[kernel] r6583 - patch-tracking/dsa-texts

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed May 17 04:51:31 UTC 2006 

Author: jmm-guest
Date: Wed May 17 04:51:30 2006
New Revision: 6583

Added:
   patch-tracking/dsa-texts/2.6.8-sarge3

Log:
new draft for sarge3 DSA


Added: patch-tracking/dsa-texts/2.6.8-sarge3
==============================================================================
--- (empty file)
+++ patch-tracking/dsa-texts/2.6.8-sarge3	Wed May 17 04:51:30 2006
@@ -0,0 +1,92 @@
+Subject: New Linux kernel 2.6.8 packages fix several issues
+
+--------------------------------------------------------------------------
+Debian Security Advisory DSA XXX-1                     security at debian.org
+http://www.debian.org/security/                               Dann Frazier
+XXXXX 8th, 2005                         http://www.debian.org/security/faq
+--------------------------------------------------------------------------
+
+Package        : kernel-source-2.6.8
+Vulnerability  : several
+Problem-Type   : local/remote
+Debian-specific: no
+CVE ID         : CVE-2005-3359 CVE-2006-0038
+Debian Bug     : 
+
+Several local and remote vulnerabilities have been discovered in the Linux
+kernel that may lead to a denial of service or the execution of arbitrary
+code. The Common Vulnerabilities and Exposures project identifies the
+following problems:
+
+CVE-2005-3359
+
+    Franz Filz discovered that some socket calls permit causing inconsistent
+    reference counts on loadable modules, which allows local users to cause
+    a denial of service.
+    
+CVE-2006-0038
+
+    foo
+
+CVE-2006-1864
+
+    Mark Mosely discovered that chroots residing on an SMB share can be
+    escaped with specially crafted "cd" sequences.
+
+CVE-2006-1864
+
+    Mark Mosely discovered that chroots residing on an CIFS share can be
+    escaped with specially crafted "cd" sequences.
+
+
+The following matrix explains which kernel version for which architecture
+fix the problems mentioned above:
+
+                                 Debian 3.1 (sarge)
+     Source                      2.6.8-16sarge3
+     Alpha architecture          2.6.8-16sarge3
+     AMD64 architecture          2.6.8-16sarge3
+     HP Precision architecture   2.6.8-6sarge3
+     Intel IA-32 architecture    2.6.8-16sarge3
+     Intel IA-64 architecture    2.6.8-14sarge3
+     Motorola 680x0 architecture 2.6.8-4sarge3
+     PowerPC architecture        2.6.8-12sarge3
+     IBM S/390 architecture      2.6.8-5sarge3
+     Sun Sparc architecture      2.6.8-15sarge3
+
+We recommend that you upgrade your kernel package immediately and reboot
+the machine. If you have built a custom kernel from the kernel source
+package, you will need to rebuild to take advantage of these fixes.
+
+Upgrade Instructions
+--------------------
+
+wget url
+        will fetch the file for you
+dpkg -i file.deb
+        will install the referenced file.
+
+If you are using the apt-get package manager, use the line for
+sources.list as given below:
+
+apt-get update
+        will update the internal database
+apt-get upgrade
+        will install corrected packages
+
+You may use an automated update by adding the resources from the
+footer to the proper configuration.
+
+
+Debian GNU/Linux 3.1 alias sarge
+--------------------------------
+
+
+  These files will probably be moved into the stable distribution on
+  its next update.
+
+---------------------------------------------------------------------------------
+For apt-get: deb http://security.debian.org/ stable/updates main
+For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
+Mailing list: debian-security-announce at lists.debian.org
+Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

More information about the Kernel-svn-changes mailing list