From ca6e7cc3358eb027dc4a16db2f6dc2b234c0972f Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 15 Sep 2005 16:04:59 +0000 Subject: Put together an advisory for the linux-2.6 packages. This is not a normal DTSA since the fix reached testing on its own steam; it seemed worth making an announcement since users need to take special actions to install the new linux-2.6 packages and upgrade. git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2006 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- website/DTSA/DTSA-16-1.html | 320 ++++++++++++++++++++++++++++++++++++++++++++ website/list.html | 2 + 2 files changed, 322 insertions(+) create mode 100644 website/DTSA/DTSA-16-1.html (limited to 'website') diff --git a/website/DTSA/DTSA-16-1.html b/website/DTSA/DTSA-16-1.html new file mode 100644 index 0000000000..103420c21b --- /dev/null +++ b/website/DTSA/DTSA-16-1.html @@ -0,0 +1,320 @@ + + + Debian testing security team - Advisory + + + + +
+ + + + + Debian Project +
+
+ + + + + + + + + + + +
+ Debian testing security team - Advisory +
+ + +
+ + +

DTSA-16-1

+
+
Date Reported:
+
September 15, 2005
+
Affected Package:
+
linux-2.6
+
Vulnerability:
+
several holes
+
Problem-Scope:
+
remote
+
Debian-specific:
+
No
+
CVE:
+
+CAN-2005-2098 +CAN-2005-2099 +CAN-2005-2456 +CAN-2005-2617 +CAN-2005-1913 +CAN-2005-1761 +CAN-2005-2457 +CAN-2005-2458 +CAN-2005-2459 +CAN-2005-2548 +CAN-2004-2302 +CAN-2005-1765 +CAN-2005-1762 +CAN-2005-1761 +CAN-2005-2555 +
+
More information:
+
Several security related problems have been found in version 2.6 of the 
+linux kernel. The Common Vulnerabilities and Exposures project identifies 
+the following problems: 

+CAN-2004-2302 

+ Race condition in the sysfs_read_file and sysfs_write_file functions in 
+ Linux kernel before 2.6.10 allows local users to read kernel memory and 
+ cause a denial of service (crash) via large offsets in sysfs files. 

+CAN-2005-1761 

+ Vulnerability in the Linux kernel allows local users to cause a 
+ denial of service (kernel crash) via ptrace. 

+CAN-2005-1762 

+ The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 
+ platform allows local users to cause a denial of service (kernel crash) via 
+ a "non-canonical" address. 

+CAN-2005-1765 

+ syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when 
+ running in 32-bit compatibility mode, allows local users to cause a denial 
+ of service (kernel hang) via crafted arguments. 

+CAN-2005-1913 

+ When a non group-leader thread called exec() to execute a different program 
+ while an itimer was pending, the timer expiry would signal the old group 
+ leader task, which did not exist any more. This caused a kernel panic. 

+CAN-2005-2098  

+ The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 
+ 2.6.12.5 contains an error path that does not properly release the session 
+ management semaphore, which allows local users or remote attackers to cause 
+ a denial of service (semaphore hang) via a new session keyring (1) with an 
+ empty name string, (2) with a long name string, (3) with the key quota 
+ reached, or (4) ENOMEM. 

+CAN-2005-2099 

+ The Linux kernel before 2.6.12.5 does not properly destroy a keyring that 
+ is not instantiated properly, which allows local users or remote attackers 
+ to cause a denial of service (kernel oops) via a keyring with a payload 
+ that is not empty, which causes the creation to fail, leading to a null 
+ dereference in the keyring destructor. 

+CAN-2005-2456 

+ Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c 
+ in Linux kernel 2.6 allows local users to cause a denial of service (oops 
+ or deadlock) and possibly execute arbitrary code via a p->dir value that is 
+ larger than XFRM_POLICY_OUT, which is used as an index in the 
+ sock->sk_policy array. 

+CAN-2005-2457 

+ The driver for compressed ISO file systems (zisofs) in the Linux kernel 
+ before 2.6.12.5 allows local users and remote attackers to cause a denial 
+ of service (kernel crash) via a crafted compressed ISO file system. 

+CAN-2005-2458 

+ inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows 
+ remote attackers to cause a denial of service (kernel crash) via a 
+ compressed file with "improper tables". 

+CAN-2005-2459 

+ The huft_build function in inflate.c in the zlib routines in the Linux 
+ kernel before 2.6.12.5 returns the wrong value, which allows remote 
+ attackers to cause a denial of service (kernel crash) via a certain 
+ compressed file that leads to a null pointer dereference, a different 
+ vulnerbility than CAN-2005-2458. 

+CAN-2005-2548 

+ vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a denial 
+ of service (kernel oops from null dereference) via certain UDP packets that 
+ lead to a function call with the wrong argument, as demonstrated using 
+ snmpwalk on snmpd. 

+CAN-2005-2555 

+ Linux kernel 2.6.x does not properly restrict socket policy access to users 
+ with the CAP_NET_ADMIN capability, which could allow local users to conduct 
+ unauthorized activities via (1) ipv4/ip_sockglue.c and (2) 
+ ipv6/ipv6_sockglue.c. 

+CAN-2005-2617 

+ The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 
+ and later, on the amd64 architecture, does not check the return value of 
+ the insert_vm_struct function, which allows local users to trigger a memory 
+ leak via a 32-bit application with crafted ELF headers. 

+In addition this update fixes some security issues that have not been 
+assigned CVE ids: 

+ - Fix DST leak in icmp_push_reply(). Possible remote DoS? 

+ - NPTL signal delivery deadlock fix; possible local DoS. 
+  
+ - fix a memory leak in devices seq_file implementation; local DoS. 

+ - Fix SKB leak in ip6_input_finish(); local DoS. 
+
+
For the testing distribution (etch) this is fixed in version 2.6.12-6
+
For the unstable distribution (sid) this is fixed in version 2.6.12-6
+
+

+The Debian testing security team does not track security issues for the +stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, +the Debian security team will make an announcement once a fix is ready. +

+

+Your system does not need to be configured to use the Debian testing security +archive to install this update. The fixed kernel packages are available +in the regular Debian testing archive. +

+

+To install the update, first run this command as root: +

+

+ apt-get update +

+

+Next, install an appropriate kernel package for your architecture and +machine. The following kernel will work for all i386 machines: +

+

+ apt-get install linux-image-2.6-386 +

+

+However, you may prefer to install an optimised kernel for your machine: +

+

+ apt-get install linux-image-2.6-686
+ apt-get install linux-image-2.6-686-smp
+ apt-get install linux-image-2.6-k7
+ apt-get install linux-image-2.6-k7-smp
+

+

+For the amd64 architecture, chose one of these kernels: +

+

+ apt-get install linux-image-2.6-amd64-generic
+ apt-get install linux-image-2.6-amd64-k8
+ apt-get install linux-image-2.6-amd64-k8-smp
+

+

+For the powerpc architecture, choose one of these kernels: +

+

+ apt-get install linux-image-2.6-powerpc
+ apt-get install linux-image-2.6-powerpc-smp
+ apt-get install linux-image-2.6-powerpc64
+

+

+For the sparc architecture, choose one of these kernels: +

+

+ apt-get install linux-image-2.6-sparc64
+ apt-get install linux-image-2.6-sparc64-smp
+

+

+ (Note that users of 32 bit sparc systems are no longer supported by the + 2.6 kernel.) +

+

+For the alpha architecture, choose one of these kernels: +

+

+ apt-get install linux-image-2.6-alpha-generic
+ apt-get install linux-image-2.6-alpha-smp
+

+

+For the ia64 architecture, choose one of these kernels: +

+

+ apt-get install linux-image-2.6-itanium
+ apt-get install linux-image-2.6-itanium-smp
+ apt-get install linux-image-2.6-mckinley
+ apt-get install linux-image-2.6-mckinley-smp
+

+

+For the hppa architecture, choose one of these kernels: +

+

+ apt-get install linux-image-2.6-parisc
+ apt-get install linux-image-2.6-parisc-smp
+ apt-get install linux-image-2.6-parisc64
+ apt-get install linux-image-2.6-parisc64-smp
+

+

+For the s390 architecture, choose one of these kernels: +

+

+ apt-get install linux-image-2.6-s390
+ apt-get install linux-image-2.6-s390x
+

+

+For the arm architecture, choose one of these kernels: +

+

+ apt-get install linux-image-2.6-footbridge
+ apt-get install linux-image-2.6-ixp4xx
+ apt-get install linux-image-2.6-rpc
+ apt-get install linux-image-2.6-s3c2410
+

+

+For the m68k architecture, choose one of these kernels: +

+

+ apt-get install linux-image-2.6-amiga
+ apt-get install linux-image-2.6-atari
+ apt-get install linux-image-2.6-bvme6000
+ apt-get install linux-image-2.6-hp
+ apt-get install linux-image-2.6-mac
+ apt-get install linux-image-2.6-mvme147
+ apt-get install linux-image-2.6-mvme16x
+ apt-get install linux-image-2.6-q40
+ apt-get install linux-image-2.6-sun3
+

+

+Updated kernels are not yet available for the mips and mipsel +architectures. +

+

+Note that you may also need to upgrade third-party modules that are not +included in the kernel package. +

+

+Finally, reboot the system, taking care to boot the new 2.6.12 kernel with +your bootloader. +
+ + +

+ + Valid HTML 4.01! + + Valid CSS! + + + + diff --git a/website/list.html b/website/list.html index 3c35089c04..bd2cad3c66 100644 --- a/website/list.html +++ b/website/list.html @@ -67,6 +67,8 @@
several
[September 13th, 2005] DTSA-15-1 php4
several vulnerabilities
+
[September 15, 2005] DTSA-16-1 linux-2.6
+
various
-- cgit v1.2.3