[Technik] [SECURITY] [DSA 1504-1] New Linux kernel 2.6.8 packages fix several issues

Noèl Köthe noel at debian.org
Sun Feb 24 22:33:46 CET 2008 

Am Freitag, den 22.02.2008, 14:27 -0700 schrieb dann frazier:

> Debian Security Advisory DSA-1504                  security at debian.org
> http://www.debian.org/security/                           dann frazier
> February 22, 2008                   http://www.debian.org/security/faq
> 
> Package        : kernel-source-2.6.8 (2.6.8-17sarge1)
> Vulnerability  : several
> Problem-Type   : local
> Debian-specific: no
> CVE ID         : CVE-2006-5823 CVE-2006-6054 CVE-2006-6058 CVE-2006-7203
>                  CVE-2007-1353 CVE-2007-2172 CVE-2007-2525 CVE-2007-3105
>                  CVE-2007-3739 CVE-2007-3740 CVE-2007-3848 CVE-2007-4133
>                  CVE-2007-4308 CVE-2007-4573 CVE-2007-5093 CVE-2007-6063
>                  CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007

Linux Kernel 2.6.8 auf unserem sarge Rechner cupa aktualisiert und rebootet.

> The following matrix lists additional packages that were rebuilt for
> compatibility with or to take advantage of this update:
> 
>                                  Debian 3.1 (sarge)

>      kernel-image-2.6.8-i386     2.6.8-17sarge1

changelog:
kernel-image-2.6.8-i386 (2.6.8-17sarge1) oldstable-security; urgency=high

  * Rebuild against kernel-tree-2.6.8-17sarge1
    * compat_sys_mount-NULL-data_page.dpatch
      [SECURITY] Fix oops in compat_sys_mount triggered by NULL data_page
      See CVE-2006-7203
    * pppoe-socket-release-mem-leak.dpatch
      [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
      after connect but before PPPIOCGCHAN ioctl is called upon it
      See CVE-2007-2525
    * dn_fib-out-of-bounds.dpatch, ipv4-fib_props-out-of-bounds.dpatch
      [SECURITY] Fix out of bounds condition in dn_fib_props[]
      See CVE-2007-2172
    * aacraid-ioctl-perm-check.dpatch
      [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
      See CVE-2007-4308
    * reset-pdeathsig-on-suid.dpatch
      [SECURITY] Fix potential privilege escalation caused by improper
      clearing of the child process' pdeath signal.
      See CVE-2007-3848
    * bluetooth-l2cap-hci-info-leaks.dpatch
      [SECURITY] Fix information leaks in setsockopt() implementations
      See CVE-2007-1353
    * coredump-only-to-same-uid.dpatch
      [SECURITY] Fix an issue where core dumping over a file that
      already exists retains the ownership of the original file
      See CVE-2007-6206
    * i4l-isdn_ioctl-mem-overrun.dpatch
      [SECURITY] Fix potential isdn ioctl memory overrun
      See CVE-2007-6151
    * cramfs-check-block-length.dpatch
      [SECURITY] Add a sanity check of the block length in cramfs_readpage to
      avoid a potential oops condition
      See CVE-2006-5823
    * ext2-skip-pages-past-num-blocks.dpatch
      [SECURITY] Add some sanity checking for a corrupted i_size in
      ext2_find_entry()
      See CVE-2006-6054
    * minixfs-printk-hang.dpatch
      [SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
      filesystem that would otherwise cause a system to hang (printk storm)
      See CVE-2006-6058
    * isdn-net-overflow.dpatch
      [SECURITY] Fix potential overflows in the ISDN subsystem
      See CVE-2007-6063
    * prevent-stack-growth-into-hugetlb-region.dpatch
      [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
      into address space reserved for hugetlb pages.
      See CVE-2007-3739
    * cifs-honor-umask.dpatch
      [SECURITY] Make CIFS honor a process' umask
      See CVE-2007-3740
    * hugetlb-prio_tree-unit-fix.dpatch
      [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
      which could be used to trigger a BUG_ON() call in exit_mmap.
      See CVE-2007-4133
    * amd64-zero-extend-32bit-ptrace.dpatch
      [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
      See CVE-2007-4573
    * usb-pwc-disconnect-block.dpatch
      [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
      If userspace still has the device open it can result, the driver would
      wait for the device to close, blocking the USB subsystem.
      See CVE-2007-5093
    * powerpc-chrp-null-deref.dpatch
      [SECURITY][powerpc] Fix NULL pointer dereference if get_property
      fails on the subarchitecture
      See CVE-2007-6694
    * random-bound-check-ordering.dpatch
      [SECURITY] Fix stack-based buffer overflow in the random number
      generator
      See CVE-2007-3105
    * mmap-VM_DONTEXPAND.dpatch
      [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
      a fault handler but do not bounds check the offset argument
      See CVE-2008-0007

 -- dann frazier <dannf at debian.org>  Tue, 19 Feb 2008 20:34:23 -0700

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080224/29be60d2/attachment.pgp

More information about the Technik mailing list