Debian: DSA-1915-1 Critical: Linux Kernel Privilege Escalation Threat
debian
October 23, 2009
Notice: Debian 5.0.4, the next point release of Debian 'lenny', will include a new default value for the mmap_min_addr tunable
Topics Covered
Summary
Notice: Debian 5.0.4, the next point release of Debian 'lenny',
will include a new default value for the mmap_min_addr tunable.
This change will add an additional safeguard against a class of security
vulnerabilities known as "NULL pointer dereference" vulnerabilities, but
it will need to be overridden when using certain applications.
Additional information about this change, including instructions for
making this change locally in advance of 5.0.4 (recommended), can be
found at:
https://wiki.debian.org/mmap_min_addr
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege escalation.
The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-2695
Eric Paris provided several fixes to increase the protection
provided by the mmap_min_addr tunable against NULL pointer
dereference vulnerabilities.
CVE-2009-2903
Mark Smith discovered a memory leak in the appletalk
impleme...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux-2.6
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!