[kernel-sec-discuss] r2357 - dsa-texts

Dann Frazier dannf at alioth.debian.org
Sat Jun 18 23:23:03 UTC 2011 

Author: dannf
Date: 2011-06-18 23:23:02 +0000 (Sat, 18 Jun 2011)
New Revision: 2357

Modified:
   dsa-texts/2.6.26-26lenny3
Log:
flesh out

Modified: dsa-texts/2.6.26-26lenny3
===================================================================
--- dsa-texts/2.6.26-26lenny3	2011-06-18 23:11:14 UTC (rev 2356)
+++ dsa-texts/2.6.26-26lenny3	2011-06-18 23:23:02 UTC (rev 2357)
@@ -1,7 +1,7 @@
 -------------------------------------------------------------------------
-Debian Security Advisory DSA-XXXX-1                   security at debian.org
+Debian Security Advisory DSA-2264-1                   security at debian.org
 http://www.debian.org/security/                              dann frazier
-June XX, 2011                          http://www.debian.org/security/faq
+June 18, 2011                          http://www.debian.org/security/faq
 -------------------------------------------------------------------------
 
 Package        : linux-2.6
@@ -175,9 +175,9 @@
 
 CVE-2011-1493
 
-    Dan Rosenburg reported two issues in the Linux implementation of the Amateur
-    Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of service
-    by providing specially crafted facilities fields.
+    Dan Rosenburg reported two issues in the Linux implementation of the
+    Amateur Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of
+    service by providing specially crafted facilities fields.
 
 CVE-2011-1577
 
@@ -206,10 +206,10 @@
 CVE-2011-1746
 
     Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
-    Local users can obtain elevated privileges or cause a denial of service due
-    to missing bounds checking in the agp_allocate_memory and
-    agp_create_user_memory. On default Debian installations, this is exploitable
-    only by users in the video group.
+    Local users can obtain elevated privileges or cause a denial of service
+    due to missing bounds checking in the agp_allocate_memory and
+    agp_create_user_memory. On default Debian installations, this is
+    exploitable only by users in the video group.
 
 CVE-2011-1748
 
@@ -226,8 +226,8 @@
 CVE-2011-1767
 
     Alexecy Dobriyan reported an issue in the GRE over IP implementation.
-    Remote users can cause a denial of service by sending a packet during module
-    initialization.
+    Remote users can cause a denial of service by sending a packet during
+    module initialization.
 
 CVE-2011-1768
 
@@ -239,8 +239,8 @@
 
     Timo Warns reported an issue in the Linux implementation for GUID
     partitions. Users with physical access can gain access to sensitive kernel
-    memory by adding a storage device with a specially crafted corrupted invalid
-    partition table.
+    memory by adding a storage device with a specially crafted corrupted
+    invalid partition table.
 
 CVE-2011-2022
 
@@ -254,8 +254,9 @@
     Ben Hutchings reported an issue with the fix for CVE-2011-1017 (see above)
     that made it insufficient to resolve the issue.
 
-For the stable distribution (lenny), this problem has been fixed in
-version 2.6.26-26lenny2.
+For the oldstable distribution (lenny), this problem has been fixed in
+version 2.6.26-26lenny3. Updates for arm and hppa are not yet available,
+but will be released as soon as possible.
 
 The following matrix lists additional source packages that were rebuilt for
 compatibility with or to take advantage of this update:
@@ -264,9 +265,15 @@
      user-mode-linux                         2.6.26-1um-2+26lenny3
 
 We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
+These updates will not become active until after your system is rebooted.
 
-Note that these updates will not become active until after your system is
-rebooted.
+Note: Debian carefully tracks all known security issues across every
+linux kernel package in all releases under active security support.
+However, given the high frequency at which low-severity security
+issues are discovered in the kernel and the resource requirements of
+doing an update, updates for lower priority issues will normally not
+be released for all kernels at the same time. Rather, they will be
+released in a staggered or "leap-frog" fashion.
 
 Further information about Debian Security Advisories, how to apply
 these updates to your system and frequently asked questions can be

More information about the kernel-sec-discuss mailing list