From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-1929-1 [email protected] http://www.debian.org/security/ Dann Frazier
November 5, 2009 http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package : linux-2.6
Vulnerability : privilege escalation/denial of service/sensitive memory leak Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-1883 CVE-2009-2909 CVE-2009-3001 CVE-2009-3002
CVE-2009-3228 CVE-2009-3238 CVE-2009-3286 CVE-2009-3547
CVE-2009-3612 CVE-2009-3621

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2009-1883

Solar Designer discovered a missing capability check in the
z90crypt driver or s390 systems. This vulnerability may allow
a local user to gain elevated privileges.

CVE-2009-2909

Arjan van de Ven discovered an issue in the AX.25 protocol
implementation. A specially crafted call to setsockopt() can
result in a denial of service (kernel oops).

CVE-2009-3001

Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE
802.2 LLC implementation. This is not exploitable in the Debian
lenny kernel as root privileges are required to exploit this
issue.

CVE-2009-3002

Eric Dumazet fixed several sensitive memory leaks in the IrDA,
X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area
Network (CAN) implementations. Local users can exploit these
issues to gain access to kernel memory.

CVE-2009-3228

Eric Dumazet reported an instance of uninitialized kernel memory
in the network packet scheduler. Local users may be able to
exploit this issue to read the contents of sensitive kernel
memory.

CVE-2009-3238

Linus Torvalds provided a change to the get_random_int() function
to increase its randomness.

CVE-2009-3286

Eric Paris discovered an issue with the NFSv4 server
implementation. When an O_EXCL create fails, files may be left
with corrupted permissions, possibly granting unintentional
privileges to other local users.

CVE-2009-3547

Earl Chew discovered a NULL pointer dereference issue in the
pipe_rdwr_open function which can be used by local users to gain
elevated privileges.

CVE-2009-3612

Jiri Pirko discovered a typo in the initialization of a structure
in the netlink subsystem that may allow local users to gain access
to sensitive kernel memory.

CVE-2009-3621

Tomoki Sekiyama discovered a deadlock condition in the UNIX domain
socket implementation. Local users can exploit this vulnerability
to cause a denial of service (system hang).

For the oldstable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-26etch1.

We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.

Note: Debian 'etch' includes linux kernel packages based upon both the
2.6.18 and 2.6.24 linux releases. All known security issues are
carefully tracked against both packages and both packages will receive
security updates until security support for Debian 'etch'
concludes. However, given the high frequency at which low-severity
security issues are discovered in the kernel and the resource
requirements of doing an update, lower severity 2.6.18 and 2.6.24
updates will typically release in a staggered or "leap-frog" fashion.

The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update:

Debian 4.0 (etch)
fai-kernels 1.17+etch.26etch1
user-mode-linux 2.6.18-1um-2etch.26etch1

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Oldstable updates are available for alpha, amd64, hppa, i386,
ia64, powerpc and s390 architectures. Updates for other
architectures will be released as the they become available.

Source archives:

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch1.diff.gz
Size/MD5 checksum: 5514957 b9cb3b1e1ba1196b9020e6d07d48b752
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch1.dsc
Size/MD5 checksum: 5673 4ba2595893287a7b82713ca182aad7be
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060

Architecture independent packages:

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-26etch1_all.deb
Size/MD5 checksum: 3721660 836e780dd306ee60318d8ac1c28087eb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-26etch1_all.deb
Size/MD5 checksum: 41474520 7457b0e444adb6b31dbcda82768671cd
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-26etch1_all.deb
Size/MD5 checksum: 1852976 ec11d9e2967a87b27fac807f80218d0e
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-26etch1_all.deb
Size/MD5 checksum: 58896 e7dc19b1c3f0a22c1764420642117fa8
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-26etch1_all.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)