[Technik] [SECURITY] [DSA 1381-2] New Linux 2.6.18 packages fix several vulnerabilities

Noèl Köthe noel at debian.org
Sat Oct 20 13:51:37 CEST 2007 

Am Freitag, den 12.10.2007, 17:54 -0600 schrieb dann frazier:

> Debian Security Advisory DSA 1381-2                    security at debian.org
> http://www.debian.org/security/                               Dann Frazier
> October 12th, 2007                      http://www.debian.org/security/faq
> 
> Package        : linux-2.6
> Vulnerability  : several
> Problem-Type   : local
> Debian-specific: no
> CVE ID         : CVE-2006-5755 CVE-2007-4133 CVE-2007-4573 CVE-2007-5093

> This is an update to DSA-1381-1 which included only amd64 binaries for
> linux-2.6. Builds for all other architectures are now available, as well as
> rebuilds of ancillary packages that make use of the included linux source.

yuma und cree (beide i386) aktualisiert und rebootet.

changelog:
linux-2.6 (2.6.18.dfsg.1-13etch4) stable-security; urgency=high

  [ Bastian Blank ]
  * bugfix/amd64-zero-extend-32bit-ptrace-xen.patch
    [SECURITY] Zero extend all registers after ptrace in 32-bit entry path
    (Xen).
    See CVE-2007-4573
  * bugfix/don-t-leak-nt-bit-into-next-task-xen.patch
    [SECURITY] Don't leak NT bit into next task (Xen).
    See CVE-2006-5755

  [ dann frazier ]
  * bugfix/hugetlb-prio_tree-unit-fix.patch
    [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
    which could be used to trigger a BUG_ON() call in exit_mmap.
    See CVE-2007-4133
  * bugfix/usb-pwc-disconnect-block.patch
    [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
    If userspace still has the device open it can result, the driver would
    wait for the device to close, blocking the USB subsystem.
    See CVE-2007-5093

 -- dann frazier <dannf at debian.org>  Tue, 02 Oct 2007 14:26:18 -0600

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20071020/d5bba312/attachment.pgp

More information about the Technik mailing list