[kernel-sec-discuss] r538 - patch-tracking/dsa-texts
Moritz Muehlenhoff
jmm at costa.debian.org
Mon Aug 14 18:44:05 UTC 2006
Author: jmm
Date: 2006-08-14 18:44:04 +0000 (Mon, 14 Aug 2006)
New Revision: 538
Added:
patch-tracking/dsa-texts/2.6.8-sarge5
Log:
first stub for next DSA.
Added: patch-tracking/dsa-texts/2.6.8-sarge5
===================================================================
--- patch-tracking/dsa-texts/2.6.8-sarge5 2006-08-14 06:35:41 UTC (rev 537)
+++ patch-tracking/dsa-texts/2.6.8-sarge5 2006-08-14 18:44:04 UTC (rev 538)
@@ -0,0 +1,79 @@
+--------------------------------------------------------------------------
+Debian Security Advisory DSA XXX-1 security at debian.org
+http://www.debian.org/security/ Dann Frazier, Troy Heber
+XXXXX 8th, 2006 http://www.debian.org/security/faq
+--------------------------------------------------------------------------
+
+Package : kernel-source-2.6.8
+Vulnerability : several
+Problem-Type : local/remote
+Debian-specific: no
+CVE ID : CVE-2006-3468
+
+Several local and remote vulnerabilities have been discovered in the Linux
+kernel that may lead to a denial of service or the execution of arbitrary
+code. The Common Vulnerabilities and Exposures project identifies the
+following problems:
+
+CVE-2006-3468
+
+ James McKenzie discovered a vulnerability in the NFS subsystem, allowing
+ remote denial of service if an ext3 filesystem is exported.
+
+The following matrix explains which kernel version for which architecture
+fix the problems mentioned above:
+
+ Debian 3.1 (sarge)
+ Source 2.6.8-16sarge5
+ Alpha architecture 2.6.8-16sarge5
+ AMD64 architecture 2.6.8-16sarge5
+ HP Precision architecture 2.6.8-6sarge5
+ Intel IA-32 architecture 2.6.8-16sarge5
+ Intel IA-64 architecture 2.6.8-14sarge5
+ Motorola 680x0 architecture 2.6.8-4sarge5
+ PowerPC architecture 2.6.8-12sarge5
+ IBM S/390 architecture 2.6.8-5sarge5
+ Sun Sparc architecture 2.6.8-15sarge5
+
+The following matrix lists additional packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+ Debian 3.1 (sarge)
+ fai-kernels 1.9.1sarge4
+
+We recommend that you upgrade your kernel package immediately and reboot
+the machine. If you have built a custom kernel from the kernel source
+package, you will need to rebuild to take advantage of these fixes.
+
+Upgrade Instructions
+--------------------
+
+wget url
+ will fetch the file for you
+dpkg -i file.deb
+ will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+ will update the internal database
+apt-get upgrade
+ will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+
+Debian GNU/Linux 3.1 alias sarge
+--------------------------------
+
+
+ These files will probably be moved into the stable distribution on
+ its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce at lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
More information about the kernel-sec-discuss
mailing list