diff options
author | Joey Hess <joeyh@debian.org> | 2005-09-15 16:04:59 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2005-09-15 16:04:59 +0000 |
commit | ca6e7cc3358eb027dc4a16db2f6dc2b234c0972f (patch) | |
tree | 76178d59e0d4c58e9eadb68c54ce629225db8a1d /data/DTSA/advs | |
parent | 43deb421c75a34d607c84ab397e96e9bb00081a5 (diff) |
Put together an advisory for the linux-2.6 packages. This is not a normal
DTSA since the fix reached testing on its own steam; it seemed worth making
an announcement since users need to take special actions to install the new
linux-2.6 packages and upgrade.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2006 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
-rw-r--r-- | data/DTSA/advs/16-linux-2.6.adv | 120 | ||||
-rw-r--r-- | data/DTSA/advs/nn-kernel-source-2.6.8.adv | 21 |
2 files changed, 120 insertions, 21 deletions
diff --git a/data/DTSA/advs/16-linux-2.6.adv b/data/DTSA/advs/16-linux-2.6.adv new file mode 100644 index 0000000000..1305adbda1 --- /dev/null +++ b/data/DTSA/advs/16-linux-2.6.adv @@ -0,0 +1,120 @@ +source: linux-2.6 +date: September 15, 2005 +author: Joey Hess +vuln-type: several holes +problem-scope: remote +debian-specifc: no +cve: CAN-2005-2098 CAN-2005-2099 CAN-2005-2456 CAN-2005-2617 CAN-2005-1913 CAN-2005-1761 CAN-2005-2457 CAN-2005-2458 CAN-2005-2459 CAN-2005-2548 CAN-2004-2302 CAN-2005-1765 CAN-2005-1762 CAN-2005-1761 CAN-2005-2555 +testing-fix: 2.6.12-6 +sid-fix: 2.6.12-6 +upgrade: apt-get install linux-image-2.6-386; reboot + +Several security related problems have been found in version 2.6 of the +linux kernel. The Common Vulnerabilities and Exposures project identifies +the following problems: + +CAN-2004-2302 + + Race condition in the sysfs_read_file and sysfs_write_file functions in + Linux kernel before 2.6.10 allows local users to read kernel memory and + cause a denial of service (crash) via large offsets in sysfs files. + +CAN-2005-1761 + + Vulnerability in the Linux kernel allows local users to cause a + denial of service (kernel crash) via ptrace. + +CAN-2005-1762 + + The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 + platform allows local users to cause a denial of service (kernel crash) via + a "non-canonical" address. + +CAN-2005-1765 + + syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when + running in 32-bit compatibility mode, allows local users to cause a denial + of service (kernel hang) via crafted arguments. + +CAN-2005-1913 + + When a non group-leader thread called exec() to execute a different program + while an itimer was pending, the timer expiry would signal the old group + leader task, which did not exist any more. This caused a kernel panic. + +CAN-2005-2098 + + The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before + 2.6.12.5 contains an error path that does not properly release the session + management semaphore, which allows local users or remote attackers to cause + a denial of service (semaphore hang) via a new session keyring (1) with an + empty name string, (2) with a long name string, (3) with the key quota + reached, or (4) ENOMEM. + +CAN-2005-2099 + + The Linux kernel before 2.6.12.5 does not properly destroy a keyring that + is not instantiated properly, which allows local users or remote attackers + to cause a denial of service (kernel oops) via a keyring with a payload + that is not empty, which causes the creation to fail, leading to a null + dereference in the keyring destructor. + +CAN-2005-2456 + + Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c + in Linux kernel 2.6 allows local users to cause a denial of service (oops + or deadlock) and possibly execute arbitrary code via a p->dir value that is + larger than XFRM_POLICY_OUT, which is used as an index in the + sock->sk_policy array. + +CAN-2005-2457 + + The driver for compressed ISO file systems (zisofs) in the Linux kernel + before 2.6.12.5 allows local users and remote attackers to cause a denial + of service (kernel crash) via a crafted compressed ISO file system. + +CAN-2005-2458 + + inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows + remote attackers to cause a denial of service (kernel crash) via a + compressed file with "improper tables". + +CAN-2005-2459 + + The huft_build function in inflate.c in the zlib routines in the Linux + kernel before 2.6.12.5 returns the wrong value, which allows remote + attackers to cause a denial of service (kernel crash) via a certain + compressed file that leads to a null pointer dereference, a different + vulnerbility than CAN-2005-2458. + +CAN-2005-2548 + + vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a denial + of service (kernel oops from null dereference) via certain UDP packets that + lead to a function call with the wrong argument, as demonstrated using + snmpwalk on snmpd. + +CAN-2005-2555 + + Linux kernel 2.6.x does not properly restrict socket policy access to users + with the CAP_NET_ADMIN capability, which could allow local users to conduct + unauthorized activities via (1) ipv4/ip_sockglue.c and (2) + ipv6/ipv6_sockglue.c. + +CAN-2005-2617 + + The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 + and later, on the amd64 architecture, does not check the return value of + the insert_vm_struct function, which allows local users to trigger a memory + leak via a 32-bit application with crafted ELF headers. + +In addition this update fixes some security issues that have not been +assigned CVE ids: + + - Fix DST leak in icmp_push_reply(). Possible remote DoS? + + - NPTL signal delivery deadlock fix; possible local DoS. + + - fix a memory leak in devices seq_file implementation; local DoS. + + - Fix SKB leak in ip6_input_finish(); local DoS. diff --git a/data/DTSA/advs/nn-kernel-source-2.6.8.adv b/data/DTSA/advs/nn-kernel-source-2.6.8.adv deleted file mode 100644 index 29f907e13f..0000000000 --- a/data/DTSA/advs/nn-kernel-source-2.6.8.adv +++ /dev/null @@ -1,21 +0,0 @@ -source: kernel-source-2.6.8 -date: September 10, 2005 -author: Micah Anderson -vuln-type: various -problem-scope: remote -debian-specifc: no -cve: CAN-2005-1763, CAN-2005-1762, CAN-2005-0756, CAN-2005-1265, CAN-2005-0757, -CAN-2005-1765, CAN-2005-1761, CAN-2005-2456, CAN-2005-2548, CAN-2004-2302, -CAN-2005-1767, CAN-2005-2458, CAN-2005-2459 -vendor-advisory: -testing-fix: linux-2.6 -sid-fix: linux-2.6 -upgrade: apt-get install xxx - -xxx multiline description here - -TODO: - upgrade instructions - descriptions - what about security fixes that don't have CANs? - |