[Technik] [SECURITY] [DSA 1363-1] New Linux 2.6.18 packages fix several vulnerabilities

Noèl Köthe noel at debian.org
Mon Sep 3 17:47:30 CEST 2007 

Am Freitag, den 31.08.2007, 17:33 -0600 schrieb dann frazier:

> Debian Security Advisory DSA 1363-1                    security at debian.org
> http://www.debian.org/security/                               Dann Frazier
> August 31st, 2007                       http://www.debian.org/security/faq
> 
> Package        : linux-2.6
> Vulnerability  : several
> Problem-Type   : local/remote
> Debian-specific: no
> CVE ID         : CVE-2007-2172 CVE-2007-2875 CVE-2007-3105 CVE-2007-3843
>                  CVE-2007-4308

linux-2.6 kernel auf cree und yuma aktualisiert und Server rebootet.

> These problems have been fixed in the stable distribution in version 
> 2.6.18.dfsg.1-13etch2.

changelog:
linux-2.6 (2.6.18.dfsg.1-13etch2) stable-security; urgency=high

  * bugfix/ipv4-fib_props-out-of-bounds.patch
    [SECURITY] Fix a typo which caused fib_props[] to be of the wrong size
    and check for out of bounds condition in index provided by userspace
    See CVE-2007-2172
  * bugfix/cpuset_tasks-underflow.patch
    [SECURITY] Fix integer underflow in /dev/cpuset/tasks which could allow
    local attackers to read sensitive kernel memory if the cpuset filesystem
    is mounted.
    See CVE-2007-2875
  * bugfix/random-bound-check-ordering.patch
    [SECURITY] Fix stack-based buffer overflow in the random number
    generator
    See CVE-2007-3105
  * bugfix/cifs-fix-sign-settings.patch
    [SECURITY] Fix overriding the server to force signing on caused by
    checking the wrong gloal variable.
    See CVE-2007-3843
  * bugfix/aacraid-ioctl-perm-check.patch
    [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
    See CVE-2007-4308

 -- dann frazier <dannf at debian.org>  Mon, 27 Aug 2007 23:29:31 -0600

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070903/3f519727/attachment.pgp

More information about the Technik mailing list