[kernel-sec-discuss] r1749 - dsa-texts

Dann Frazier dannf at alioth.debian.org
Fri Feb 26 01:01:48 UTC 2010 

Author: dannf
Date: 2010-02-26 01:01:37 +0000 (Fri, 26 Feb 2010)
New Revision: 1749

Added:
   dsa-texts/2.6.24-6~etchnhalf.9etch3
Log:
new text

Copied: dsa-texts/2.6.24-6~etchnhalf.9etch3 (from rev 1746, dsa-texts/2.6.24-6~etchnhalf.9etch1)
===================================================================
--- dsa-texts/2.6.24-6~etchnhalf.9etch3	                        (rev 0)
+++ dsa-texts/2.6.24-6~etchnhalf.9etch3	2010-02-26 01:01:37 UTC (rev 1749)
@@ -0,0 +1,172 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security at debian.org
+http://www.debian.org/security/                           Dann Frazier
+February XX, 2010                   http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6.24
+Vulnerability  : privilege escalation/denial of service/sensitive memory leak
+Problem type   : local/remote
+Debian-specific: no
+CVE Id(s)      : CVE-2009-2691 CVE-2009-2695 CVE-2009-3080 CVE-2009-3726
+                 CVE-2009-3889 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021
+                 CVE-2009-4138 CVE-2009-4308 CVE-2009-4536 CVE-2009-4538
+                 CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0410
+                 CVE-2010-0415 CVE-2010-0622
+
+NOTE: This kernel update marks the final planned kernel security
+update for the 2.6.24 kernel in the Debian release 'etch'.
+Although security support for 'etch' officially ended on
+Feburary 15th, 2010, this update was already in preparation
+before that date.
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a denial of service, sensitive memory leak or privilege
+escalation.  The Common Vulnerabilities and Exposures project
+identifies the following problems:
+
+CVE-2009-2691
+
+    Steve Beattie and Kees Cook reported an information leak in the
+    maps and smaps files available under /proc. Local users maybe
+    able to read this data for setuid processes while the ELF binary
+    is being loaded.
+
+CVE-2009-2695
+
+    Eric Paris provided several fixes to increase the protection
+    provided by the mmap_min_addr tunable against NULL pointer
+    dereference vulnerabilities.
+
+CVE-2009-3080
+
+    Dave Jones reported an issue in the gdth SCSI driver. A missing
+    check for negative offsets in an ioctl call could be exploited by
+    local users to create a denial of service or potentially gain
+    elevated privileges.
+
+CVE-2009-3726
+
+    Trond Myklebust reported an issue where a malicious NFS server
+    could cause a denial of service condition on its clients by
+    returning incorrect attributes during an open call.
+
+CVE-2009-3889
+
+    Joe Malicki discovered an issue in the megaraid_sas driver.
+    Insufficient permissions on the sysfs dbg_lvl interface allow
+    local users to modify the debug logging behavior.
+
+CVE-2009-4005
+
+    Roel Kluin discovered an issue in the hfc_usb driver, an ISDN
+    driver for Colognechip HFC-S USB chip. A potential read overflow
+    exists which may allow remote users to cause a denial of service
+    condition (oops).
+
+CVE-2009-4020
+
+    Amerigo Wang discovered an issue in the HFS filesystem that would
+    allow a denial of service by a local user who has sufficient
+    privileges to mount a specially crafted filesystem.
+    
+CVE-2009-4021
+
+    Anana V. Avati discovered an issue in the fuse subsystem. If the
+    system is sufficiently low on memory, a local user can cause the
+    kernel to dereference an invalid pointer resulting in a denial of
+    service (oops) and potentially an escalation of privileges.
+
+CVE-2009-4138
+
+    Jay Fenlason discovered an issue in the firewire stack that allows
+    local users to cause a denial of service (oops or crash) by making
+    a specially crafted ioctl call.
+
+CVE-2009-4308
+
+    Ted Ts'o discovered an issue in the ext4 filesystem that allows
+    local users to cause a denial of service (NULL pointer dereference).
+    For this to be exploitable, the local user must have sufficient
+    privileges to mount a filesystem.
+
+CVE-2009-4536 & CVE-2009-4538
+
+    Fabian Yamaguchi reported issues in the e1000 and e1000e drivers
+    for Intel gigabit network adapters which allow remote users to
+    bypass packet filters using specially crafted ethernet frames.
+    
+CVE-2010-0003
+
+    Andi Kleen reported a defect which allows local users to gain read
+    access to memory reachable by the kernel when the
+    print-fatal-signals option is enabled. This option is disabled by
+    default.
+
+CVE-2010-0007
+
+    Florian Westphal reported a lack of capability checking in the
+    ebtables netfilter subsystem. If the ebtables module is loaded,
+    local users can add and modify ebtables rules.
+
+CVE-2010-0291
+
+    Al Viro reported several issues with the mmap/mremap system calls
+    that allow local users to cause a denial of service (system panic)
+    or obtain elevated privileges.
+
+CVE-2010-0410
+
+     Sebastian Krahmer discovered an issue in the netlink connector
+     subsystem that permits local users to allocate large amounts of
+     system memory resulting in a denial of service (out of memory).
+
+CVE-2010-0415
+
+    Ramon de Carvalho Valle discovered an issue in the sys_move_pages
+    interface, limited to amd64, ia64 and powerpc64 flavors in Debian.
+    Local users can exploit this issue to cause a denial of service
+    (system crash) or gain access to sensitive kernel memory.
+
+CVE-2010-0622
+
+    Jermome Marchand reported an issue in the futex subsystem that
+    allows a local user to force an invalid futex state which results
+    in a denial of service (oops).
+
+For the oldstable distribution (etch), this problem has been fixed in
+version 2.6.24-6~etchnhalf.9etch3.
+
+We recommend that you upgrade your linux-2.6.24 packages.
+
+Upgrade instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+Debian GNU/Linux 4.0 alias etch
+-------------------------------
+
+
+  These changes will probably be included in the oldstable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce at lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

More information about the kernel-sec-discuss mailing list