From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----------------------------------------------------------------------
Debian Security Advisory DSA-2012-1
[email protected] http://www.debian.org/security/ dann frazier
March 11, 2010
http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-3725 CVE-2010-0622
Debian Bug(s) : 568561 570554
Two vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-3725
Philipp Reisner reported an issue in the connector subsystem
which allows unprivileged users to send netlink packets. This
allows local users to manipulate settings for uvesafb devices
which are normally reserved for privileged users.
CVE-2010-0622
Jermome Marchand reported an issue in the futex subsystem that
allows a local user to force an invalid futex state which results
in a denial of service (oops).
This update also includes fixes for regressions introduced by previous
updates. See the referenced Debian bug pages for details.
For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-21lenny4.
We recommend that you upgrade your linux-2.6 and user-mode-linux
packages.
The following matrix lists additional source packages that were
rebuilt for compatibility with or to take advantage of this update:
Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+21lenny4
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny4.dsc
Size/MD5 checksum: 5778 654eb4987f9f2853b393ab6be6d64fb4
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny4.diff.gz
Size/MD5 checksum: 7768525 3b2021343de67e0e44a1fea6375d5b07
Architecture independent packages:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-21lenny4_all.deb
Size/MD5 checksum: 124758 7d6ca8cdb3c826d60830bec04703ca15
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-21lenny4_all.deb
Size/MD5 checksum: 1765822 cae11a267708271e220ff80842771b49
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-21lenny4_all.deb
Size/MD5 checksum: 48683994 759775a26d4b421ddc417f08abf21e14
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-21lenny4_all.deb
Size/MD5 checksum: 2730552 4d0740fb0605d849c5fbf304d24cce07
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-21lenny4_all.deb
Size/MD5 checksum: 4630404 2ef909c6ce8d12e1c4a7ca94ce94141a
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-21lenny4_all.deb
Size/MD5 checksum: 109452 3003dfc231736c4edaa2ad07558ade6b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-21lenny4_alpha.deb
Size/MD5 checksum: 367442 ae54c048cfcf07312eedb4a060e16714
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-21lenny4_alpha.deb
Size/MD5 checksum: 108924 52cd1ac16de0efe804a44e63a67a3197
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_alpha.deb
Size/MD5 checksum: 743318 d3249f39cea733dae50082df74ec829c
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-21lenny4_alpha.deb
Size/MD5 checksum: 28476886 43e3e0acdcb907f1709016b519a98c19
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-21lenny4_alpha.deb
Size/MD5 checksum: 29187648 4c27d524d470ea9f840b17e71d0ef45a
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-21lenny4_alpha.deb
Size/MD5 checksum: 366114 b9843487534d6157e28c7b647288f468
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-21lenny4_alpha.deb
Size/MD5 checksum: 366582 0a445f5f49f1fe073dead6b8f686f9d9
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-21lenny4_alpha.deb
Size/MD5 checksum: 28497434 af643b460013df19d857fdb24da76fe1
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny4_alpha.deb
Size/MD5 checksum: 3546266 61267c226b094bb9660776d252212a79
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny4_alpha.deb
Size/MD5 checksum: 108910 43cb0c2181dcc7ce2210ec17b0db1366
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_amd64.deb
Size/MD5 checksum: 751710 5853bce22e6ff5e68ad888069fe97ec5
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-21lenny4_amd64.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)