From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----------------------------------------------------------------------
Debian Security Advisory DSA-1636-1
[email protected] http://www.debian.org/security/ dann frazier
Sep 11, 2008
http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6.24
Vulnerability : denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2008-3272 CVE-2008-3275 CVE-2008-3276 CVE-2008-3526
CVE-2008-3534 CVE-2008-3535 CVE-2008-3792 CVE-2008-3915
Several vulnerabilities have been discovered in the Linux kernel that may
lead to a denial of service or leak sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-3272
Tobias Klein reported a locally exploitable data leak in the
snd_seq_oss_synth_make_info() function. This may allow local users
to gain access to sensitive information.
CVE-2008-3275
Zoltan Sogor discovered a coding error in the VFS that allows local users
to exploit a kernel memory leak resulting in a denial of service.
CVE-2008-3276
Eugene Teo reported an integer overflow in the DCCP subsystem that
may allow remote attackers to cause a denial of service in the form
of a kernel panic.
CVE-2008-3526
Eugene Teo reported a missing bounds check in the SCTP subsystem.
By exploiting an integer overflow in the SCTP_AUTH_KEY handling code,
remote attackers may be able to cause a denial of service in the form
of a kernel panic.
CVE-2008-3534
Kel Modderman reported an issue in the tmpfs filesystem that allows
local users to crash a system by triggering a kernel BUG() assertion.
CVE-2008-3535
Alexey Dobriyan discovered an off-by-one-error in the iov_iter_advance
function which can be exploited by local users to crash a system,
resulting in a denial of service.
CVE-2008-3792
Vlad Yasevich reported several NULL pointer reference conditions in
the SCTP subsystem that can be triggered by entering sctp-auth codepaths
when the AUTH feature is inactive. This may allow attackers to cause
a denial of service condition via a system panic.
CVE-2008-3915
Johann Dahm and David Richter reported and issue in the nfsd subsystem
that may allow remote attackers to cause a denial of service via a
buffer overflow.
For the stable distribution (etch), these problems have been fixed in
version 2.6.24-6~etchnhalf.5.
We recommend that you upgrade your linux-2.6.24 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.5.dsc
Size/MD5 checksum: 5107 77e0185b5d5efa18885eae513acffa6a
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.5.diff.gz
Size/MD5 checksum: 3932827 40cb2fb2852c48b6da11ef1e0c59a8fa
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz
Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af
Architecture independent packages:
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.5_all.deb
Size/MD5 checksum: 81100 0382c2c77051367e8efd9d3d933f85ef
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.5_all.deb
Size/MD5 checksum: 4259616 a87291ee36a46fc9c5c040f83afa7f9f
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.5_all.deb
Size/MD5 checksum: 46858178 d62d102e8478bb14caa6d0303c68ff6b
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb
Size/MD5 checksum: 749438 9312478438ae81439074ceec72d3a349
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.5_all.deb
Size/MD5 checksum: 1548872 1a56b95a09b2caf8e6347578755d5ba6
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb
Size/MD5 checksum: 95464 9950e248bbe489b64444fb60e3e9af1c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.5_alpha.deb
Size/MD5 checksum: 329894 bb02e9c4f2fe7e1310684551faa9a9b5
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_alpha.deb
Size/MD5 checksum: 3451808 cadb76f47bc14f9f9913948064d3b5d1
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.5_alpha.deb
Size/MD5 checksum: 330578 997f843c7f72105a1c8ee98313a2eb3d
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.5_alpha.deb
Size/MD5 checksum: 329692 51d9297b6a5f9d9b24fc0d65ace4d5bb
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.5_alpha.deb
Size/MD5 checksum: 26727706 530929644c7009f4736d98daf9aa46c8
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_alpha.deb
Size/MD5 checksum: 80702 b446326eb5d9772054e23e3ff52ad6fe
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)