[kernel-sec-discuss] r1536 - dsa-texts
Micah Anderson
micah at alioth.debian.org
Wed Oct 21 13:41:58 UTC 2009
Author: micah
Date: 2009-10-21 13:41:58 +0000 (Wed, 21 Oct 2009)
New Revision: 1536
Modified:
dsa-texts/2.6.26-19lenny1
Log:
fixed unintentional typo, justified text
Modified: dsa-texts/2.6.26-19lenny1
===================================================================
--- dsa-texts/2.6.26-19lenny1 2009-10-21 06:56:06 UTC (rev 1535)
+++ dsa-texts/2.6.26-19lenny1 2009-10-21 13:41:58 UTC (rev 1536)
@@ -23,25 +23,26 @@
provided by the mmap_min_addr tunable against NULL pointer
dereference vulnerabilities.
- Unless your system needs to run applications that require mapping low
- addresses (such as wine or dosemu), it is recommended to increase
- the value of mmap_min_addr to protect against NULL pointer exploits.
- This can be configured using the procps package:
+ Unless your system needs to run applications that require mapping
+ low addresses (such as wine or dosemu), it is recommended to
+ increase the value of mmap_min_addr to protect against NULL
+ pointer exploits. This can be configured using the procps
+ package:
# echo "vm.mmap_min_addr = 32768" > /etc/sysctl.d/mmap_min_addr.conf
# /etc/init.d/procps restart
CVE-2009-2903
- Mark Smith discovered a memory leak in the appletalk implementation.
- When the appletalk and ipddp modules are loaded, but no ipddp"N" device is
- found, remote attackers can cause a denial of service by consuming
- large amounts of system memory.
+ Mark Smith discovered a memory leak in the appletalk
+ implementation. When the appletalk and ipddp modules are loaded,
+ but no ipddp"N" device is found, remote attackers can cause a
+ denial of service by consuming large amounts of system memory.
CVE-2009-2908
- Loïc Minier discovered an issue in the eCryptfs filesystem. A local
- user can cause a denial of service (kernel oops) by causing a dentry
- value to go negative.
+ Loïc Minier discovered an issue in the eCryptfs filesystem. A
+ local user can cause a denial of service (kernel oops) by causing
+ a dentry value to go negative.
CVE-2009-2909
@@ -57,36 +58,37 @@
CVE-2009-3001
- Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC
- implementation. This is not exploitable in the Debian lenny kernel as root
- privileges are required to exploit this issue.
+ Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE
+ 802.2 LLC implementation. This is not exploitable in the Debian
+ lenny kernel as root privileges are required to exploit this
+ issue.
CVE-2009-3002
Eric Dumazet fixed several sensitive memory leaks in the IrDA,
X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area
- Network (CAN) implementations. Local users can exploit these issues
- to gain access to kernel memory.
+ Network (CAN) implementations. Local users can exploit these
+ issues to gain access to kernel memory.
CVE-2009-3286
- Eric Paris discovered an issue with the NFSv4 server implementation.
- When an O_EXCL create fails, files may be left with corrupted
- permissions, possibly granting unintenional privileges to other
- local users.
+ Eric Paris discovered an issue with the NFSv4 server
+ implementation. When an O_EXCL create fails, files may be left
+ with corrupted permissions, possibly granting unintentional
+ privileges to other local users.
CVE-2009-3290
Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM
- does not prevent access to MMU hypercalls from ring 0, which allows
- local guest OS users to cause a denial of service (guest kernel crash)
- and read or write guest kernel memory.
+ does not prevent access to MMU hypercalls from ring 0, which
+ allows local guest OS users to cause a denial of service (guest
+ kernel crash) and read or write guest kernel memory.
CVE-2009-3613
- Alistair Strachan reported an issue in the r8169 driver. Remote users
- can cause a denial of service (IOMMU space exhaustion and system crash)
- by transmitting a large amount of jumbo frames.
+ Alistair Strachan reported an issue in the r8169 driver. Remote
+ users can cause a denial of service (IOMMU space exhaustion and
+ system crash) by transmitting a large amount of jumbo frames.
For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-19lenny1.
More information about the kernel-sec-discuss
mailing list