT write.
      See CVE-2004-2660
    * nfs-handle-long-symlinks.dpatch
      [SECURITY] Fix buffer overflow in NFS readline handling that allows a
      remote server to cause a denial of service (crash) via a long symlink
      See CVE-2005-4798
    * cdrom-bad-cgc.buflen-assign.dpatch
      [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
      be used by a local user to trigger a buffer overflow via a specially
      crafted DVD, USB stick, or similar automatically mounted device.
      See CVE-2006-2935
    * usb-serial-ftdi_sio-dos.patch
      [SECURITY] fix userspace DoS in ftdi_sio driver
      See CVE-2006-2936
    * selinux-tracer-SID-fix.dpatch
      [SECURITY] Fix vulnerability in selinux_ptrace that prevents local
      users from changing the tracer SID to the SID of another process
      See CVE-2006-1052
    * netfilter-SO_ORIGINAL_DST-leak.dpatch
      [SECURITY] Fix information leak in SO_ORIGINAL_DST
      See CVE-2006-1343
    * sg-no-mmap-VM_IO.dpatch
      [SECURITY] Fix DoS vulnerability whereby a local user could attempt
      a dio/mmap and cause the sg driver to oops.
      See CVE-2006-1528
    * exit-bogus-bugon.dpatch
      [SECURITY] Remove bogus BUG() in exit.c which could be maliciously
      triggered by a local user
      See CVE-2006-1855
    * readv-writev-missing-lsm-check.dpatch,
      readv-writev-missing-lsm-check-compat.dpatch
      [SECURITY] Add missing file_permission callback in readv/writev syscalls
      See CVE-2006-1856
    * snmp-nat-mem-corruption-fix.dpatch
      [SECURITY] Fix memory corruption in snmp_trap_decode
      See CVE-2006-2444
    * kfree_skb-race.dpatch
      [SECURITY] Fix race between kfree_skb and __skb_unlink
      See CVE-2006-2446
    * hppa-mb-extraneous-semicolon.dpatch,
      sparc32-mb-extraneous-semicolons.dpatch,
      sparc64-mb-extraneous-semicolons.dpatch:
      Fix a syntax error caused by extranous semicolons in smp_mb() macros
      which resulted in a build failure with kfree_skb-race.dpatch
    * sctp-priv-elevation.dpatch
      [SECURITY] Fix SCTP privelege escalation
      See CVE-2006-3745
    * sctp-priv-elevation-2.dpatch
      [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch
      See CVE-2006-4535
    * ppc-hid0-dos.dpatch
      [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on
      PPC970 at boot time
      See CVE-2006-4093
    * udf-deadlock.dpatch
      [SECURITY] Fix possible UDF deadlock and memory corruption
      See CVE-2006-4145

 -- dann frazier <dannf at debian.org>  Mon,  4 Sep 2006 09:53:06 -0600

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20060927/5aca3956/attachment.pgp

More information about the Technik mailing list