[kernel-sec-discuss] r2051 - dsa-texts
Dann Frazier
dannf at alioth.debian.org
Fri Nov 26 18:57:10 UTC 2010
Author: dannf
Date: 2010-11-26 18:57:07 +0000 (Fri, 26 Nov 2010)
New Revision: 2051
Added:
dsa-texts/2.6.26-26lenny1
Log:
new draft
Copied: dsa-texts/2.6.26-26lenny1 (from rev 2043, dsa-texts/2.6.26-25lenny1)
===================================================================
--- dsa-texts/2.6.26-26lenny1 (rev 0)
+++ dsa-texts/2.6.26-26lenny1 2010-11-26 18:57:07 UTC (rev 2051)
@@ -0,0 +1,258 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1 security at debian.org
+http://www.debian.org/security/ dann frazier
+November XX, 2010 http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package : linux-2.6
+Vulnerability : privilege escalation/denial of service/information leak
+Problem type : local/remote
+Debian-specific: no
+CVE Id(s) : CVE-2010-2963 CVE-2010-3067 CVE-2010-3296 CVE-2010-3297
+ CVE-2010-3310 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442
+ CVE-2010-3448 CVE-2010-3477 CVE-2010-3705 CVE-2010-3848
+ CVE-2010-3849 CVE-2010-3850 CVE-2010-3858 CVE-2010-3859
+ CVE-2010-3873 CVE-2010-3874 CVE-2010-3875 CVE-2010-3876
+ CVE-2010-3877 CVE-2010-3880 CVE-2010-4072 CVE-2010-4073
+ CVE-2010-4074 CVE-2010-4078 CVE-2010-4079 CVE-2010-4080
+ CVE-2010-4081 CVE-2010-4083 CVE-2010-4164
+Debian Bug(s) :
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information leak.
+The Common Vulnerabilities and Exposures project identifies the following
+problems:
+
+CVE-2010-2963
+
+ Kees Cook discovered an issue in v4l 32-bit compatibility layer for
+ 64-bit systems that allows local users with /dev/video write permission
+ to overwrite arbitrary kernel memory, potentially leading to a privelege
+ escalation. On Debian systems, access to /dev/video devices is restricted
+ to members of the 'video' group by default.
+
+CVE-2010-3067
+
+ Tavis Ormandy discovered an issue in the io_submit system call. Local
+ users can cause an intenger overflow resulting in a denial of service.
+
+CVE-2010-3296
+
+ Dan Rosenberg discovered an issue in the cxgb network driver that allows
+ unprivileged users to obtain the contents of sensitive kernel memory.
+
+CVE-2010-3297
+
+ Dan Rosenberg discovered an issue in the eql network driver that allows
+ local users to obtain the contents of sensitive kernel memory.
+
+CVE-2010-3310
+
+ Dan Rosenberg discovered an issue in the ROSE socket implementation. On
+ systems with a rose device, local users can cause a denial of service
+ (kernel memory corruption).
+
+CVE-2010-3432
+
+ Thomas Dreibholz discovered an issue in the SCTP protocol that permits
+ a remote user to cause a denial of service (kernel panic).
+
+CVE-2010-3437
+
+ Dan Rosenberg discovered an issue in the pktcdvd driver. Local users with
+ permission to open /dev/pktcdvd/control can obtain the contents of
+ sensitive kernel memory or cause a denial of service. By default on
+ Debian systems, this access is restricted to members of the group 'cdrom'.
+
+CVE-2010-3442
+
+ Dan Rosenberg discovered an issue in the ALSA sound system. Local users
+ with permission to open /dev/snd/controlC0 can create an integer overflow
+ condition that causes a denial of service. By default on Debian systems,
+ this access is restricted to members of the group 'audio'.
+
+CVE-2010-3448
+
+ Dan Jacobson reported an issue in the thinkpad-acpi driver. On certain
+ Thinkpad systems, local users can cause a denial of service (X.org crash)
+ by reading /proc/acpi/ibm/video.
+
+CVE-2010-3477
+
+ Jeff Mahoney discovered an issue in the Traffic Policing (act_police)
+ module that allows local users to obtain the contents of sensitive kernel
+ memory.
+
+CVE-2010-3705
+
+ Dan Rosenberg reported an issue in the HMAC processing code in the SCTP
+ protocol that allows remote users to create a denial of service (memory
+ corruption).
+
+CVE-2010-3848
+
+ Nelson Elhage discovered an issue in the Econet protocol. Local users can
+ cause a stack overflow condition with large msg->msgiovlen values that
+ can result in a denial of service or privilege escalation.
+
+CVE-2010-3849
+
+ Nelson Elhage discovered an issue in the Econet protocol. Local users can
+ cause a denial of service (oops) if a NULL remote addr value is passed
+ as a parameter to sendmsg().
+
+CVE-2010-3850
+
+ Nelson Elhage of Ksplice discovered an issue in the Econet protocol. Local
+ users can assign econet addresses to arbitrary interfaces due to a missing
+ capabilities check.
+
+CVE-2010-3858
+
+ Brad Spengler reported an issue in the setup_arg_pages() function. Due to
+ a bounds-checking failure, local users can create a denial of service
+ (kernel oops).
+
+CVE-2010-3859
+
+ Dan Rosenberg reported an issue in the TIPC protocol. When the tipc
+ module is loaded, local users can gain elevated privileges via the
+ sendmsg() system call.
+
+CVE-2010-3873
+
+ Dan Rosenberg reported an issue in the X.25 network protocol. Local users
+ can cause heap corruption, resulting in a denial of service (kernel panic).
+
+CVE-2010-3874
+
+ Dan Rosenberg discovered an issue in the Control Area Network (CAN)
+ subsystem on 64-bit systems. Local users maybe able to cause a denial
+ of service (heap corruption).
+
+CVE-2010-3875
+
+ Vasiliy Kulikov discovered an issue in the AX.25 protocol. Local users
+ can obtain the contents of sensitive kernel memory.
+
+CVE-2010-3876
+
+ Vasiliy Kulikov discovered an issue in the Packet protocol. Local users
+ can obtain the contents of sensitive kernel memory.
+
+CVE-2010-3877
+
+ Vasiliy Kulikov discovered an issue in the TIPC protocol. Local users
+ can obtain the contents of sensitive kernel memory.
+
+CVE-2010-3880
+
+ Nelson Elhage discovered an issue in the INET_DIAG subsystem. Local users
+ can cause the kernel to execute unaudited INET_DIAG bytecode, resulting
+ in a denial of service.
+
+CVE-2010-4072
+
+ Kees Cook discovered an issue in the System V shared memory subsystem.
+ Local users can obtain the contents of sensitive kernel memory.
+
+CVE-2010-4073
+
+ Dan Rosenberg discovered an issue in the System V shared memory subsystem.
+ Local users on 64-bit system can obtain the contents of sensitive kernel
+ memory via the 32-bit compatible semctl() system call.
+
+CVE-2010-4074
+
+ Dan Rosenberg reported issues in the mos7720 and mos7840 drivers for USB
+ serial converter devices. Local users with access to these devices can
+ obtain the contents of sensitive kernel memory.
+
+CVE-2010-4078
+
+ Dan Rosenberg reported an issue in the framebuffer driver for SiS graphics
+ chipesets (sisfb). Local users with access to the framebuffer device can
+ obtain the contents of sensitive kernel memory via the FBIOGET_VBLANK ioctl.
+
+CVE-2010-4079
+
+ Dan Rosenberg reported an issue in the ivtvfb driver used for the
+ Hauppauge PVR-350 card. Local users with access to the framebuffer
+ device can obtain the contents of sensitive kernel memory via the
+ FBIOGET_VBLANK ioctl.
+
+CVE-2010-4080
+
+ Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall
+ DSP audio devices. Local users with access to the audio device can
+ obtain the contents of sensitive kernel memory via the
+ SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl.
+
+CVE-2010-4081
+
+ Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall
+ DSP MADI audio devices. Local users with access to the audio device can
+ obtain the contents of sensitive kernel memory via the
+ SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl.
+
+CVE-2010-4083
+
+ Dan Rosenberg discovered an issue in the semctl system call. Local users
+ can obtain the contents of sensitive kernel memory through usage of the
+ semid_ds structure.
+
+CVE-2010-4164
+
+ Dan Rosenberg discoverd an issue in the X.25 network protocol. Remote users
+ can achieve a denial of service (infinite loop) by taking advantage of an
+ integer underflow in the facility parsing code.
+
+For the stable distribution (lenny), this problem has been fixed in
+version 2.6.26-26lenny1.
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux
+packages.
+
+The following matrix lists additional source packages that were
+rebuilt for compatibility with or to take advantage of this update:
+
+ Debian 5.0 (lenny)
+ user-mode-linux 2.6.26-1um-2+26lenny1
+
+Upgrade instructions
+--------------------
+
+wget url
+ will fetch the file for you
+dpkg -i file.deb
+ will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+ will update the internal database
+apt-get upgrade
+ will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+Debian GNU/Linux 5.0 alias lenny
+--------------------------------
+
+Stable updates are available for alpha, amd64, armel, hppa, i386, ia64, mipsel,
+powerpc, and sparc. Updates for other architectures will be released as they
+become available.
+
+Source archives:
+
+
+ These files will probably be moved into the stable distribution on
+ its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce at lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
More information about the kernel-sec-discuss
mailing list