[kernel-sec-discuss] r1179 - dsa-texts
dannf at alioth.debian.org
dannf at alioth.debian.org
Mon Jun 9 06:03:35 UTC 2008
Author: dannf
Date: 2008-06-09 06:03:34 +0000 (Mon, 09 Jun 2008)
New Revision: 1179
Added:
dsa-texts/2.6.18.dfsg.1-18etch6
Log:
new dsa text
Copied: dsa-texts/2.6.18.dfsg.1-18etch6 (from rev 1173, dsa-texts/2.6.18.dfsg.1-18etch5)
===================================================================
--- dsa-texts/2.6.18.dfsg.1-18etch6 (rev 0)
+++ dsa-texts/2.6.18.dfsg.1-18etch6 2008-06-09 06:03:34 UTC (rev 1179)
@@ -0,0 +1,80 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-1592-1 security at debian.org
+http://www.debian.org/security/ dann frazier
+Jun 08, 2008 http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package : linux-2.6
+Vulnerability : heap overflow
+Problem type : local/remote
+Debian-specific: no
+CVE Id(s) : CVE-2008-1673 CVE-2008-2358
+
+Two vulnerabilities have been discovered in the Linux kernel that may
+lead to a denial of service or arbitrary code execution. The Common
+Vulnerabilities and Exposures project identifies the following problems:
+
+CVE-2008-1673
+
+ Wei Wang from McAfee reported a potential heap overflow in the ASN.1
+ decode code that is used by the SNMP NAT and CIFS subsystems.
+ Exploitation of this issue may lead to arbitrary code execution. Note
+ that this issue is not believed to be exploitable with the pre-built
+ kernel images provided by Debian, but it might be an issue for custom
+ images built from the Debian-provided source package.
+
+CVE-2008-2358
+
+ Brandon Edwards of McAfee Avert labs discovered an issue in the
+ DCCP subsystem. Due to missing feature length checks it is possible
+ to cause an overflow they may result in remote arbitrary code execution.
+
+For the stable distribution (etch), this problem has been fixed in version
+2.6.18.dfsg.1-18etch6.
+
+The linux-2.6/mipsel build was not yet available at the time of this advisory.
+This advisory will be updated when this this build becomes available.
+
+We recommend that you upgrade your linux-2.6, fai-kernels, and
+user-mode-linux packages.
+
+Upgrade instructions
+--------------------
+
+wget url
+ will fetch the file for you
+dpkg -i file.deb
+ will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+ will update the internal database
+apt-get upgrade
+ will install corrected packages
+
+The following matrix lists additional source packages that were rebuilt for
+compatability with or to take advantage of this update:
+
+ Debian 4.0 (etch)
+ fai-kernels 1.17+etch.18etch6
+ user-mode-linux 2.6.18-1um-2etch.18etch6
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+Debian GNU/Linux 4.0 alias etch
+-------------------------------
+
+Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, powerpc, s390 and sparc.
+
+
+ These changes will probably be included in the stable distribution on
+ its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce at lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
More information about the kernel-sec-discuss
mailing list