From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----------------------------------------------------------------------
Debian Security Advisory DSA-1845-1
[email protected] http://www.debian.org/security/ dann frazier
Jun 28, 2009
http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : denial of service, privilege escalation
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-1895 CVE-2009-2287 CVE-2009-2406 CVE-2009-2407
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-1895
Julien Tinnes and Tavis Ormandy reported an issue in the Linux
personality code. Local users can take advantage of a setuid
binary that can either be made to dereference a NULL pointer or
drop privileges and return control to the user. This allows a
user to bypass mmap_min_addr restrictions which can be exploited
to execute arbitrary code.
CVE-2009-2287
Matt T. Yourst discovered an issue in the kvm subsystem. Local
users with permission to manipulate /dev/kvm can cause a denial
of service (hang) by providing an invalid cr3 value to the
KVM_SET_SREGS call.
CVE-2009-2406
CVE-2009-2407
Ramon de Carvalho Valle discovered two issues with the eCryptfs
layered filesystem using the fsfuzzer utility. A local user with
permissions to perform an eCryptfs mount may modify the contents
of a eCryptfs file, overflowing the stack and potentially gaining
elevated privileges.
For the stable distribution (lenny), these problems have been fixed in
version 2.6.26-17lenny1.
For the oldstable distribution (etch), these problems, where
applicable, will be fixed in updates to linux-2.6 and linux-2.6.24.
We recommend that you upgrade your linux-2.6 and user-mode-linux
packages.
Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update:
Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+17lenny1
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-17lenny1.diff.gz
Size/MD5 checksum: 7379386 e39e1610a5bf0ecf7213c7d0cdf2d2b8
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-17lenny1.dsc
Size/MD5 checksum: 5777 af1732ba4824c10f33f9f9d47646b71e
Architecture independent packages:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-17lenny1_all.deb
Size/MD5 checksum: 1796746 513b2bc4b33984b4b8aee8fe5eba0eb6
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-17lenny1_all.deb
Size/MD5 checksum: 121474 6a5b4b1258d5413a289c622f53618048
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-17lenny1_all.deb
Size/MD5 checksum: 49364258 a711fe6f43baac15f31ec8410cca0208
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-17lenny1_all.deb
Size/MD5 checksum: 2306752 c927a4be24692ff4ba314437ad3cb858
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-17lenny1_all.deb
Size/MD5 checksum: 4846320 eed4194a6f0c2622b89d0f4f22bce41f
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-17lenny1_all.deb
Size/MD5 checksum: 105386 b363ddaddee39208f28189904b441135
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-17lenny1_alpha.deb
Size/MD5 checksum: 28339784 20ad51628add3cb2c07fb8998e311ceb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-17lenny1_alpha.deb
Size/MD5 checksum: 365102 8da1c0d879b2bc4262782c80daf4748e
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-17lenny1_alpha.deb
Size/MD5 checksum: 29031684 906c285dc4d53632bf4a5e66259183b0
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny1_alpha.deb
Size/MD5 checksum: 104956 840b14d789cc4ba914f967e7c9570951
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-17lenny1_alpha.deb
Size/MD5 checksum: 362972 f950f072ef0f7fc0e756c9c29a9108ad
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-17lenny1_alpha.deb
Size/MD5 checksum: 28317390 1cb8ed6ae8dcbac77691399363ba94e6
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny1_alpha.deb
Size/MD5 checksum: 3541642 602567f93cdd4ddebc261d819b26aab7
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)