From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ----------------------------------------------------------------------
Debian Security Advisory DSA-2126-1 [email protected] http://www.debian.org/security/ dann frazier
November 26, 2010 http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-2963 CVE-2010-3067 CVE-2010-3296 CVE-2010-3297
CVE-2010-3310 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442
CVE-2010-3448 CVE-2010-3477 CVE-2010-3705 CVE-2010-3848
CVE-2010-3849 CVE-2010-3850 CVE-2010-3858 CVE-2010-3859
CVE-2010-3873 CVE-2010-3874 CVE-2010-3875 CVE-2010-3876
CVE-2010-3877 CVE-2010-3880 CVE-2010-4072 CVE-2010-4073
CVE-2010-4074 CVE-2010-4078 CVE-2010-4079 CVE-2010-4080
CVE-2010-4081 CVE-2010-4083 CVE-2010-4164
Debian Bug(s) :

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2010-2963

Kees Cook discovered an issue in the v4l 32-bit compatibility layer for
64-bit systems that allows local users with /dev/video write permission to
overwrite arbitrary kernel memory, potentially leading to a privilege
escalation. On Debian systems, access to /dev/video devices is restricted to
members of the 'video' group by default.

CVE-2010-3067

Tavis Ormandy discovered an issue in the io_submit system call. Local users
can cause an integer overflow resulting in a denial of service.

CVE-2010-3296

Dan Rosenberg discovered an issue in the cxgb network driver that allows
unprivileged users to obtain the contents of sensitive kernel memory.

CVE-2010-3297

Dan Rosenberg discovered an issue in the eql network driver that allows
local users to obtain the contents of sensitive kernel memory.

CVE-2010-3310

Dan Rosenberg discovered an issue in the ROSE socket implementation. On
systems with a rose device, local users can cause a denial of service
(kernel memory corruption).

CVE-2010-3432

Thomas Dreibholz discovered an issue in the SCTP protocol that permits a
remote user to cause a denial of service (kernel panic).

CVE-2010-3437

Dan Rosenberg discovered an issue in the pktcdvd driver. Local users with
permission to open /dev/pktcdvd/control can obtain the contents of sensitive
kernel memory or cause a denial of service. By default on Debian systems,
this access is restricted to members of the group 'cdrom'.

CVE-2010-3442

Dan Rosenberg discovered an issue in the ALSA sound system. Local users with
permission to open /dev/snd/controlC0 can create an integer overflow
condition that causes a denial of service. By default on Debian systems,
this access is restricted to members of the group 'audio'.

CVE-2010-3448

Dan Jacobson reported an issue in the thinkpad-acpi driver. On certain
Thinkpad systems, local users can cause a denial of service (X.org crash) by
reading /proc/acpi/ibm/video.

CVE-2010-3477

Jeff Mahoney discovered an issue in the Traffic Policing (act_police) module
that allows local users to obtain the contents of sensitive kernel memory.

CVE-2010-3705

Dan Rosenberg reported an issue in the HMAC processing code in the SCTP
protocol that allows remote users to create a denial of service (memory
corruption).

CVE-2010-3848

Nelson Elhage discovered an issue in the Econet protocol. Local users can
cause a stack overflow condition with large msg->msgiovlen values that can
result in a denial of service or privilege escalation.

CVE-2010-3849

Nelson Elhage discovered an issue in the Econet protocol. Local users can
cause a denial of service (oops) if a NULL remote addr value is passed as a
parameter to sendmsg().

CVE-2010-3850

Nelson Elhage discovered an issue in the Econet protocol. Local users can
assign econet addresses to arbitrary interfaces due to a missing
capabilities check.

CVE-2010-3858

Brad Spengler reported an issue in the setup_arg_pages() function. Due to a
bounds-checking failure, local users can create a denial of service (kernel
oops).

CVE-2010-3859

Dan Rosenberg reported an issue in the TIPC protocol. When the tipc module
is loaded, local users can gain elevated privileges via the sendmsg() system
call.

CVE-2010-3873

Dan Rosenberg reported an issue in the X.25 network protocol. Local users
can cause heap corruption, resulting in a denial of service (kernel panic).

CVE-2010-3874

Dan Rosenberg discovered an issue in the Control Area Network (CAN)
subsystem on 64-bit systems. Local users may be able to cause a denial of
service (heap corruption).

CVE-2010-3875

Vasiliy Kulikov discovered an issue in the AX.25 protocol. Local users can
obtain the contents of sensitive kernel memory.

CVE-2010-3876

Vasiliy Kulikov discovered an issue in the Packet protocol. Local users can
obtain the contents of sensitive kernel memory.

CVE-2010-3877

Vasiliy Kulikov discovered an issue in the TIPC protocol. Local users can
obtain the contents of sensitive kernel memory.

CVE-2010-3880

Nelson Elhage discovered an issue in the INET_DIAG subsystem. Local users
can cause the kernel to execute unaudited INET_DIAG bytecode, resulting in a
denial of service.

CVE-2010-4072

Kees Cook discovered an issue in the System V shared memory subsystem.
Local users can obtain the contents of sensitive kernel memory.

CVE-2010-4073

Dan Rosenberg discovered an issue in the System V shared memory subsystem.
Local users on 64-bit system can obtain the contents of sensitive kernel
memory via the 32-bit compatible semctl() system call.

CVE-2010-4074

Dan Rosenberg reported issues in the mos7720 and mos7840 drivers for USB

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)