From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-1787-1 [email protected] http://www.debian.org/security/ Dann Frazier
May 2, 2009 http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package : linux-2.6.24
Vulnerability : denial of service/privilege escalation/information leak Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2008-4307 CVE-2008-5079 CVE-2008-5395 CVE-2008-5700
CVE-2008-5701 CVE-2008-5702 CVE-2009-0028 CVE-2009-0029
CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322
CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0834
CVE-2009-0859 CVE-2009-1046 CVE-2009-1192 CVE-2009-1242
CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2008-4307

Bryn M. Reeves reported a denial of service in the NFS filesystem.
Local users can trigger a kernel BUG() due to a race condition in
the do_setlk function.

CVE-2008-5079

Hugo Dias reported a DoS condition in the ATM subsystem that can
be triggered by a local user by calling the svc_listen function
twice on the same socket and reading /proc/net/atm/*vc.

CVE-2008-5395

Helge Deller discovered a denial of service condition that allows
local users on PA-RISC systems to crash a system by attempting to
unwind a stack contiaining userspace addresses.

CVE-2008-5700

Alan Cox discovered a lack of minimum timeouts on SG_IO requests,
which allows local users of systems using ATA to cause a denial of
service by forcing drives into PIO mode.

CVE-2008-5701

Vlad Malov reported an issue on 64-bit MIPS systems where a local
user could cause a system crash by crafing a malicious binary
which makes o32 syscalls with a number less than 4000.

CVE-2008-5702

Zvonimir Rakamaric reported an off-by-one error in the ib700wdt
watchdog driver which allows local users to cause a buffer
underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl
call.

CVE-2009-0028

Chris Evans discovered a situation in which a child process can
send an arbitrary signal to its parent.

CVE-2009-0029

Christian Borntraeger discovered an issue effecting the alpha,
mips, powerpc, s390 and sparc64 architectures that allows local
users to cause a denial of service or potentially gain elevated
privileges.

CVE-2009-0031

Vegard Nossum discovered a memory leak in the keyctl subsystem
that allows local users to cause a denial of service by consuming
all of kernel memory.

CVE-2009-0065

Wei Yongjun discovered a memory overflow in the SCTP
implementation that can be triggered by remote users, permitting
remote code execution.

CVE-2009-0269

Duane Griffin provided a fix for an issue in the eCryptfs
subsystem which allows local users to cause a denial of service
(fault or memory corruption).

CVE-2009-0322

Pavel Roskin provided a fix for an issue in the dell_rbu driver
that allows a local user to cause a denial of service (oops) by
reading 0 byts from a sysfs entry.

CVE-2009-0675

Roel Kluin discovered inverted logic in the skfddi driver that
permits local, unprivileged users to reset the driver statistics.

CVE-2009-0676

Clement LECIGNE discovered a bug in the sock_getsockopt function
that may result in leaking sensitive kernel memory.

CVE-2009-0745

Peter Kerwien discovered an issue in the ext4 filesystem that
allows local users to cause a denial of service (kernel oops)
during a resize operation.

CVE-2009-0834

Roland McGrath discovered an issue on amd64 kernels that allows
local users to circumvent system call audit configurations which
filter based on the syscall numbers or argument details.

CVE-2009-0859

Jiri Olsa discovered that a local user can cause a denial of
service (system hang) using a SHM_INFO shmctl call on kernels
compiled with CONFIG_SHMEM disabled. This issue does not affect
prebuilt Debian kernels.

CVE-2009-1046

Mikulas Patocka reported an issue in the console subsystem that
allows a local user to cause memory corruption by selecting a
small number of 3-byte UTF-8 characters.

CVE-2009-1192

Shaohua Li reported an issue in the AGP subsystem they may allow
local users to read sensitive kernel memory due to a leak of
uninitialized memory.

CVE-2009-1242

Benjamin Gilbert reported a local denial of service vulnerability
in the KVM VMX implementation that allows local users to trigger
an oops.

CVE-2009-1265

Thomas Pollet reported an overflow in the af_rose implementation
that allows remote attackers to retrieve uninitialized kernel
memory that may contain sensitive data.

CVE-2009-1337

Oleg Nesterov discovered an issue in the exit_notify function that
allows local users to send an arbitrary signal to a process by
running a program that modifies the exit_signal field and then
uses an exec system call to launch a setuid application.

CVE-2009-1338

Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to
reach processes outside of the current process namespace.

CVE-2009-1439

Pavan Naregundi reported an issue in the CIFS filesystem code that
allows remote users to overwrite memory via a long
nativeFileSystem field in a Tree Connect response during mount.

For the stable distribution (etch), these problems have been fixed in
version 2.6.24-6~etchnhalf.8etch1.

We recommend that you upgrade your linux-2.6.24 packages.

Note: Debian 'etch' includes linux kernel packages based upon both the

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)