From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----------------------------------------------------------------------
Debian Security Advisory DSA-1630-1
[email protected] http://www.debian.org/security/ dann frazier
Aug 21, 2008
http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : denial of service/information leak
Problem type : several
Debian-specific: no
CVE Id(s) : CVE-2007-6282 CVE-2008-0598 CVE-2008-2729 CVE-2008-2812
CVE-2008-2826 CVE-2008-2931 CVE-2008-3272 CVE-2008-3275
Several vulnerabilities have been discovered in the Linux kernel that may
lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2007-6282
Dirk Nehring discovered a vulnerability in the IPsec code that allows
remote users to cause a denial of service by sending a specially crafted
ESP packet.
CVE-2008-0598
Tavis Ormandy discovered a vulnerability that allows local users to access
uninitialized kernel memory, possibly leaking sensitive data. This issue
is specific to the amd64-flavour kernel images.
CVE-2008-2729
Andi Kleen discovered an issue where uninitialized kernel memory
was being leaked to userspace during an exception. This issue may allow
local users to gain access to sensitive data. Only the amd64-flavour
Debian kernel images are affected.
CVE-2008-2812
Alan Cox discovered an issue in multiple tty drivers that allows
local users to trigger a denial of service (NULL pointer dereference)
and possibly obtain elevated privileges.
CVE-2008-2826
Gabriel Campana discovered an integer overflow in the sctp code that
can be exploited by local users to cause a denial of service.
CVE-2008-2931
Miklos Szeredi reported a missing privilege check in the do_change_type()
function. This allows local, unprivileged users to change the properties
of mount points.
CVE-2008-3272
Tobias Klein reported a locally exploitable data leak in the
snd_seq_oss_synth_make_info() function. This may allow local users
to gain access to sensitive information.
CVE-2008-3275
Zoltan Sogor discovered a coding error in the VFS that allows local users
to exploit a kernel memory leak resulting in a denial of service.
For the stable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-22etch2.
We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update:
Debian 4.0 (etch)
fai-kernels 1.17+etch.22etch2
user-mode-linux 2.6.18-1um-2etch.22etch2
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-22etch2.diff.gz
Size/MD5 checksum: 5378366 80a876fbcded8984ff47308cf2ece776
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
Size/MD5 checksum: 14435 4d10c30313e11a24621f7218c31f3582
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch2.dsc
Size/MD5 checksum: 740 080fa46e372743186c973658347ceee1
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.22etch2.dsc
Size/MD5 checksum: 892 30580beb633eb4806c40d659f552cd88
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-22etch2.dsc
Size/MD5 checksum: 5672 780d93329a4cedaad9d0539c1cc400ac
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.22etch2.diff.gz
Size/MD5 checksum: 18180 2b9bbd3f4bcc3852320fc60d6947607e
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch2.tar.gz
Size/MD5 checksum: 56550 01fd54902e7ac7c3035c5176f1deae3c
Architecture independent packages:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-22etch2_all.deb
Size/MD5 checksum: 3718952 804c3adc75403db743f603fd1dc44fa2
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-22etch2_all.deb
Size/MD5 checksum: 41460250 9fda57df0d76f6300b162c0765a87e32
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-22etch2_all.deb
Size/MD5 checksum: 1632622 6d644a3a0502065b7a9faa9a7efdb8f4
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-22etch2_all.deb
Size/MD5 checksum: 1087372 8ff719e7a81edaa38b5eca31a7aaee02
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-22etch2_all.deb
Size/MD5 checksum: 3590476 b803de0252e4f027567c5c13db4afe0a
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)