[kernel-sec-discuss] r1204 - dsa-texts

dannf at alioth.debian.org dannf at alioth.debian.org
Thu Aug 21 05:56:04 UTC 2008 

Author: dannf
Date: 2008-08-21 05:56:04 +0000 (Thu, 21 Aug 2008)
New Revision: 1204

Added:
   dsa-texts/2.6.18.dfsg.1-22etch2
Log:
new dsa draft


Added: dsa-texts/2.6.18.dfsg.1-22etch2
===================================================================
--- dsa-texts/2.6.18.dfsg.1-22etch2	                        (rev 0)
+++ dsa-texts/2.6.18.dfsg.1-22etch2	2008-08-21 05:56:04 UTC (rev 1204)
@@ -0,0 +1,111 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security at debian.org
+http://www.debian.org/security/                           dann frazier
+Aug 21, 2008                        http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : denial of service/information leak
+Problem type   : local/remote
+Debian-specific: no
+CVE Id(s)      : CVE-2007-6282 CVE-2008-0598 CVE-2008-2729 CVE-2008-2812
+                 CVE-2008-2826 CVE-2008-2931 CVE-2008-3272 CVE-2008-3275
+
+Several vulnerabilities have been discovered in the Linux kernel that may
+lead to a denial of service or arbitrary code execution. The Common
+Vulnerabilities and Exposures project identifies the following
+problems:
+
+CVE-2007-6282
+
+    Dirk Nehring discovered a vulnerability in the IPsec code that allows
+    remote users to cause a denial of service by sending a specially crafted
+    ESP packet.
+
+CVE-2008-0598
+
+    Tavis Ormandy discovered a vulnerability that allows local users to access
+    uninitialized kernel memory, possibly leaking sensitive data. This issue
+    is specific to the amd64-flavour kernel images.
+
+CVE-2008-2729
+
+    Andi Kleen discovered an issue where uninitialized kernel memory
+    was being leaked to userspace during an exception. This issue may allow
+    local users to gain access to sensitive data. Only the amd64-flavour
+    Debian kernel images are affected.
+
+CVE-2008-2812
+
+    Alan Cox discovered an issue in multiple tty drivers that allows
+    local users to trigger a denial of service (NULL pointer dereference)
+    and possibly obtain elevated privileges.
+
+CVE-2008-2826
+
+    Gabriel Campana discovered an integer overflow in the sctp code that
+    can be exploited by local users to cause a denial of service.
+
+CVE-2008-2931
+
+    Miklos Szeredi reported a missing privilege check in the do_change_type()
+    function. This allows local, unprivileged users to change the properties
+    of mount points.
+
+CVE-2008-3272
+
+    Tobias Klein reported a locally exploitable data leak in the
+    snd_seq_oss_synth_make_info() function. This may allow local users
+    to gain access to sensitive information.
+
+CVE-2008-3275
+
+    Zoltan Sogor discovered a coding error in the VFS that allows local users
+    to exploit a kernel memory leak resulting in a denial of service.
+
+For the stable distribution (etch), this problem has been fixed in
+version 2.6.18.dfsg.1-22etch2.
+
+We recommend that you upgrade your linux-2.6, fai-kernels, and
+user-mode-linux packages.
+
+Upgrade instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+The following matrix lists additional source packages that were rebuilt for
+compatability with or to take advantage of this update:
+
+                                             Debian 4.0 (etch)
+     fai-kernels                             1.17+etch.22etch2
+     user-mode-linux                         2.6.18-1um-2etch.22etch2
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+Debian GNU/Linux 4.0 alias etch
+-------------------------------
+
+Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
+
+
+  These changes will probably be included in the stable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce at lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

More information about the kernel-sec-discuss mailing list