blob: 01071cc69cfc4f404729aca918b932b719507ac4 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
#use wml::debian::translation-check translation="1.3" maintainer=""
#pddp arteek
<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>
<p>Several serious problems have been discovered in the Linux kernel.
This update takes care of Linux 2.4.17 and 2.4.18 for the hppa
(PA-RISC) architecture. The Common Vulnerabilities and Exposures
project identifies the following problems that will be fixed with this
update:</p>
<ul>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0003">CAN-2004-0003</a>
<p>A vulnerability has been discovered in the R128 DRI driver in the Linux
kernel which could potentially lead an attacker to gain
unauthorised privileges. Alan Cox and Thomas Biege developed a
correction for this.</p>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0010">CAN-2004-0010</a>
<p>Arjan van de Ven discovered a stack-based buffer overflow in the
ncp_lookup function for ncpfs in the Linux kernel, which could
lead an attacker to gain unauthorised privileges. Petr Vandrovec
developed a correction for this.</p>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0109">CAN-2004-0109</a>
<p>zen-parse discovered a buffer overflow vulnerability in the
ISO9660 filesystem component of Linux kernel which could be abused
by an attacker to gain unauthorised root access. Sebastian
Krahmer and Ernie Petrides developed a correction for this.</p>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177">CAN-2004-0177</a>
<p>Solar Designer discovered an information leak in the ext3 code of
Linux. In a worst case an attacker could read sensitive data such
as cryptographic keys which would otherwise never hit disk media.
Theodore Ts'o developed a correction for this.</p>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0178">CAN-2004-0178</a>
<p>Andreas Kies discovered a denial of service condition in the Sound
Blaster driver in Linux. He also developed a correction for this.</p>
</ul>
<p>These problems are also fixed by upstream in Linux 2.4.26 and will be
fixed in Linux 2.6.6.</p>
<p>For the stable distribution (woody) these problems have been fixed in
version 32.4 for Linux 2.4.17 and in version 62.3 for Linux 2.4.18.</p>
<p>For the unstable distribution (sid) these problems will be fixed soon.</p>
<p>We recommend that you upgrade your kernel packages immediately, either
with a Debian provided kernel or with a self compiled one.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2004/dsa-480.data"
|
