From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----------------------------------------------------------------------
Debian Security Advisory DSA-1865-1
[email protected] http://www.debian.org/security/ dann frazier
Aug 16, 2009
http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : denial of service/privilege escalation
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-1385 CVE-2009-1389 CVE-2009-1630 CVE-2009-1633
CVE-2009-2692
Several vulnerabilities have been discovered in the Linux kernel that
may lead to denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-1385
Neil Horman discovered a missing fix from the e1000 network
driver. A remote user may cause a denial of service by way of a
kernel panic triggered by specially crafted frame sizes.
CVE-2009-1389
Michael Tokarev discovered an issue in the r8169 network driver.
Remote users on the same LAN may cause a denial of service by way
of a kernel panic triggered by receiving a large size frame.
CVE-2009-1630
Frank Filz discovered that local users may be able to execute
files without execute permission when accessed via an nfs4 mount.
CVE-2009-1633
Jeff Layton and Suresh Jayaraman fixed several buffer overflows in
the CIFS filesystem which allow remote servers to cause memory
corruption.
CVE-2009-2692
Tavis Ormandy and Julien Tinnes discovered an issue with how the
sendpage function is initialized in the proto_ops structure.
Local users can exploit this vulnerability to gain elevated
privileges.
For the oldstable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-24etch3.
We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.
Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update:
Debian 4.0 (etch)
fai-kernels 1.17+etch.24etch3
user-mode-linux 2.6.18-1um-2etch.24etch3
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Oldstable updates are available for alpha, amd64, hppa, i386, ia64, mipsel, powerpc, s390 and sparc.
Updates for arm and mips will be released as they become available.
Source archives:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch3.diff.gz
Size/MD5 checksum: 5502587 1f75cb7f5ffbc73b1e2b0b4a97a4818a
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch3.dsc
Size/MD5 checksum: 5672 29c50f41751371587d0b9419b16d4062
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch3.dsc
Size/MD5 checksum: 892 cfc19bff4c8dfbbf1409ea4580c9e65c
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch3.diff.gz
Size/MD5 checksum: 20832 aae14eef6d9bfa7c75286e2a13d52e86
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
Size/MD5 checksum: 14435 4d10c30313e11a24621f7218c31f3582
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch3.tar.gz
Size/MD5 checksum: 59187 32a278830ac1d6ff997fdb78449be295
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch3.dsc
Size/MD5 checksum: 740 43f7e80adde3c68ab2867570d5c3538b
Architecture independent packages:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch3_all.deb
Size/MD5 checksum: 1829152 ec210817add89e6211386cf06fc8ce3c
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-24etch3_all.deb
Size/MD5 checksum: 58312 e26180474575467e5a6926df20cf7533
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-24etch3_all.deb
Size/MD5 checksum: 3592910 95a3a2f912a0c53f592301fb52e30000
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-24etch3_all.deb
Size/MD5 checksum: 3720284 804ba5739eeb2a45621e409dd061ea6c
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-24etch3_all.deb
Size/MD5 checksum: 1088746 a5bb602c0c70890e882d17921dc3c2ab
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-24etch3_all.deb
Size/MD5 checksum: 41472246 0feb6c24869684b69f60818b9a85ff5c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch3_alpha.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)