[kernel] r5347 - patch-tracking/dsa-texts

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Jan 8 14:09:34 UTC 2006 

Author: jmm-guest
Date: Sun Jan  8 14:09:33 2006
New Revision: 5347

Added:
   patch-tracking/dsa-texts/
   patch-tracking/dsa-texts/2.6.8-sarge2
Log:
Add the preliminary DSA advisory text, proof-reading and spell-checking welcome.


Added: patch-tracking/dsa-texts/2.6.8-sarge2
==============================================================================
--- (empty file)
+++ patch-tracking/dsa-texts/2.6.8-sarge2	Sun Jan  8 14:09:33 2006
@@ -0,0 +1,197 @@
+Subject: New XXXXXXXX packages fix XXXXXXXXXXXXXXXXXXXXXXXXX
+
+--------------------------------------------------------------------------
+Debian Security Advisory DSA XXX-1                     security at debian.org
+http://www.debian.org/security/                             Martin Schulze
+XXXXX 8th, 2005                         http://www.debian.org/security/faq
+--------------------------------------------------------------------------
+
+Package        : kernel-source-2.6.8
+Vulnerability  : several
+Problem-Type   : local/remote XXX
+Debian-specific: no
+CVE ID         : 
+Debian Bug     : 
+
+Several local and remote vulnerabilities have been discovered in the Linux
+kernel that may lead to a denial of service or the execution of arbitrary
+code. The Common Vulnerabilities and Exposures project identifies the
+following problems:
+
+CVE-2005-0449
+    
+    An error in the skb_checksum_help() function from the netfilter framework
+    has been discovered that allows the bypass of packet filter rules or
+    a denial of service attack.
+
+CVE-2005-2457
+
+    Tim Yamin discovered that insufficient input validation in the zisofs driver
+    for compressed ISO file systems allows a denial of service attack through
+    crafted ISO images.
+
+CVE-2005-2490
+
+    A buffer overflow in the sendmsg() function allows local users to execute
+    arbitrary code.
+
+CVE-2005-2555
+
+    Herbert Xu discovered that the setsockopt() function was not restricted to
+    users/processes with the CAP_NET_ADMIN capability. This allows attackers to
+    manipulate IPSEC policies or initiate a denial of service attack. 
+
+CVE-2005-2709
+
+    Al Viro discovered a race condition in the /proc handling of network devices.
+    A (local) attacker could exploit the stale reference after interface shutdown
+    to cause a denial of service or possibly execute code in kernel mode.
+
+CVE-2005-2800
+
+    Jan Blunck discovered that repeated failed reads of /proc/scsi/sg/devices
+    leak memory, which allows a denial of service attack.
+
+CVE-2005-2973
+ 
+    Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code
+    can be forced into an endless loop, which allows a denial of service attack.
+
+CVE-2005-3044
+
+    Vasiliy Averin discovered that the reference counters from sockfd_put() and 
+    fput() can be forced into overlapping, which allows a denial of service attack
+    through a null pointer dereference.
+
+CVE-2005-3053
+
+    Eric Dumazet discovered that the set_mempolicy() system call accepts a negative
+    value for it's first argument, which triggers a BUG() assert. This allows a
+    denial of service attack.
+
+CVE-2005-3180
+
+    Pavel Roskin discovered that the driver for Orinoco wireless cards clears
+    it's buffers insufficiently. This could leak sensitive information into
+    user space.
+
+CVE-2005-3181
+
+    Robert Derr discovered that the audit subsystem uses an incorrect function to
+    free memory, which allows a denial of service attack.
+
+CVE-2005-3257
+
+    Rudolf Polzer discovered that the kernel improperly restricts access to the
+    KDSKBSENT ioctl, which can possibly lead to privilege escalation.
+
+CVE-2005-3358
+
+    Doug Chapman discovered that passing a 0 zero bitmask to the set_mempolicy()
+    system call leads to a kernel panic, which allows a denial of service attack.
+
+CVE-2005-3784
+
+    The auto-reaping functionality included ptraced processes, which allows denial
+    of service through dangling references.
+
+CVE-2005-3806
+
+    Yen Zheng discovered that the IPv6 flow label code modified an incorrect variable,
+    which could lead to memory corruption and denial of service.
+
+CVE-2005-3847
+
+    It was discovered that a threaded real-time process, which is currently dumping
+    core can be forced into a dead-lock situation by sending it a SIGKILL signal,
+    which allows a denial of service attack. 
+
+CVE-2005-3848
+
+    Ollie Wild discovered a memory leak in the icmp_push_reply() function, which
+    allows denial of service through memory consumption.
+
+CVE-2005-3857
+
+    Chris Wright discovered that excessive allocation of broken file lock leases
+    in the VFS layer can exhause memory and fill up the system logging, which allows
+    denial of service.
+
+CVE-2005-3858
+
+    Patrick McHardy discovered a memory leak in the ip6_input_finish() function from
+    the IPv6 code, which allows denial of service.
+
+CVE-2005-4605
+
+    foo
+
+CVE-2006-0095
+
+    foo
+
+CVE-2006-0096
+
+    foo
+
+
+
+
+
+
+XXXXXXXXXXXXXXXXXXXXXX
+
+
+The following matrix explains which kernel version for which architecture
+fix the problems mentioned above:
+
+                                 Debian 3.1 (sarge)
+     Source                      2.6.8-16sarge2
+     Alpha architecture          2.6.8-16sarge2
+     AMD64 architecture          2.6.8-16sarge2
+     HP Precision architecture   2.6.8-6sarge2
+     Intel IA-32 architecture    2.6.8-16sarge2
+     Intel IA-64 architecture    2.6.8-14sarge2
+     Motorola 680x0 architecture 2.6.8-4sarge2
+     PowerPC architecture        2.6.8-12sarge2
+     IBM S/390 architecture      2.6.8-5sarge2
+     Sun Sparc architecture      2.6.8-15sarge2
+
+We recommend that you upgrade your kernel package immediately and reboot
+the machine.
+
+Upgrade Instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+
+Debian GNU/Linux 3.0 alias woody
+--------------------------------
+
+Debian GNU/Linux 3.1 alias sarge
+--------------------------------
+
+
+  These files will probably be moved into the stable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce at lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

More information about the Kernel-svn-changes mailing list