[kernel-sec-discuss] r1535 - dsa-texts
Dann Frazier
dannf at alioth.debian.org
Wed Oct 21 06:56:08 UTC 2009
Author: dannf
Date: 2009-10-21 06:56:06 +0000 (Wed, 21 Oct 2009)
New Revision: 1535
Added:
dsa-texts/2.6.26-19lenny1
Log:
new text
Copied: dsa-texts/2.6.26-19lenny1 (from rev 1534, dsa-texts/2.6.26-17lenny2)
===================================================================
--- dsa-texts/2.6.26-19lenny1 (rev 0)
+++ dsa-texts/2.6.26-19lenny1 2009-10-21 06:56:06 UTC (rev 1535)
@@ -0,0 +1,147 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1 security at debian.org
+http://www.debian.org/security/ dann frazier
+October 21, 2009 http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package : linux-2.6
+Vulnerability : privilege escalation/denial of service/sensitive memory leak
+Problem type : local/remote
+Debian-specific: no
+CVE Id(s) : CVE-2009-2695 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909
+ CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3286
+ CVE-2009-3290 CVE-2009-3613
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a denial of service, sensitive memory leak or privilege escalation.
+The Common Vulnerabilities and Exposures project identifies the following
+problems:
+
+CVE-2009-2695
+
+ Eric Paris provided several fixes to increase the protection
+ provided by the mmap_min_addr tunable against NULL pointer
+ dereference vulnerabilities.
+
+ Unless your system needs to run applications that require mapping low
+ addresses (such as wine or dosemu), it is recommended to increase
+ the value of mmap_min_addr to protect against NULL pointer exploits.
+ This can be configured using the procps package:
+ # echo "vm.mmap_min_addr = 32768" > /etc/sysctl.d/mmap_min_addr.conf
+ # /etc/init.d/procps restart
+
+CVE-2009-2903
+
+ Mark Smith discovered a memory leak in the appletalk implementation.
+ When the appletalk and ipddp modules are loaded, but no ipddp"N" device is
+ found, remote attackers can cause a denial of service by consuming
+ large amounts of system memory.
+
+CVE-2009-2908
+
+ Loïc Minier discovered an issue in the eCryptfs filesystem. A local
+ user can cause a denial of service (kernel oops) by causing a dentry
+ value to go negative.
+
+CVE-2009-2909
+
+ Arjan van de Ven discovered an issue in the AX.25 protocol
+ implementation. A specially crafted call to setsockopt() can
+ result in a denial of service (kernel oops).
+
+CVE-2009-2910
+
+ Jan Beulich discovered the existence of a sensitive kernel memory
+ leak. Systems running the 'amd64' kernel do not properly sanitize
+ registers for 32-bit processes.
+
+CVE-2009-3001
+
+ Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC
+ implementation. This is not exploitable in the Debian lenny kernel as root
+ privileges are required to exploit this issue.
+
+CVE-2009-3002
+
+ Eric Dumazet fixed several sensitive memory leaks in the IrDA,
+ X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area
+ Network (CAN) implementations. Local users can exploit these issues
+ to gain access to kernel memory.
+
+CVE-2009-3286
+
+ Eric Paris discovered an issue with the NFSv4 server implementation.
+ When an O_EXCL create fails, files may be left with corrupted
+ permissions, possibly granting unintenional privileges to other
+ local users.
+
+CVE-2009-3290
+
+ Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM
+ does not prevent access to MMU hypercalls from ring 0, which allows
+ local guest OS users to cause a denial of service (guest kernel crash)
+ and read or write guest kernel memory.
+
+CVE-2009-3613
+
+ Alistair Strachan reported an issue in the r8169 driver. Remote users
+ can cause a denial of service (IOMMU space exhaustion and system crash)
+ by transmitting a large amount of jumbo frames.
+
+For the stable distribution (lenny), this problem has been fixed in
+version 2.6.26-19lenny1.
+
+For the oldstable distribution (etch), these problems, where
+applicable, will be fixed in updates to linux-2.6 and linux-2.6.24.
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux
+packages.
+
+Note: Debian carefully tracks all known security issues across every
+linux kernel package in all releases under active security support.
+However, given the high frequency at which low-severity security
+issues are discovered in the kernel and the resource requirements of
+doing an update, updates for lower priority issues will normally not
+be released for all kernels at the same time. Rather, they will be
+released in a staggered or "leap-frog" fashion.
+
+Upgrade instructions
+--------------------
+
+wget url
+ will fetch the file for you
+dpkg -i file.deb
+ will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+ will update the internal database
+apt-get upgrade
+ will install corrected packages
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+ Debian 5.0 (lenny)
+ user-mode-linux 2.6.26-1um-2+19lenny1
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+Debian GNU/Linux 5.0 alias lenny
+--------------------------------
+
+Stable updates are currently available for alpha, arm, amd64, armel, hppa, i386, ia64, mips, mipsel, powerpc, sparc, and s390.
+
+XXXX
+
+ These changes will probably be included in the stable distribution on
+ its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce at lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
More information about the kernel-sec-discuss
mailing list