From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----------------------------------------------------------------------
Debian Security Advisory DSA-2110-1
[email protected] http://www.debian.org/security/ dann frazier September 17, 2010
http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2010-2492 CVE-2010-2954 CVE-2010-3078 CVE-2010-3080
CVE-2010-3081
Debian Bug(s) :
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information leak.
The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2492
Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer
overflow condition may allow local users to cause a denial of service
or gain elevated privileges.
CVE-2010-2954
Tavis Ormandy reported an issue in the irda subsystem which may allow
local users to cause a denial of service via a NULL pointer dereference.
CVE-2010-3078
Dan Rosenberg discovered an issue in the XFS file system that allows
local users to read potentially sensitive kernel memory.
CVE-2010-3080
Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation
layer. Local users with sufficient privileges to open /dev/sequencer
(by default on Debian, this is members of the 'audio' group) can
cause a denial of service via a NULL pointer dereference.
CVE-2010-3081
Ben Hawkes discovered an issue in the 32-bit compatibility code
for 64-bit systems. Local users can gain elevated privileges due
to insufficient checks in compat_alloc_user_space allocations.
For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-25lenny1.
We recommend that you upgrade your linux-2.6 and user-mode-linux
packages.
The following matrix lists additional source packages that were
rebuilt for compatibility with or to take advantage of this update:
Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+25lenny1
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, armel, hppa, i386, ia64, mipsel, powerpc, and sparc. Updates for other architectures will be released as they become available.
Source archives:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-25lenny1.diff.gz
Size/MD5 checksum: 7975777 f39bbdb91ea404d5174d636e3722c995
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-25lenny1.dsc
Size/MD5 checksum: 5778 76122adfa3afe005deb3399383a2bd32
Architecture independent packages:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-25lenny1_all.deb
Size/MD5 checksum: 48768982 07edfb93c4b92a09d816c7142bdca0ca
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-25lenny1_all.deb
Size/MD5 checksum: 112362 26c3562b8492b990a07741994b54d5ff
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-25lenny1_all.deb
Size/MD5 checksum: 4629662 f7a91bed6e26fd5a36cb0d882df15892
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-25lenny1_all.deb
Size/MD5 checksum: 2961806 6992f6d3a88e41e804e1d1179b6f9c43
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-25lenny1_all.deb
Size/MD5 checksum: 127628 b7c6d712c237cae69a3ab3efca80cf11
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-25lenny1_all.deb
Size/MD5 checksum: 1775764 46f01e171d2686b95d916e7713b4186f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-25lenny1_alpha.deb
Size/MD5 checksum: 3549986 07802097454a9b2390589322ae5fdd0d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-25lenny1_alpha.deb
Size/MD5 checksum: 369380 510a2218c6555a8252a067875d04a266
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-25lenny1_alpha.deb
Size/MD5 checksum: 29256966 c802037b5c8ec55577b407833d082761
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-25lenny1_alpha.deb
Size/MD5 checksum: 368168 c0371024df5627494dc52608c1e8103d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-25lenny1_alpha.deb
Size/MD5 checksum: 746228 e82d527378541628d7fa8900392397e1
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-25lenny1_alpha.deb
Size/MD5 checksum: 368502 851afa03887c911d720537a7d1912ba6
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-25lenny1_alpha.deb
Size/MD5 checksum: 28538350 4de6c7b1ef426eab39f3c2c072db66b2
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-25lenny1_alpha.deb
Size/MD5 checksum: 28554916 9d6d6c595baf1cd65347f179345aa31c
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)