Linux Security
Linux Security
Linux Security

Debian: DSA-1927-1: New Linux 2.6.26 packages fix several vulnerabilities

Date 05 Nov 2009
Posted By LinuxSecurity Advisories
Notice: Debian 5.0.4, the next point release of Debian 'lenny', will include a new default value for the mmap_min_addr tunable. This change will add an additional safeguard against a class of security vulnerabilities known as "NULL pointer dereference" vulnerabilities,
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-1927-1                This email address is being protected from spambots. You need JavaScript enabled to view it.                           dann frazier
November 5, 2009          
- ----------------------------------------------------------------------

Package        : linux-2.6
Vulnerability  : privilege escalation/denial of service/sensitive memory leak
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2009-3228 CVE-2009-3238 CVE-2009-3547 CVE-2009-3612
                 CVE-2009-3620 CVE-2009-3621 CVE-2009-3638

Notice: Debian 5.0.4, the next point release of Debian 'lenny', will
include a new default value for the mmap_min_addr tunable.  This
change will add an additional safeguard against a class of security
vulnerabilities known as "NULL pointer dereference" vulnerabilities,
but it will need to be overridden when using certain applications.
Additional information about this change, including instructions for
making this change locally in advance of 5.0.4 (recommended), can be
found at:

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation.  The Common Vulnerabilities and Exposures project
identifies the following problems:


    Eric Dumazet reported an instance of uninitialized kernel memory
    in the network packet scheduler. Local users may be able to
    exploit this issue to read the contents of sensitive kernel

    Linus Torvalds provided a change to the get_random_int() function
    to increase its randomness.


    Earl Chew discovered a NULL pointer dereference issue in the
    pipe_rdwr_open function which can be used by local users to gain
    elevated privileges.


    Jiri Pirko discovered a typo in the initialization of a structure
    in the netlink subsystem that may allow local users to gain access
    to sensitive kernel memory.


    Ben Hutchings discovered an issue in the DRM manager for ATI Rage
    128 graphics adapters. Local users may be able to exploit this
    vulnerability to cause a denial of service (NULL pointer


    Tomoki Sekiyama discovered a deadlock condition in the UNIX domain
    socket implementation. Local users can exploit this vulnerability
    to cause a denial of service (system hang).


    David Wagner reported an overflow in the KVM subsystem on i386
    systems. This issue is exploitable by local users with access to
    the /dev/kvm device file.

For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-19lenny2.

For the oldstable distribution (etch), these problems, where
applicable, will be fixed in updates to linux-2.6 and linux-2.6.24.

We recommend that you upgrade your linux-2.6 and user-mode-linux

Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.

The following matrix lists additional source packages that were
rebuilt for compatibility with or to take advantage of this update:

                                             Debian 5.0 (lenny)
     user-mode-linux                         2.6.26-1um-2+19lenny2

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, armel, hppa, i386,
ia64, and powerpc. Updates for other architectures will be released
as they become available.

Source archives:
    Size/MD5 checksum:     5778 8ea6c47c6f227f855a41deea57d988d8
    Size/MD5 checksum:  7651053 5cf749f9817436c544df97bc0217f125
    Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb

Architecture independent packages:
    Size/MD5 checksum:   106866 d25eeb65132ec68406d8fdf7ea340274
    Size/MD5 checksum:  4627374 196ffe954d4e906638c7eb2bd22e310d
    Size/MD5 checksum:  2565284 0682418bd83f755a17a71435e535f91a
    Size/MD5 checksum: 48672074 5aa4d0110919b100a772509455b22757
    Size/MD5 checksum:  1768032 cb95ea5101339c35d425ac1ba2f0ff02
    Size/MD5 checksum:   122160 0d3dd77a86989aa6e6bdfbbf548d22a6

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   106376 891beea699175e77b6f4cdb1dbbd2377
    Size/MD5 checksum:   363880 278fefb639e7029af6d5017dedefb500
    Size/MD5 checksum: 28487296 beb21f0f222b507898406b051d161c25
    Size/MD5 checksum:   106358 b4c10db49252b22e7019746743624712
    Size/MD5 checksum:   741234 b08b288693ab9d0d3fa1e8141ba4f038
    Size/MD5 checksum: 28471478 f412fb78f0dfac51f6e39a035538fe91
    Size/MD5 checksum:   365312 9147bf190b4dce64fb4783b0c0aba8be
    Size/MD5 checksum:   364408 66cd6736f72c0eedabbad596baac8888
    Size/MD5 checksum: 29177668 abb9bcc21a5fcb0a7352a30fb7209ca1
    Size/MD5 checksum:  3543732 d84be29426f1d706617a6ad91d3b6109

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   389134 2ac60b6aaece8351c023cecbb4bd41ee
    Size/MD5 checksum:   749556 c994eeb54dd967b5255448e80fa4911c
    Size/MD5 checksum:   389740 8b6b5b10fe023670ca8cf9326d46ccd0
    Size/MD5 checksum:   394262 8398b2d9ce752ffa39ac55b8f55fa1b7
    Size/MD5 checksum:  3719144 1fa20cc556fbfecdf0c2335a3c9edeee
    Size/MD5 checksum:   106352 edb758613531f5c655c8451f1136b62a
    Size/MD5 checksum:   106378 dd749481c75a66f517551c6b21b3bbbb
    Size/MD5 checksum: 19274410 21621e01b880d1f222007e3101d255c6
    Size/MD5 checksum: 21053742 015990eedbce234dfa4facdf02f6ad60
    Size/MD5 checksum:  3851500 355a9cc7757195196006160929313e78
    Size/MD5 checksum: 20902812 3af1d1431ff5674b7aeaf41c784d3ba6
    Size/MD5 checksum:  3751848 f5289bf2c22a6112d13a9af6d4291226
    Size/MD5 checksum:  1804900 8ea5afa2f5e29175e92975ef93144b9a
    Size/MD5 checksum:   106334 2620974dbbc17bbab4aefe183584a6da
    Size/MD5 checksum:  3774804 8fa1254acec879820c17dd8e2e4eee56
    Size/MD5 checksum: 20886016 71a1f29b66ee30cf7a63b77cddc71ec7
    Size/MD5 checksum:   383280 0d0cad637c14a594b3ae424abf824608

armel architecture (ARM EABI)
    Size/MD5 checksum:   365550 f97d5bcae3c5c5957781e6507d730780
    Size/MD5 checksum: 12396344 04df2ffe832cba3ea1e299701069ca96
    Size/MD5 checksum:   335184 ff1387cae5afb9c7b2d8b20ab546293f
    Size/MD5 checksum:  4136850 e7e7742e3ead70e194f540432bf93ba6
    Size/MD5 checksum:   747792 89242eec0e6f453f37b228ddb49e4e26
    Size/MD5 checksum: 11680082 d9133e003cd603924930f1db870c6d46
    Size/MD5 checksum:   106354 fce271c39eaa874f6a570b9298a13836
    Size/MD5 checksum:  9575158 d8c6ec6842339c8d8391916c7b4a25c2
    Size/MD5 checksum: 11371016 edc9b10b99e73302ef1853db546ed6bb
    Size/MD5 checksum:   363118 ca61af313ac3687b042c82e4c56bd078
    Size/MD5 checksum:   106390 d14317d669c70ea8458b0138105be3e0
    Size/MD5 checksum:   360844 1c7437e1e4de9358f7975feae74501f0

hppa architecture (HP PA RISC)
    Size/MD5 checksum: 17070158 92d872205303ea622d1419d074b54737
    Size/MD5 checksum:   296434 df3ddd0a0dbfa712201ff031bfc109c0
    Size/MD5 checksum: 16323830 9998a4deead3033e07f28a1cd0816136
    Size/MD5 checksum:   297894 8cace7fc519c562d4b8657c75d230815
    Size/MD5 checksum:  3594236 8d621635c43fb9540d4a68ef6d891a57
    Size/MD5 checksum:   106356 f967499d62622f5f0833539c9eaf2359
    Size/MD5 checksum:   106380 f518c1de9ce8dd272db1afa30e38999a
    Size/MD5 checksum: 15731364 d50829b0556bc7fef6e8c505db959ee2
    Size/MD5 checksum:   759840 faab7849f3cef86fbebc037cbd00fd76
    Size/MD5 checksum: 17614856 6311929870350217721f7f194b6ff585
    Size/MD5 checksum:   299160 57fd97b01842bbe74e37f443e346d695
    Size/MD5 checksum:   298110 631076db8957d15ab8b0161a60e31734

i386 architecture (Intel ia32)
    Size/MD5 checksum:   398182 6f93bf37534bcfb9162b9985b83ee38f
    Size/MD5 checksum: 20502134 d39255c90c67fddda4c3cb49ce6c93e1
    Size/MD5 checksum: 20235868 99b3ed110df3b6b2bb6b06feb9d30b72
    Size/MD5 checksum:   106354 835280ec5ad990b0bcebb988953bd5d9
    Size/MD5 checksum: 20326344 9192cd01f84e7192159aefec2c4f8fb9
    Size/MD5 checksum: 20208578 c118b5d6fc4f5007728d1ab804624cd8
    Size/MD5 checksum:   398052 88be8c6ce0726c87f3127e1ea8b1a382
    Size/MD5 checksum: 20175038 ee7bf2ce4d4557f9fdfb53790627ebac
    Size/MD5 checksum:  3719206 0d8393bd6245aa3d23ef8938477d5f63
    Size/MD5 checksum: 20353680 67f48fcd0835fd230e8583cf2676cf09
    Size/MD5 checksum:   398494 bf4ef1c3e9f35ec4dc0bfaeda1ee5516
    Size/MD5 checksum:  3851592 94a16944e91f5594a6fa02115b680434
    Size/MD5 checksum:   400332 d734fb2f035f0a6a041d13f5a3d95c6c
    Size/MD5 checksum:   749582 26580da1f40ffeeb17146765bbe241f8
    Size/MD5 checksum:   106348 b76709d63441fcc3e285d2a6dc999890
    Size/MD5 checksum: 20864938 cc5255ece9764242c63b522abfd8a517
    Size/MD5 checksum:   399328 c929aa19b40e7eea5ea885148c645a17
    Size/MD5 checksum:  3751908 3b936dbeaf13b730ab8dd56e5ab726f9
    Size/MD5 checksum:   387338 03fd54819fb7176a176eeb4c2ff0209c
    Size/MD5 checksum:   403790 efa7179643f2f709cace01bb3f4a5580
    Size/MD5 checksum:  3774936 088f38a8e9c79bb4ddc67e200ebee754
    Size/MD5 checksum:  1591850 93ad5d17c9e8ac22c3544c8a9ad9eabd
    Size/MD5 checksum:   384698 5cc9137a10772a48628b0014e0dbbc15
    Size/MD5 checksum:   106404 04d07f928e22a2150a2bb9188c6f1257
    Size/MD5 checksum: 18035618 641b34424aad0e9291713bd9e2bf96e5

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   355640 2bce0c1faefc019460e3eebca333a5fc
    Size/MD5 checksum:  3654768 d8fb31f9660b7c0ab42c77e89bf82f1f
    Size/MD5 checksum:   355064 cfb3eee78e3860b2e650716d5032bf5d
    Size/MD5 checksum:  3687386 2980814479dbd08d39bd9f92d3005838
    Size/MD5 checksum:   355046 62fc734ea7fe9bc4bef1f8d8b65cc027
    Size/MD5 checksum: 34349456 5cfb3ccf034f0ce13a5861507c4cb758
    Size/MD5 checksum: 34103026 3cee486177d22e2fcd816b536d7ac3d3
    Size/MD5 checksum:   106350 6265837dd3c0105bcba9d40c5b6966f9
    Size/MD5 checksum:   355698 27152c116ad66c7862f3890d36ac80ab
    Size/MD5 checksum: 34288678 1540b7be96fbb68e4cc01d858c5ef5a4
    Size/MD5 checksum:   106384 bfb7eeaec3d89587561c56afec1816e9
    Size/MD5 checksum: 34165098 7a4fbe457d07807a74e9950a47975d49
    Size/MD5 checksum:   748220 03f583157c7eef60269042b9a5a6d0bc

powerpc architecture (PowerPC)
    Size/MD5 checksum:   106358 5431bb9d2abe49fc1b186f44bf440cba
    Size/MD5 checksum:   756032 fb287119a4cf07ef9d6d633ad30f7236
    Size/MD5 checksum:   372504 9c0501a81bf32b1d0b8c939830d9789b
    Size/MD5 checksum: 23650232 ece0b68e6c9baa2e0f964d2bc7da21a2
    Size/MD5 checksum:  3856256 5a6eb8c2fe7930456cf5f3a1c257fed1
    Size/MD5 checksum: 23514630 0aa445df9e479dc6e266a97658c5c675
    Size/MD5 checksum: 23453120 7fdf0e57cb3324433e8f5d3e71c5cb7c
    Size/MD5 checksum: 23619598 7eb565a76c6ab3318d32c134f7da26b0
    Size/MD5 checksum:   366586 3e8f8e0d8d9dc83a3e009bbdcca04d21
    Size/MD5 checksum:  3890668 a75da89a00e2b5118869888ea03580ae
    Size/MD5 checksum:   373766 78d152d9edb14f5d179dde50a0131ea7
    Size/MD5 checksum:   366686 4b13a456e727a9259685b74132c5b730
    Size/MD5 checksum:   106396 33f493756428189d3acc36bde21631ed
    Size/MD5 checksum:   365950 4149c4f9e6f3e0dc0fbb639a2f962cf8
    Size/MD5 checksum: 23216978 b0034a3be5877f2edebf6ec71c70a83e

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.