[kernel-sec-discuss] r2489 - dsa-texts

Dann Frazier dannf at alioth.debian.org
Fri Sep 9 22:30:25 UTC 2011 

Author: dannf
Date: 2011-09-09 22:30:24 +0000 (Fri, 09 Sep 2011)
New Revision: 2489

Added:
   dsa-texts/2.6.32-35squeeze2
Log:
Initial draft


Copied: dsa-texts/2.6.32-35squeeze2 (from rev 2486, dsa-texts/2.6.32-35squeeze1)
===================================================================
--- dsa-texts/2.6.32-35squeeze2	                        (rev 0)
+++ dsa-texts/2.6.32-35squeeze2	2011-09-09 22:30:24 UTC (rev 2489)
@@ -0,0 +1,157 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-2303-2                security at debian.org
+http://www.debian.org/security/                           Dann Frazier
+September 9, 2011                   http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : privilege escalation/denial of service/information leak
+Problem type   : local/remote
+Debian-specific: no
+CVE Id(s)      : CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491
+                 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497
+                 CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723
+                 CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928
+                 CVE-2011-3188 CVE-2011-3191
+Debian Bug     : 640966
+
+The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a
+regression that can result in an oops during invalid accesses to
+/proc/<pid>/maps files.
+
+
+The text of the original advisory is reproduced for reference:
+
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a denial of service or privilege escalation. The Common Vulnerabilities and
+Exposures project identifies the following problems:
+
+CVE-2011-1020 
+
+    Kees Cook discovered an issue in the /proc filesystem that allows local
+    users to gain access to sensitive process information after execution of a
+    setuid binary.
+
+CVE-2011-1576 
+
+    Ryan Sweat discovered an issue in the VLAN implementation. Local users may
+    be able to cause a kernel memory leak, resulting in a denial of service.
+
+CVE-2011-2484 
+
+    Vasiliy Kulikov of Openwall discovered that the number of exit handlers that
+    a process can register is not capped, resulting in local denial of service
+    through resource exhaustion (cpu time and memory).
+
+CVE-2011-2491
+
+    Vasily Averin discovered an issue with the NFS locking implementation.  A
+    malicious NFS server can cause a client to hang indefinitely in an unlock
+    call.
+
+CVE-2011-2492 
+
+    Marek Kroemeke and Filip Palian discovered that uninitialized struct
+    elements in the Bluetooth subsystem could lead to a leak of sensitive kernel
+    memory through leaked stack memory.
+
+CVE-2011-2495 
+
+    Vasiliy Kulikov of Openwall discovered that the io file of a process' proc
+    directory was world-readable, resulting in local information disclosure of
+    information such as password lengths.
+
+CVE-2011-2496 
+
+    Robert Swiecki discovered that mremap() could be abused for local denial of
+    service by triggering a BUG_ON assert.
+
+CVE-2011-2497
+
+    Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,
+    which could lead to denial of service or privilege escalation.
+
+CVE-2011-2517 
+
+    It was discovered that the netlink-based wireless configuration interface
+    performed insufficient length validation when parsing SSIDs, resulting in
+    buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a
+    denial of service.
+
+CVE-2011-2525 
+
+    Ben Pfaff reported an issue in the network scheduling code. A local user
+    could cause a denial of service (NULL pointer dereference) by sending a
+    specially crafted netlink message.
+
+CVE-2011-2700 
+
+    Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the
+    driver for the Si4713 FM Radio Transmitter driver used by N900 devices.
+    Local users could exploit this issue to cause a denial of service or
+    potentially gain elevated privileges.
+
+CVE-2011-2723
+
+    Brent Meshier reported an issue in the GRO (generic receive offload)
+    implementation. This can be exploited by remote users to create a denial of
+    service (system crash) in certain network device configurations.
+
+CVE-2011-2905 
+
+    Christian Ohm discovered that the 'perf' analysis tool searches for its
+    config files in the current working directory. This could lead to denial of
+    service or potential privilege escalation if a user with elevated privileges
+    is tricked into running 'perf' in a directory under the control of the
+    attacker.
+
+CVE-2011-2909 
+
+    Vasiliy Kulikov of Openwall discovered that a programming error in
+    the Comedi driver could lead to the information disclosure through 
+    leaked stack memory.
+
+CVE-2011-2918 
+
+    Vince Weaver discovered that incorrect handling of software event overflows
+    in the 'perf' analysis tool could lead to local denial of service.
+
+CVE-2011-2928
+
+    Timo Warns discovered that insufficient validation of Be filesystem images
+    could lead to local denial of service if a malformed filesystem image is
+    mounted.
+
+CVE-2011-3188 
+
+    Dan Kaminsky reported a weakness of the sequence number generation in the
+    TCP protocol implementation. This can be used by remote attackers to inject
+    packets into an active session.
+
+CVE-2011-3191
+
+    Darren Lavender reported an issue in the Common Internet File System (CIFS).
+    A malicious file server could cause memory corruption leading to a denial of
+    service.
+
+This update also includes a fix for a regression introduced with the previous
+security fix for CVE-2011-1768 (Debian: #633738)
+
+For the stable distribution (squeeze), this problem has been fixed in version
+2.6.32-35squeeze1. Updates for issues impacting the oldstable distribution
+(lenny) will be available soon.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+                                             Debian 6.0 (squeeze)
+     user-mode-linux                         2.6.32-1um-4+35squeeze1
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: http://www.debian.org/security/
+
+Mailing list: debian-security-announce at lists.debian.org
+

More information about the kernel-sec-discuss mailing list