From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----------------------------------------------------------------------
Debian Security Advisory DSA-1844-1
[email protected] http://www.debian.org/security/ Dann Frazier
July 28, 2009
http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6.24
Vulnerability : denial of service/privilege escalation
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-1385 CVE-2009-1389 CVE-2009-1630 CVE-2009-1633
CVE-2009-1895 CVE-2009-1914 CVE-2009-1961 CVE-2009-2406
CVE-2009-2407
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-1385
Neil Horman discovered a missing fix from the e1000 network driver.
A remote user may cause a denial of service by way of a kernel panic
triggered by specially crafted frame sizes.
CVE-2009-1389
Michael Tokarev discovered an issue in the r8169 network driver.
Remote users on the same LAN may cause a denial of service by way
of a kernel panic triggered by receiving a large size frame.
CVE-2009-1630
Frank Filz discovered that local users may be able to execute
files without execute permission when accessed via an nfs4 mount.
CVE-2009-1633
Jeff Layton and Suresh Jayaraman fixed several buffer overflows in
the CIFS filesystem which allow remote servers to cause memory
corruption.
CVE-2009-1895
Julien Tinnes and Tavis Ormandy reported and issue in the Linux
vulnerability code. Local users can take advantage of a setuid
binary that can either be made to dereference a NULL pointer or
drop privileges and return control to the user. This allows a
user to bypass mmap_min_addr restrictions which can be exploited
to execute arbitrary code.
CVE-2009-1914
Mikulas Patocka discovered an issue in sparc64 kernels that allows
local users to cause a denial of service (crash) by reading the
/proc/iomem file.
CVE-2009-1961
Miklos Szeredi reported an issue in the ocfs2 filesystem. Local
users can create a denial of service (filesystem deadlock) using
a particular sequence of splice system calls.
CVE-2009-2406
CVE-2009-2407
Ramon de Carvalho Valle discovered two issues with the eCryptfs
layered filesystem using the fsfuzzer utility. A local user with
permissions to perform an eCryptfs mount may modify the contents
of a eCryptfs file, overflowing the stack and potentially gaining
elevated privileges.
For the stable distribution (etch), these problems have been fixed in
version 2.6.24-6~etchnhalf.8etch2.
We recommend that you upgrade your linux-2.6.24 packages.
Note: Debian 'etch' includes linux kernel packages based upon both the
2.6.18 and 2.6.24 linux releases. All known security issues are
carefully tracked against both packages and both packages will receive
security updates until security support for Debian 'etch'
concludes. However, given the high frequency at which low-severity
security issues are discovered in the kernel and the resource
requirements of doing an update, lower severity 2.6.18 and 2.6.24
updates will typically release in a staggered or "leap-frog" fashion.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch2.diff.gz
Size/MD5 checksum: 4046697 0c540aa51d64fd0f41fefda0370a7d57
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch2.dsc
Size/MD5 checksum: 5117 8149bb152305e615760fd5accc516b17
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz
Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af
Architecture independent packages:
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb
Size/MD5 checksum: 931690 8230f79880ab579b104e9b34029cc97d
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb
Size/MD5 checksum: 1572166 59bdbfc8850a9eb4c7f09229f8481a04
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb
Size/MD5 checksum: 46892520 c736086affec0e829b80074008edc96d
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.8etch2_all.deb
Size/MD5 checksum: 97696 ac7c8e4af4d15f8e77817f3a2060621e
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb
Size/MD5 checksum: 4469630 76391a2afe93b14ef942260a2ab0f6c4
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb
Size/MD5 checksum: 82766 fccf13a8baefeb96443c00718b47178a
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch2_alpha.deb
Size/MD5 checksum: 26737560 705e6c1f456e523e4cd6e2199247ad8a
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch2_alpha.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)