[Technik] [SECURITY] [DSA 1592-2] New Linux 2.6.18 packages fix overflow conditions
Noèl Köthe
noel at debian.org
Fri Jun 13 22:23:28 CEST 2008
Am Montag, den 09.06.2008, 11:15 -0600 schrieb dann frazier:
> Debian Security Advisory DSA-1592-2 security at debian.org
> http://www.debian.org/security/ dann frazier
> Jun 09, 2008 http://www.debian.org/security/faq
>
> Package : linux-2.6
> Vulnerability : heap overflow
> Problem type : local/remote
> Debian-specific: no
> CVE Id(s) : CVE-2008-1673 CVE-2008-2358
linux 2.6.18 auf yuki, cree und yuma aktualisiert und die zwei letzteren
rebootet.
> For the stable distribution (etch), this problem has been fixed in
> version 2.6.18.dfsg.1-18etch6.
changelog:
linux-2.6 (2.6.18.dfsg.1-18etch6) stable-security; urgency=high
* bugfix/dccp-feature-length-check.patch
[SECURITY] Validate feature length to avoid heap overflow
See CVE-2008-2358
* bugfix/asn1-ber-decoding-checks.patch
[SECURITY] Validate lengths in ASN.1 decoding code to avoid
heap overflow
See CVE-2008-1673
-- dann frazier <dannf at debian.org> Thu, 05 Jun 2008 22:36:07 -0600
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080613/276ae8b7/attachment.pgp
More information about the Technik
mailing list