[kernel-sec-discuss] r2054 - dsa-texts

Micah Anderson micah at alioth.debian.org
Fri Nov 26 19:49:40 UTC 2010


Author: micah
Date: 2010-11-26 19:49:40 +0000 (Fri, 26 Nov 2010)
New Revision: 2054

Modified:
   dsa-texts/2.6.26-26lenny1
Log:
standardize format justification

Modified: dsa-texts/2.6.26-26lenny1
===================================================================
--- dsa-texts/2.6.26-26lenny1	2010-11-26 19:47:49 UTC (rev 2053)
+++ dsa-texts/2.6.26-26lenny1	2010-11-26 19:49:40 UTC (rev 2054)
@@ -18,10 +18,9 @@
                  CVE-2010-4081 CVE-2010-4083 CVE-2010-4164
 Debian Bug(s)  :
                  
-Several vulnerabilities have been discovered in the Linux kernel that
-may lead to a privilege escalation, denial of service or information leak.
-The Common Vulnerabilities and Exposures project identifies the following
-problems:
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a privilege escalation, denial of service or information leak.  The Common
+Vulnerabilities and Exposures project identifies the following problems:
 
 CVE-2010-2963
 
@@ -33,8 +32,8 @@
 
 CVE-2010-3067
 
-    Tavis Ormandy discovered an issue in the io_submit system call. Local
-    users can cause an integer overflow resulting in a denial of service.
+    Tavis Ormandy discovered an issue in the io_submit system call. Local users
+    can cause an integer overflow resulting in a denial of service.
 
 CVE-2010-3296
 
@@ -54,34 +53,33 @@
 
 CVE-2010-3432
 
-    Thomas Dreibholz discovered an issue in the SCTP protocol that permits
-    a remote user to cause a denial of service (kernel panic).
+    Thomas Dreibholz discovered an issue in the SCTP protocol that permits a
+    remote user to cause a denial of service (kernel panic).
 
 CVE-2010-3437
 
     Dan Rosenberg discovered an issue in the pktcdvd driver. Local users with
-    permission to open /dev/pktcdvd/control can obtain the contents of
-    sensitive kernel memory or cause a denial of service. By default on
-    Debian systems, this access is restricted to members of the group 'cdrom'.
+    permission to open /dev/pktcdvd/control can obtain the contents of sensitive
+    kernel memory or cause a denial of service. By default on Debian systems,
+    this access is restricted to members of the group 'cdrom'.
 
 CVE-2010-3442
 
-    Dan Rosenberg discovered an issue in the ALSA sound system. Local users
-    with permission to open /dev/snd/controlC0 can create an integer overflow
+    Dan Rosenberg discovered an issue in the ALSA sound system. Local users with
+    permission to open /dev/snd/controlC0 can create an integer overflow
     condition that causes a denial of service. By default on Debian systems,
     this access is restricted to members of the group 'audio'.
 
 CVE-2010-3448
 
     Dan Jacobson reported an issue in the thinkpad-acpi driver. On certain
-    Thinkpad systems, local users can cause a denial of service (X.org crash)
-    by reading /proc/acpi/ibm/video.
+    Thinkpad systems, local users can cause a denial of service (X.org crash) by
+    reading /proc/acpi/ibm/video.
 
 CVE-2010-3477
 
-    Jeff Mahoney discovered an issue in the Traffic Policing (act_police)
-    module that allows local users to obtain the contents of sensitive kernel
-    memory.
+    Jeff Mahoney discovered an issue in the Traffic Policing (act_police) module
+    that allows local users to obtain the contents of sensitive kernel memory.
 
 CVE-2010-3705
 
@@ -92,14 +90,14 @@
 CVE-2010-3848
 
     Nelson Elhage discovered an issue in the Econet protocol. Local users can
-    cause a stack overflow condition with large msg->msgiovlen values that
-    can result in a denial of service or privilege escalation.
+    cause a stack overflow condition with large msg->msgiovlen values that can
+    result in a denial of service or privilege escalation.
 
 CVE-2010-3849
 
     Nelson Elhage discovered an issue in the Econet protocol. Local users can
-    cause a denial of service (oops) if a NULL remote addr value is passed
-    as a parameter to sendmsg().
+    cause a denial of service (oops) if a NULL remote addr value is passed as a
+    parameter to sendmsg().
 
 CVE-2010-3850
 
@@ -109,15 +107,15 @@
 
 CVE-2010-3858
 
-    Brad Spengler reported an issue in the setup_arg_pages() function. Due to
-    a bounds-checking failure, local users can create a denial of service
-    (kernel oops).
+    Brad Spengler reported an issue in the setup_arg_pages() function. Due to a
+    bounds-checking failure, local users can create a denial of service (kernel
+    oops).
 
 CVE-2010-3859
 
-    Dan Rosenberg reported an issue in the TIPC protocol. When the tipc
-    module is loaded, local users can gain elevated privileges via the
-    sendmsg() system call.
+    Dan Rosenberg reported an issue in the TIPC protocol. When the tipc module
+    is loaded, local users can gain elevated privileges via the sendmsg() system
+    call.
 
 CVE-2010-3873
 
@@ -132,24 +130,24 @@
 
 CVE-2010-3875
 
-    Vasiliy Kulikov discovered an issue in the AX.25 protocol. Local users
-    can obtain the contents of sensitive kernel memory.
+    Vasiliy Kulikov discovered an issue in the AX.25 protocol. Local users can
+    obtain the contents of sensitive kernel memory.
 
 CVE-2010-3876
 
-    Vasiliy Kulikov discovered an issue in the Packet protocol. Local users
-    can obtain the contents of sensitive kernel memory.
+    Vasiliy Kulikov discovered an issue in the Packet protocol. Local users can
+    obtain the contents of sensitive kernel memory.
 
 CVE-2010-3877
 
-    Vasiliy Kulikov discovered an issue in the TIPC protocol. Local users
-    can obtain the contents of sensitive kernel memory.
+    Vasiliy Kulikov discovered an issue in the TIPC protocol. Local users can
+    obtain the contents of sensitive kernel memory.
 
 CVE-2010-3880
 
     Nelson Elhage discovered an issue in the INET_DIAG subsystem. Local users
-    can cause the kernel to execute unaudited INET_DIAG bytecode, resulting
-    in a denial of service.
+    can cause the kernel to execute unaudited INET_DIAG bytecode, resulting in a
+    denial of service.
 
 CVE-2010-4072
 
@@ -176,30 +174,29 @@
 
 CVE-2010-4079
 
-    Dan Rosenberg reported an issue in the ivtvfb driver used for the
-    Hauppauge PVR-350 card. Local users with access to the framebuffer
-    device can obtain the contents of sensitive kernel memory via the
-    FBIOGET_VBLANK ioctl.
+    Dan Rosenberg reported an issue in the ivtvfb driver used for the Hauppauge
+    PVR-350 card. Local users with access to the framebuffer device can obtain
+    the contents of sensitive kernel memory via the FBIOGET_VBLANK ioctl.
     
 CVE-2010-4080
 
-    Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall
-    DSP audio devices. Local users with access to the audio device can
-    obtain the contents of sensitive kernel memory via the
-    SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl.
+    Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall DSP
+    audio devices. Local users with access to the audio device can obtain the
+    contents of sensitive kernel memory via the SNDRV_HDSP_IOCTL_GET_CONFIG_INFO
+    ioctl.
 
 CVE-2010-4081
 
-    Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall
-    DSP MADI audio devices. Local users with access to the audio device can
-    obtain the contents of sensitive kernel memory via the
+    Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall DSP
+    MADI audio devices. Local users with access to the audio device can obtain
+    the contents of sensitive kernel memory via the
     SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl.
 
 CVE-2010-4083
 
-    Dan Rosenberg discovered an issue in the semctl system call. Local users
-    can obtain the contents of sensitive kernel memory through usage of the
-    semid_ds structure.
+    Dan Rosenberg discovered an issue in the semctl system call. Local users can
+    obtain the contents of sensitive kernel memory through usage of the semid_ds
+    structure.
 
 CVE-2010-4164
 
@@ -207,14 +204,13 @@
     can achieve a denial of service (infinite loop) by taking advantage of an
     integer underflow in the facility parsing code.
 
-For the stable distribution (lenny), this problem has been fixed in
-version 2.6.26-26lenny1.
+For the stable distribution (lenny), this problem has been fixed in version
+2.6.26-26lenny1.
 
-We recommend that you upgrade your linux-2.6 and user-mode-linux
-packages.
+We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
 
-The following matrix lists additional source packages that were
-rebuilt for compatibility with or to take advantage of this update:
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
 
                                              Debian 5.0 (lenny)
      user-mode-linux                         2.6.26-1um-2+26lenny1




More information about the kernel-sec-discuss mailing list