[kernel-sec-discuss] r2499 - dsa-texts

Dann Frazier dannf at alioth.debian.org
Tue Sep 20 03:17:06 UTC 2011


Author: dannf
Date: 2011-09-20 03:17:05 +0000 (Tue, 20 Sep 2011)
New Revision: 2499

Added:
   dsa-texts/2.6.26-26lenny4
Log:
new text


Copied: dsa-texts/2.6.26-26lenny4 (from rev 2496, dsa-texts/2.6.26-26lenny3)
===================================================================
--- dsa-texts/2.6.26-26lenny4	                        (rev 0)
+++ dsa-texts/2.6.26-26lenny4	2011-09-20 03:17:05 UTC (rev 2499)
@@ -0,0 +1,143 @@
+-------------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                   security at debian.org
+http://www.debian.org/security/                              dann frazier
+September 20, 2011                     http://www.debian.org/security/faq
+-------------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : privilege escalation/denial of service/information leak
+Problem type   : local/remote
+Debian-specific: no
+CVE Id(s)      : CVE-2009-4067 CVE-2011-0712 CVE-2011-1020 CVE-2011-2209
+                 CVE-2011-2211 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491
+                 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497
+                 CVE-2011-2525 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191
+Debian Bug     : 633738
+
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a privilege escalation, denial of service or information leak.  The Common
+Vulnerabilities and Exposures project identifies the following problems:
+
+[*]CVE-2009-4067
+
+    Rafael Dominguez Vega of MWR InfoSecurity reported an issue in auerswald
+    module, a driver for Auerswald PBX/System Telephone USB devices.
+    Attackers with physical access to a system's USB ports could obtain
+    elevated privileges using a specially crafted USB device.
+
+[*]CVE-2011-0712
+
+    Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq
+    module, a USB driver for Native Instruments USB audio devices. Attackers
+    with physical access to a system's USB ports could obtain elevated
+    privileges using a specially crafted USB device.
+
+CVE-2011-1020
+
+    Kees Cook discovered an issue in the /proc filesystem that allows local
+    users to gain access to sensitive process information after execution of a
+    setuid binary.
+
+[*]CVE-2011-2209
+
+    Dan Rosenberg discovered an issue in the osf_sysinfo() system call on
+    the alpha architecture. Local users could obtain access to sensitive
+    kernel memory.
+    
+[*]CVE-2011-2211
+
+    Dan Rosenberg discovered an issue in the osf_wait4() system call on the
+    alpha architecture permitting local users to gain elevated privileges.
+
+[*]CVE-2011-2213
+
+    Dan Rosenberg discovered an issue in the INET socket monitoring interface.
+    Local users could cause a denial of service by injecting code and causing
+    the kernel to execute an infinite loop.
+
+CVE-2011-2484
+
+    Vasiliy Kulikov of Openwall discovered that the number of exit handlers that
+    a process can register is not capped, resulting in local denial of service
+    through resource exhaustion (cpu time and memory).
+
+CVE-2011-2491
+
+    Vasily Averin discovered an issue with the NFS locking implementation.  A
+    malicious NFS server can cause a client to hang indefinitely in an unlock
+    call.
+
+CVE-2011-2492
+
+    Marek Kroemeke and Filip Palian discovered that uninitialized struct
+    elements in the Bluetooth subsystem could lead to a leak of sensitive kernel
+    memory through leaked stack memory.
+
+CVE-2011-2495
+
+    Vasiliy Kulikov of Openwall discovered that the io file of a process' proc
+    directory was world-readable, resulting in local information disclosure of
+    information such as password lengths.
+
+CVE-2011-2496
+
+    Robert Swiecki discovered that mremap() could be abused for local denial of
+    service by triggering a BUG_ON assert.
+
+CVE-2011-2497
+
+    Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,
+    which could lead to denial of service or privilege escalation.
+
+CVE-2011-2525
+
+    Ben Pfaff reported an issue in the network scheduling code. A local user
+    could cause a denial of service (NULL pointer dereference) by sending a
+    specially crafted netlink message.
+
+CVE-2011-2928
+
+    Timo Warns discovered that insufficient validation of Be filesystem images
+    could lead to local denial of service if a malformed filesystem image is
+    mounted.
+
+CVE-2011-3188
+
+    Dan Kaminsky reported a weakness of the sequence number generation in the
+    TCP protocol implementation. This can be used by remote attackers to inject
+    packets into an active session.
+
+CVE-2011-3191
+
+    Darren Lavender reported an issue in the Common Internet File System (CIFS).
+    A malicious file server could cause memory corruption leading to a denial of
+    service.
+
+This update also includes a fix for a regression introduced with the previous
+security fix for CVE-2011-1768 (Debian: #633738)
+
+For the oldstable distribution (lenny), this problem has been fixed in
+version 2.6.26-26lenny4.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+                                             Debian 5.0 (lenny)
+     user-mode-linux                         2.6.26-1um-2+26lenny4
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
+These updates will not become active until after your system is rebooted.
+
+Note: Debian carefully tracks all known security issues across every
+linux kernel package in all releases under active security support.
+However, given the high frequency at which low-severity security
+issues are discovered in the kernel and the resource requirements of
+doing an update, updates for lower priority issues will normally not
+be released for all kernels at the same time. Rather, they will be
+released in a staggered or "leap-frog" fashion.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: http://www.debian.org/security/
+
+Mailing list: debian-security-announce at lists.debian.org




More information about the kernel-sec-discuss mailing list