From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----------------------------------------------------------------------
Debian Security Advisory DSA-1872-1
[email protected] http://www.debian.org/security/ dann frazier
August 24, 2009
http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : denial of service/privilege escalation/information leak Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-2698 CVE-2009-2846 CVE-2009-2847 CVE-2009-2848
CVE-2009-2849
Several vulnerabilities have been discovered in the Linux kernel that
may lead to denial of service, privilege escalation or a leak of
sensitive memory. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-2698
Herbert Xu discovered an issue in the way UDP tracks corking
status that could allow local users to cause a denial of service
(system crash). Tavis Ormandy and Julien Tinnes discovered that
this issue could also be used by local users to gain elevated
privileges.
CVE-2009-2846
Michael Buesch noticed a typing issue in the eisa-eeprom driver
for the hppa architecture. Local users could exploit this issue to
gain access to restricted memory.
CVE-2009-2847
Ulrich Drepper noticed an issue in the do_sigalstack routine on
64-bit systems. This issue allows local users to gain access to
potentially sensitive memory on the kernel stack.
CVE-2009-2848
Eric Dumazet discovered an issue in the execve path, where the
clear_child_tid variable was not being properly cleared. Local
users could exploit this issue to cause a denial of service
(memory corruption).
CVE-2009-2849
Neil Brown discovered an issue in the sysfs interface to md
devices. When md arrays are not active, local users can exploit
this vulnerability to cause a denial of service (oops).
For the oldstable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-24etch4.
We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.
Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.
The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update:
Debian 4.0 (etch)
fai-kernels 1.17+etch.24etch4
user-mode-linux 2.6.18-1um-2etch.24etch4
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch4.diff.gz
Size/MD5 checksum: 5562205 77430d6cfab939a4d1c82fab6ab70af3
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch4.dsc
Size/MD5 checksum: 5672 733c4de16e92e78c23341c948c2b3e37
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4.tar.gz
Size/MD5 checksum: 59372 8f60164e762c338a2d2079eda83c9b68
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4.dsc
Size/MD5 checksum: 740 710f999fbfec7dbbee77d348a1dd244e
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch4.diff.gz
Size/MD5 checksum: 21030 6d4d20763b630aa689b0b138ded756b2
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
Size/MD5 checksum: 14435 4d10c30313e11a24621f7218c31f3582
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch4.dsc
Size/MD5 checksum: 892 e4bec3b34d424dea506a3a6ed4f815e4
Architecture independent packages:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
Size/MD5 checksum: 1106754 784c53a2a3feae6160564b0f0e7dc007
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
Size/MD5 checksum: 42135958 ef71049a4dc7c64a8ca3192ad9449519
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb
Size/MD5 checksum: 3756268 c5e762c82dd9167192ebe7665b00d1d7
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
Size/MD5 checksum: 3755558 4e26460f729469e3bf131cb1a1dbeab8
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
Size/MD5 checksum: 58560 743409764b9885dcb83c68dac363164d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
Size/MD5 checksum: 1837790 c9ae535585a5459ea473c2497d1c0ce4
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch4_alpha.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)