Linux Security
Linux Security
Linux Security

Debian: DSA-1928-1: New Linux 2.6.24 packages fix several vulnerabilities

Date 05 Nov 2009
Posted By LinuxSecurity Advisories
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-1928-1                This email address is being protected from spambots. You need JavaScript enabled to view it.                           Dann Frazier
November 5, 2009          
- ----------------------------------------------------------------------

Package        : linux-2.6.24
Vulnerability  : privilege escalation/denial of service/sensitive memory leak
Problem type   : local/remote
Debian-specific: no
CVE Id(s)      : CVE-2009-2846 CVE-2009-2847 CVE-2009-2848 CVE-2009-2849
                 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910
                 CVE-2009-3001 CVE-2009-3002 CVE-2009-3228 CVE-2009-3238
                 CVE-2009-3286 CVE-2009-3547 CVE-2009-3612 CVE-2009-3613
                 CVE-2009-3620 CVE-2009-3621

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation.  The Common Vulnerabilities and Exposures project
identifies the following problems:


    Michael Buesch noticed a typing issue in the eisa-eeprom driver
    for the hppa architecture. Local users could exploit this issue to
    gain access to restricted memory.


    Ulrich Drepper noticed an issue in the do_sigalstack routine on
    64-bit systems. This issue allows local users to gain access to
    potentially sensitive memory on the kernel stack.


    Eric Dumazet discovered an issue in the execve path, where the
    clear_child_tid variable was not being properly cleared. Local
    users could exploit this issue to cause a denial of service
    (memory corruption).


    Neil Brown discovered an issue in the sysfs interface to md
    devices. When md arrays are not active, local users can exploit
    this vulnerability to cause a denial of service (oops).


    Mark Smith discovered a memory leak in the appletalk
    implementation.  When the appletalk and ipddp modules are loaded,
    but no ipddp"N" device is found, remote attackers can cause a
    denial of service by consuming large amounts of system memory.


    Loic Minier discovered an issue in the eCryptfs filesystem. A
    local user can cause a denial of service (kernel oops) by causing
    a dentry value to go negative.


    Arjan van de Ven discovered an issue in the AX.25 protocol
    implementation. A specially crafted call to setsockopt() can
    result in a denial of service (kernel oops).


    Jan Beulich discovered the existence of a sensitive kernel memory
    leak. Systems running the 'amd64' kernel do not properly sanitize
    registers for 32-bit processes.


    Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE
    802.2 LLC implementation. This is not exploitable in the Debian
    lenny kernel as root privileges are required to exploit this


    Eric Dumazet fixed several sensitive memory leaks in the IrDA,
    X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area
    Network (CAN) implementations. Local users can exploit these
    issues to gain access to kernel memory.


    Eric Dumazet reported an instance of uninitialized kernel memory
    in the network packet scheduler. Local users may be able to
    exploit this issue to read the contents of sensitive kernel

    Linus Torvalds provided a change to the get_random_int() function
    to increase its randomness.


    Eric Paris discovered an issue with the NFSv4 server
    implementation.  When an O_EXCL create fails, files may be left
    with corrupted permissions, possibly granting unintentional
    privileges to other local users.


    Earl Chew discovered a NULL pointer dereference issue in the
    pipe_rdwr_open function which can be used by local users to gain
    elevated privileges.


    Jiri Pirko discovered a typo in the initialization of a structure
    in the netlink subsystem that may allow local users to gain access
    to sensitive kernel memory.


    Alistair Strachan reported an issue in the r8169 driver. Remote
    users can cause a denial of service (IOMMU space exhaustion and
    system crash) by transmitting a large amount of jumbo frames.


    Ben Hutchings discovered an issue in the DRM manager for ATI Rage
    128 graphics adapters. Local users may be able to exploit this
    vulnerability to cause a denial of service (NULL pointer


    Tomoki Sekiyama discovered a deadlock condition in the UNIX domain
    socket implementation. Local users can exploit this vulnerability
    to cause a denial of service (system hang).

For the oldstable distribution (etch), this problem has been fixed in
version 2.6.24-6~etchnhalf.9etch1.

We recommend that you upgrade your linux-2.6.24 packages.

Note: Debian 'etch' includes linux kernel packages based upon both the
2.6.18 and 2.6.24 linux releases.  All known security issues are
carefully tracked against both packages and both packages will receive
security updates until security support for Debian 'etch'
concludes. However, given the high frequency at which low-severity
security issues are discovered in the kernel and the resource
requirements of doing an update, lower severity 2.6.18 and 2.6.24
updates will typically release in a staggered or "leap-frog" fashion.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Oldstable updates are available for alpha, amd64, hppa, i386, ia64, and mipsel.
Updates for other architectures will be released as the they become available.

Source archives:
    Size/MD5 checksum:     5118 11c39e0f0505c5a71453ba177ec2f780
    Size/MD5 checksum:  4062851 38835b393eaf53915dbee39ef0ef0bce
    Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af

Architecture independent packages:
    Size/MD5 checksum:  4262022 bb1c503dcb847b700814d433cdddb1f9
    Size/MD5 checksum:    83302 2a8576eb3003b7ba1ead19ad7ef6ce0c
    Size/MD5 checksum:  1548296 3e044fb0d0bb8614f787f78fee86ce04
    Size/MD5 checksum: 46864328 20c0417498421842a7175074aea06a0f
    Size/MD5 checksum:    97672 b1aa55ab4464293f5dac5b38e05948bb
    Size/MD5 checksum:   964124 a40463a66e93920bdd639d2c70d870cb

alpha architecture (DEC Alpha)
    Size/MD5 checksum:    82894 819512914da24a2d82d471a17a6126ea
    Size/MD5 checksum:   332670 c249c0b58448936c450c26b1340994d0
    Size/MD5 checksum: 26758158 1a5497e6cd4f62b36f4cfdae9a606e24
    Size/MD5 checksum: 26737882 fc949e1dbc0d0c6c7688148babdfd5d1
    Size/MD5 checksum:  3454880 83a5e26b99def049eec7571242778961
    Size/MD5 checksum:   332158 8f3a3adf61a6e150763a383d4b566db2
    Size/MD5 checksum:   330952 0ec11881ba63842e135d3752a765177d
    Size/MD5 checksum:    82868 b5396790365bab5a2d032d1b3bece1ed
    Size/MD5 checksum: 27341634 d11f40ed34af0197de7f61ef07d30abb

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   354620 0decd6646f19383f6958e5d90b92e87b
    Size/MD5 checksum:    82864 2869e673de24c9741042e2bb37f84d58
    Size/MD5 checksum:  3650612 1b0f205b955558d402611693f783c495
    Size/MD5 checksum: 19598112 ed3b7a91d93a116a4b175d173ad0f078
    Size/MD5 checksum:    82872 c560fbca727844a090f88f9d6569ed0b

hppa architecture (HP PA RISC)
    Size/MD5 checksum:    82992 1604c10382bd677723af0a811fdb466f
    Size/MD5 checksum:   258316 90502abd75a09ceed13a5efd22e996c5
    Size/MD5 checksum:  3445284 32e69244553a870750d771254d1c95bd
    Size/MD5 checksum:   258996 fc63f1ef7e55c899b9ef2d736bc5e648
    Size/MD5 checksum:   260542 97df4eda2fbd582dd6951bb1b7f31e85
    Size/MD5 checksum: 14830274 fb45fe9d1b77d908d5adbb353b211994
    Size/MD5 checksum:   261064 f5d2cbb6216c1ffebbd73153a75e75a5
    Size/MD5 checksum:    83020 103285de6aad099908a2fedbbca24069
    Size/MD5 checksum: 13847626 3c429ea0e61a446b3e7b13b943eafcb5
    Size/MD5 checksum: 14374844 760d7850faff110d14494c86095aa45c
    Size/MD5 checksum: 13335298 2b476692a155f3f735f3af76f7170cd8

i386 architecture (Intel ia32)
    Size/MD5 checksum:   358770 0778828f3b2061e293f3aabc0aa78315
    Size/MD5 checksum:   358342 3c8b34971bd6f2b69854328888aa4349
    Size/MD5 checksum: 19146708 1818f00a12bc38f393e6d84f71afae73
    Size/MD5 checksum:    82890 318cd7ef9d8b39d02da83a3a982f7c40
    Size/MD5 checksum: 19481866 bb86c9b5a4944b48492a38f81ea38026
    Size/MD5 checksum:  3655456 fb818a8696c619e5c9c7af73eec2b3c3
    Size/MD5 checksum:   358104 388750612fda29fb362771823e54993c
    Size/MD5 checksum: 19213920 bc5f6ef45349d25064125c5c34e78fde
    Size/MD5 checksum: 19215890 868b1eb9c46677d9d97d0678b4a21894
    Size/MD5 checksum:   346092 1874a566f494c8fa93946f7cdf71557f
    Size/MD5 checksum:    82864 321874f0f13b6e236c428568a492cb90

ia64 architecture (Intel ia64)
    Size/MD5 checksum:    82866 410b7f438b9b8468e3789058dcb31d63
    Size/MD5 checksum: 32208224 154e3adb6765a43a000dcb9f9256db56
    Size/MD5 checksum:  3568326 aa15646940c12e9f722d3668cca00270
    Size/MD5 checksum:    82888 31354bcffa90ddfd3dd3905f37b53685
    Size/MD5 checksum:   319102 7e62e5eadf5b3b8eecc22ccdfa57b19a
    Size/MD5 checksum:   319462 44040aba13eedc65922aa25a05fc8b86
    Size/MD5 checksum: 32025040 474e2842ef8f69677380db67882b0fb0

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum: 13317670 61df26ad246695fad18f2f76c3c5163f
    Size/MD5 checksum:  3804192 393d33cc947f3e091c5858ef9179a70a
    Size/MD5 checksum:   308984 157b8af3aa5634f7a516cdf5cc220836
    Size/MD5 checksum:   309750 d7ff28e982746494de3626cd747287c5
    Size/MD5 checksum: 21737172 78c5c433465bc97c6c16a49fea05b575
    Size/MD5 checksum:   246818 884f377e13d22f6633a49d4c0367f848
    Size/MD5 checksum:    82870 cacc5fac473c021a7e0c0f7103e1efc0
    Size/MD5 checksum:   246614 31c1c45fab75abb6221285c152b23cfd
    Size/MD5 checksum: 16567458 f1da961b02a1c60672349c1a9c19c9d1
    Size/MD5 checksum:    82916 4b4d12b65b14c90ac9dda0c6303f9f5c
    Size/MD5 checksum: 16631254 b956adbf57f77bc34f06ca58d0d6a73f
    Size/MD5 checksum: 26990038 bd115b24191672415033fb0d077e33e8
    Size/MD5 checksum:   247676 99d036e308655b4fb11d460fd50c4dd1

  These changes will probably be included in the oldstable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.