[kernel-sec-discuss] r1460 - dsa-texts

Sun Aug 16 15:53:59 UTC 2009

Author: dannf
Date: 2009-08-16 15:53:59 +0000 (Sun, 16 Aug 2009)
New Revision: 1460

Added:
   dsa-texts/2.6.24-6~etchnhalf.8etch3
Log:
new text

Copied: dsa-texts/2.6.24-6~etchnhalf.8etch3 (from rev 1458, dsa-texts/2.6.24-6~etchnhalf.8etch2)
===================================================================

--- dsa-texts/2.6.24-6~etchnhalf.8etch3	                        (rev 0)
+++ dsa-texts/2.6.24-6~etchnhalf.8etch3	2009-08-16 15:53:59 UTC (rev 1460)
@@ -0,0 +1,69 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security at debian.org
+http://www.debian.org/security/                           Dann Frazier
+Aug 16, 2009                       http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6.24
+Vulnerability  : privilege escalation
+Problem type   : local
+Debian-specific: no
+CVE Id(s)      : CVE-2009-2692
+
+A vulnerability has been discovered in the Linux kernel that may lead
+to privilege escalation. The Common Vulnerabilities and Exposures project
+identifies the following problem:
+
+CVE-2009-2692
+
+    Tavis Ormandy and Julien Tinnes discovered an issue with how the
+    sendpage function is initialized in the proto_ops structure.
+    Local users can exploit this vulnerability to gain elevated
+    privileges.
+
+For the stable distribution (etch), these problems have been fixed in
+version 2.6.24-6~etchnhalf.8etch3.
+
+We recommend that you upgrade your linux-2.6.24 packages.
+
+Note: Debian 'etch' includes linux kernel packages based upon both the
+2.6.18 and 2.6.24 linux releases.  All known security issues are
+carefully tracked against both packages and both packages will receive
+security updates until security support for Debian 'etch'
+concludes. However, given the high frequency at which low-severity
+security issues are discovered in the kernel and the resource
+requirements of doing an update, lower severity 2.6.18 and 2.6.24
+updates will typically release in a staggered or "leap-frog" fashion.
+
+Upgrade instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+Debian GNU/Linux 4.0 alias etch
+-------------------------------
+
+Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
+
+  These changes will probably be included in the oldstable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce at lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>


