Linux Security
    Linux Security
    Linux Security

    Debian: DSA-1928-1: New Linux 2.6.24 packages fix several vulnerabilities

    Date 05 Nov 2009
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
    Hash: SHA1
    - ----------------------------------------------------------------------
    Debian Security Advisory DSA-1928-1                This email address is being protected from spambots. You need JavaScript enabled to view it.                           Dann Frazier
    November 5, 2009          
    - ----------------------------------------------------------------------
    Package        : linux-2.6.24
    Vulnerability  : privilege escalation/denial of service/sensitive memory leak
    Problem type   : local/remote
    Debian-specific: no
    CVE Id(s)      : CVE-2009-2846 CVE-2009-2847 CVE-2009-2848 CVE-2009-2849
                     CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910
                     CVE-2009-3001 CVE-2009-3002 CVE-2009-3228 CVE-2009-3238
                     CVE-2009-3286 CVE-2009-3547 CVE-2009-3612 CVE-2009-3613
                     CVE-2009-3620 CVE-2009-3621
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a denial of service, sensitive memory leak or privilege
    escalation.  The Common Vulnerabilities and Exposures project
    identifies the following problems:
        Michael Buesch noticed a typing issue in the eisa-eeprom driver
        for the hppa architecture. Local users could exploit this issue to
        gain access to restricted memory.
        Ulrich Drepper noticed an issue in the do_sigalstack routine on
        64-bit systems. This issue allows local users to gain access to
        potentially sensitive memory on the kernel stack.
        Eric Dumazet discovered an issue in the execve path, where the
        clear_child_tid variable was not being properly cleared. Local
        users could exploit this issue to cause a denial of service
        (memory corruption).
        Neil Brown discovered an issue in the sysfs interface to md
        devices. When md arrays are not active, local users can exploit
        this vulnerability to cause a denial of service (oops).
        Mark Smith discovered a memory leak in the appletalk
        implementation.  When the appletalk and ipddp modules are loaded,
        but no ipddp"N" device is found, remote attackers can cause a
        denial of service by consuming large amounts of system memory.
        Loic Minier discovered an issue in the eCryptfs filesystem. A
        local user can cause a denial of service (kernel oops) by causing
        a dentry value to go negative.
        Arjan van de Ven discovered an issue in the AX.25 protocol
        implementation. A specially crafted call to setsockopt() can
        result in a denial of service (kernel oops).
        Jan Beulich discovered the existence of a sensitive kernel memory
        leak. Systems running the 'amd64' kernel do not properly sanitize
        registers for 32-bit processes.
        Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE
        802.2 LLC implementation. This is not exploitable in the Debian
        lenny kernel as root privileges are required to exploit this
        Eric Dumazet fixed several sensitive memory leaks in the IrDA,
        X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area
        Network (CAN) implementations. Local users can exploit these
        issues to gain access to kernel memory.
        Eric Dumazet reported an instance of uninitialized kernel memory
        in the network packet scheduler. Local users may be able to
        exploit this issue to read the contents of sensitive kernel
        Linus Torvalds provided a change to the get_random_int() function
        to increase its randomness.
        Eric Paris discovered an issue with the NFSv4 server
        implementation.  When an O_EXCL create fails, files may be left
        with corrupted permissions, possibly granting unintentional
        privileges to other local users.
        Earl Chew discovered a NULL pointer dereference issue in the
        pipe_rdwr_open function which can be used by local users to gain
        elevated privileges.
        Jiri Pirko discovered a typo in the initialization of a structure
        in the netlink subsystem that may allow local users to gain access
        to sensitive kernel memory.
        Alistair Strachan reported an issue in the r8169 driver. Remote
        users can cause a denial of service (IOMMU space exhaustion and
        system crash) by transmitting a large amount of jumbo frames.
        Ben Hutchings discovered an issue in the DRM manager for ATI Rage
        128 graphics adapters. Local users may be able to exploit this
        vulnerability to cause a denial of service (NULL pointer
        Tomoki Sekiyama discovered a deadlock condition in the UNIX domain
        socket implementation. Local users can exploit this vulnerability
        to cause a denial of service (system hang).
    For the oldstable distribution (etch), this problem has been fixed in
    version 2.6.24-6~etchnhalf.9etch1.
    We recommend that you upgrade your linux-2.6.24 packages.
    Note: Debian 'etch' includes linux kernel packages based upon both the
    2.6.18 and 2.6.24 linux releases.  All known security issues are
    carefully tracked against both packages and both packages will receive
    security updates until security support for Debian 'etch'
    concludes. However, given the high frequency at which low-severity
    security issues are discovered in the kernel and the resource
    requirements of doing an update, lower severity 2.6.18 and 2.6.24
    updates will typically release in a staggered or "leap-frog" fashion.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    Oldstable updates are available for alpha, amd64, hppa, i386, ia64, and mipsel.
    Updates for other architectures will be released as the they become available.
    Source archives:
        Size/MD5 checksum:     5118 11c39e0f0505c5a71453ba177ec2f780
        Size/MD5 checksum:  4062851 38835b393eaf53915dbee39ef0ef0bce
        Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af
    Architecture independent packages:
        Size/MD5 checksum:  4262022 bb1c503dcb847b700814d433cdddb1f9
        Size/MD5 checksum:    83302 2a8576eb3003b7ba1ead19ad7ef6ce0c
        Size/MD5 checksum:  1548296 3e044fb0d0bb8614f787f78fee86ce04
        Size/MD5 checksum: 46864328 20c0417498421842a7175074aea06a0f
        Size/MD5 checksum:    97672 b1aa55ab4464293f5dac5b38e05948bb
        Size/MD5 checksum:   964124 a40463a66e93920bdd639d2c70d870cb
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:    82894 819512914da24a2d82d471a17a6126ea
        Size/MD5 checksum:   332670 c249c0b58448936c450c26b1340994d0
        Size/MD5 checksum: 26758158 1a5497e6cd4f62b36f4cfdae9a606e24
        Size/MD5 checksum: 26737882 fc949e1dbc0d0c6c7688148babdfd5d1
        Size/MD5 checksum:  3454880 83a5e26b99def049eec7571242778961
        Size/MD5 checksum:   332158 8f3a3adf61a6e150763a383d4b566db2
        Size/MD5 checksum:   330952 0ec11881ba63842e135d3752a765177d
        Size/MD5 checksum:    82868 b5396790365bab5a2d032d1b3bece1ed
        Size/MD5 checksum: 27341634 d11f40ed34af0197de7f61ef07d30abb
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:   354620 0decd6646f19383f6958e5d90b92e87b
        Size/MD5 checksum:    82864 2869e673de24c9741042e2bb37f84d58
        Size/MD5 checksum:  3650612 1b0f205b955558d402611693f783c495
        Size/MD5 checksum: 19598112 ed3b7a91d93a116a4b175d173ad0f078
        Size/MD5 checksum:    82872 c560fbca727844a090f88f9d6569ed0b
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:    82992 1604c10382bd677723af0a811fdb466f
        Size/MD5 checksum:   258316 90502abd75a09ceed13a5efd22e996c5
        Size/MD5 checksum:  3445284 32e69244553a870750d771254d1c95bd
        Size/MD5 checksum:   258996 fc63f1ef7e55c899b9ef2d736bc5e648
        Size/MD5 checksum:   260542 97df4eda2fbd582dd6951bb1b7f31e85
        Size/MD5 checksum: 14830274 fb45fe9d1b77d908d5adbb353b211994
        Size/MD5 checksum:   261064 f5d2cbb6216c1ffebbd73153a75e75a5
        Size/MD5 checksum:    83020 103285de6aad099908a2fedbbca24069
        Size/MD5 checksum: 13847626 3c429ea0e61a446b3e7b13b943eafcb5
        Size/MD5 checksum: 14374844 760d7850faff110d14494c86095aa45c
        Size/MD5 checksum: 13335298 2b476692a155f3f735f3af76f7170cd8
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   358770 0778828f3b2061e293f3aabc0aa78315
        Size/MD5 checksum:   358342 3c8b34971bd6f2b69854328888aa4349
        Size/MD5 checksum: 19146708 1818f00a12bc38f393e6d84f71afae73
        Size/MD5 checksum:    82890 318cd7ef9d8b39d02da83a3a982f7c40
        Size/MD5 checksum: 19481866 bb86c9b5a4944b48492a38f81ea38026
        Size/MD5 checksum:  3655456 fb818a8696c619e5c9c7af73eec2b3c3
        Size/MD5 checksum:   358104 388750612fda29fb362771823e54993c
        Size/MD5 checksum: 19213920 bc5f6ef45349d25064125c5c34e78fde
        Size/MD5 checksum: 19215890 868b1eb9c46677d9d97d0678b4a21894
        Size/MD5 checksum:   346092 1874a566f494c8fa93946f7cdf71557f
        Size/MD5 checksum:    82864 321874f0f13b6e236c428568a492cb90
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:    82866 410b7f438b9b8468e3789058dcb31d63
        Size/MD5 checksum: 32208224 154e3adb6765a43a000dcb9f9256db56
        Size/MD5 checksum:  3568326 aa15646940c12e9f722d3668cca00270
        Size/MD5 checksum:    82888 31354bcffa90ddfd3dd3905f37b53685
        Size/MD5 checksum:   319102 7e62e5eadf5b3b8eecc22ccdfa57b19a
        Size/MD5 checksum:   319462 44040aba13eedc65922aa25a05fc8b86
        Size/MD5 checksum: 32025040 474e2842ef8f69677380db67882b0fb0
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum: 13317670 61df26ad246695fad18f2f76c3c5163f
        Size/MD5 checksum:  3804192 393d33cc947f3e091c5858ef9179a70a
        Size/MD5 checksum:   308984 157b8af3aa5634f7a516cdf5cc220836
        Size/MD5 checksum:   309750 d7ff28e982746494de3626cd747287c5
        Size/MD5 checksum: 21737172 78c5c433465bc97c6c16a49fea05b575
        Size/MD5 checksum:   246818 884f377e13d22f6633a49d4c0367f848
        Size/MD5 checksum:    82870 cacc5fac473c021a7e0c0f7103e1efc0
        Size/MD5 checksum:   246614 31c1c45fab75abb6221285c152b23cfd
        Size/MD5 checksum: 16567458 f1da961b02a1c60672349c1a9c19c9d1
        Size/MD5 checksum:    82916 4b4d12b65b14c90ac9dda0c6303f9f5c
        Size/MD5 checksum: 16631254 b956adbf57f77bc34f06ca58d0d6a73f
        Size/MD5 checksum: 26990038 bd115b24191672415033fb0d077e33e8
        Size/MD5 checksum:   247676 99d036e308655b4fb11d460fd50c4dd1
      These changes will probably be included in the oldstable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.