[kernel-sec-discuss] r1246 - dsa-texts

dannf at alioth.debian.org dannf at alioth.debian.org
Thu Oct 16 18:05:21 UTC 2008 

Author: dannf
Date: 2008-10-16 18:05:20 +0000 (Thu, 16 Oct 2008)
New Revision: 1246

Added:
   dsa-texts/2.6.24-6~etchnhalf.6
Log:
new draft

Copied: dsa-texts/2.6.24-6~etchnhalf.6 (from rev 1245, dsa-texts/2.6.24-6~etchnhalf.5)
===================================================================
--- dsa-texts/2.6.24-6~etchnhalf.6	                        (rev 0)
+++ dsa-texts/2.6.24-6~etchnhalf.6	2008-10-16 18:05:20 UTC (rev 1246)
@@ -0,0 +1,78 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security at debian.org
+http://www.debian.org/security/                           dann frazier
+Oct 16, 2008                        http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6.24
+Vulnerability  : denial of service/information leak/privilege escalation
+Problem type   : local
+Debian-specific: no
+CVE Id(s)      : CVE-2008-1514 CVE-2008-3525 CVE-2008-3831 CVE-2008-4113
+                 CVE-2008-4445
+
+Several vulnerabilities have been discovered in the Linux kernel that may
+lead to a denial of service or leak sensitive data. The Common Vulnerabilities
+and Exposures project identifies the following problems:
+
+CVE-2008-1514
+
+    Jan Kratochvil reported a local denial of service vulnerability in
+    the ptrace interface for the s390 architecture. Local users can
+    trigger an invalid pointer dereference, leading to a system panic.
+
+CVE-2008-3525
+
+    Eugene Teo reported a lack of capability checks in the kernel
+    driver for Granch SBNI12 leased line adapters (sbni), allowing
+    local users to perform privileged operations.
+
+CVE-2008-3831
+
+    Olaf Kirch discovered an issue with the i915 driver that may
+    allow local users to cause memory corruption by use of an
+    ioctl with insufficient privilege restrictions.
+
+CVE-2008-4113
+CVE-2008-4445
+
+    Eugene Teo discovered two issues in the SCTP subsystem which allow
+    local users to obtain access to sensitive memory when the SCTP-AUTH
+    extension is enabled.
+
+For the stable distribution (etch), these problems have been fixed in
+version 2.6.24-6~etchnhalf.6.
+
+We recommend that you upgrade your linux-2.6.24 packages.
+
+Upgrade instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+Debian GNU/Linux 4.0 alias etch
+-------------------------------
+
+
+  These changes will probably be included in the stable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce at lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

More information about the kernel-sec-discuss mailing list