[Technik] Re: [SECURITY] [DSA 1286-1] New Linux 2.6.18 packages fix
several vulnerabilities
Noèl Köthe
noel at debian.org
Thu May 17 14:39:03 CEST 2007
Am Mittwoch, den 02.05.2007, 21:37 +0200 schrieb Dann Frazier:
> Debian Security Advisory DSA 1286-1 security at debian.org
> http://www.debian.org/security/ Dann Frazier
> May 2nd, 2007 http://www.debian.org/security/faq
>
> Package : linux-2.6
> Vulnerability : several
> Problem-Type : local/remote
> Debian-specific: no
> CVE ID : CVE-2007-0005 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592
Linux kernel 2.6.18 (etch) auf cree und yuma aktualisiert und beide
Rechner wurde rebootet.
> This problem has been fixed in the stable distribution in version
> 2.6.18.dfsg.1-12etch1.
linux-2.6 (2.6.18.dfsg.1-12etch1) stable-security; urgency=high
* bugfix/core-dump-unreadable-PT_INTERP.patch
[SECURITY] Fix a vulnerability that allows local users to read
otherwise unreadable (but executable) files by triggering a core dump.
See CVE-2007-0958
* bugfix/appletalk-length-mismatch.patch
[SECURITY] Fix a remote DoS (crash) in appletalk
Depends upon bugfix/appletalk-endianness-annotations.patch
See CVE-2007-1357
* bugfix/cm4040-buffer-overflow.patch
[SECURITY] Fix a buffer overflow in the Omnikey CardMan 4040 driver
See CVE-2007-0005
* bugfix/ipv6_fl_socklist-no-share.patch
[SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
ipv6_fl_socklist between the listening socket and the socket created
for connection.
See CVE-2007-1592
-- dann frazier <dannf at debian.org> Sun, 08 Apr 2007 16:52:59 -0600
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070517/a603866c/attachment.pgp
More information about the Technik
mailing list