Debian 4.0: DSA-2004-1 Critical: Kernel Escalation and DoS Issues
debian
March 1, 2010
NOTE: This kernel update marks the final planned kernel security update for the 2.6.24 kernel in the Debian release 'etch'
Summary
NOTE: This kernel update marks the final planned kernel security
update for the 2.6.24 kernel in the Debian release 'etch'. Although
security support for 'etch' officially ended on Feburary 15th, 2010,
this update was already in preparation before that date.
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-2691
Steve Beattie and Kees Cook reported an information leak in the
maps and smaps files available under /proc. Local users may be
able to read this data for setuid processes while the ELF binary
is being loaded.
CVE-2009-2695
Eric Paris provided several fixes to increase the protection
provided by the mmap_min_addr tunable against NULL pointer
dereference vulnerabilities.
CVE-2009-3080
Dave Jones reported an issue in the gdth SCSI driver. A missing
check for negative of...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux-2.6.24
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!