Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2004-1: New Linux 2.6.24 packages fix several vulnerabilities

    Date 28 Feb 2010
    Posted By LinuxSecurity Advisories
    NOTE: This kernel update marks the final planned kernel security update for the 2.6.24 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date.
    Hash: SHA1
    - ----------------------------------------------------------------------
    Debian Security Advisory DSA-2004-1                This email address is being protected from spambots. You need JavaScript enabled to view it.                           Dann Frazier
    February 27, 2010         
    - ----------------------------------------------------------------------
    Package        : linux-2.6.24
    Vulnerability  : privilege escalation/denial of service/sensitive memory leak
    Problem type   : local/remote
    Debian-specific: no
    CVE Id(s)      : CVE-2009-2691 CVE-2009-2695 CVE-2009-3080 CVE-2009-3726
                     CVE-2009-3889 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021
                     CVE-2009-4138 CVE-2009-4308 CVE-2009-4536 CVE-2009-4538
                     CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0410
                     CVE-2010-0415 CVE-2010-0622
    NOTE: This kernel update marks the final planned kernel security
    update for the 2.6.24 kernel in the Debian release 'etch'.  Although
    security support for 'etch' officially ended on Feburary 15th, 2010,
    this update was already in preparation before that date.
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a denial of service, sensitive memory leak or privilege
    escalation.  The Common Vulnerabilities and Exposures project
    identifies the following problems:
        Steve Beattie and Kees Cook reported an information leak in the
        maps and smaps files available under /proc. Local users may be
        able to read this data for setuid processes while the ELF binary
        is being loaded.
        Eric Paris provided several fixes to increase the protection
        provided by the mmap_min_addr tunable against NULL pointer
        dereference vulnerabilities.
        Dave Jones reported an issue in the gdth SCSI driver. A missing
        check for negative offsets in an ioctl call could be exploited by
        local users to create a denial of service or potentially gain
        elevated privileges.
        Trond Myklebust reported an issue where a malicious NFS server
        could cause a denial of service condition on its clients by
        returning incorrect attributes during an open call.
        Joe Malicki discovered an issue in the megaraid_sas driver.
        Insufficient permissions on the sysfs dbg_lvl interface allow
        local users to modify the debug logging behavior.
        Roel Kluin discovered an issue in the hfc_usb driver, an ISDN
        driver for Colognechip HFC-S USB chip. A potential read overflow
        exists which may allow remote users to cause a denial of service
        condition (oops).
        Amerigo Wang discovered an issue in the HFS filesystem that would
        allow a denial of service by a local user who has sufficient
        privileges to mount a specially crafted filesystem.
        Anana V. Avati discovered an issue in the fuse subsystem. If the
        system is sufficiently low on memory, a local user can cause the
        kernel to dereference an invalid pointer resulting in a denial of
        service (oops) and potentially an escalation of privileges.
        Jay Fenlason discovered an issue in the firewire stack that allows
        local users to cause a denial of service (oops or crash) by making
        a specially crafted ioctl call.
        Ted Ts'o discovered an issue in the ext4 filesystem that allows
        local users to cause a denial of service (NULL pointer
        dereference).  For this to be exploitable, the local user must
        have sufficient privileges to mount a filesystem.
    CVE-2009-4536 & CVE-2009-4538
        Fabian Yamaguchi reported issues in the e1000 and e1000e drivers
        for Intel gigabit network adapters which allow remote users to
        bypass packet filters using specially crafted Ethernet frames.
        Andi Kleen reported a defect which allows local users to gain read
        access to memory reachable by the kernel when the
        print-fatal-signals option is enabled. This option is disabled by
        Florian Westphal reported a lack of capability checking in the
        ebtables netfilter subsystem. If the ebtables module is loaded,
        local users can add and modify ebtables rules.
        Al Viro reported several issues with the mmap/mremap system calls
        that allow local users to cause a denial of service (system panic)
        or obtain elevated privileges.
         Sebastian Krahmer discovered an issue in the netlink connector
         subsystem that permits local users to allocate large amounts of
         system memory resulting in a denial of service (out of memory).
        Ramon de Carvalho Valle discovered an issue in the sys_move_pages
        interface, limited to amd64, ia64 and powerpc64 flavors in Debian.
        Local users can exploit this issue to cause a denial of service
        (system crash) or gain access to sensitive kernel memory.
        Jermome Marchand reported an issue in the futex subsystem that
        allows a local user to force an invalid futex state which results
        in a denial of service (oops).
    For the oldstable distribution (etch), this problem has been fixed in
    version 2.6.24-6~etchnhalf.9etch3.
    We recommend that you upgrade your linux-2.6.24 packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    Oldstable updates are available for alpha, amd64, arm, hppa, i386,
    ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:     5118 e05bb21e7655cbfa39aed8d4fd6842eb
        Size/MD5 checksum:  4099250 127bad8d653046d37fc52115d4e3a332
        Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af
    Architecture independent packages:
        Size/MD5 checksum:  4263554 6c56ff077d17eba766af47544ce0f414
        Size/MD5 checksum:    83890 62cfd18ed176359831502e70d80b291a
        Size/MD5 checksum: 46871628 328ad30d3c07f90c56d821f76e186b40
        Size/MD5 checksum:  1550090 1f114fdc3123f135017dbdcd0e4839c6
        Size/MD5 checksum:  1009878 c7b7abff092940a400703b9168e46daa
        Size/MD5 checksum:    98248 a2a391008f8855d8358d5f18d9d76044
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   329786 a212d2b3a94f8a04611c0f20d3d324b9
        Size/MD5 checksum: 27236282 b5bc553c4bf3a49843c45814fab72443
        Size/MD5 checksum:    83428 f5f27b9de4905239e6315c77393f1f03
        Size/MD5 checksum:    83454 5d152b5b6aa505982ebc7122a770b29b
        Size/MD5 checksum: 26641900 c799e7d48937975036b46edf032ecd87
        Size/MD5 checksum: 26620162 eb1c3c27f1ac81959dc0f2ab497aee35
        Size/MD5 checksum:  3455268 da2d2cc2b7c4253ac408c30fcfddb28f
        Size/MD5 checksum:   329788 f589f8815f7adf02f8884e2dd3ac613f
        Size/MD5 checksum:   329336 14bf085655b30adc8ab8f6ed4207d415
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum: 19482308 c49d2962c1a391fb00fb1b5f0598b24e
        Size/MD5 checksum:  3656476 f2f5de65037664d03208fcea83bf2ee2
        Size/MD5 checksum:    83422 600c7216143f43f9c61b0c2ccd118ea0
        Size/MD5 checksum:    83434 36f1d8f21ec39a473536dbeda2332e62
        Size/MD5 checksum:   346940 d3f12fdd61f90749fdd08d857b326327
    arm architecture (ARM)
        Size/MD5 checksum:  9357734 3e1165a0795d7db5f7ed8ef84205064b
        Size/MD5 checksum:   298744 50d8bfa3c06134e190409399a36c5aa9
        Size/MD5 checksum:    83546 1742ab93afadd1827009bf1d714e76eb
        Size/MD5 checksum:    83578 07906e33f9ad267d986991c93eef1048
        Size/MD5 checksum: 10778670 cc38a718ad5fd1c6e92d23e416610bd6
        Size/MD5 checksum:   308138 34dbc7720b1844833f0b71aa307c37fa
        Size/MD5 checksum:   310714 6a2c6fbbc1dd000b8a532227e3b8b5ae
        Size/MD5 checksum:  3939512 91c2ba626e754fe407d6dcf3fa01337a
        Size/MD5 checksum: 10786892 4d44a4ff751969855a01ad754a7c2b22
    hppa architecture (HP PA RISC)
        Size/MD5 checksum: 14375048 fe6ed4dea09aa205d801476667ef03cb
        Size/MD5 checksum: 13847788 4adc3106a987d84e12215156a379f460
        Size/MD5 checksum:   259624 ac09dcabb624984b7321a5f6b6dbef54
        Size/MD5 checksum:    83578 e152e18748e5c80b6d06715db836cf83
        Size/MD5 checksum:   260838 44bc8ad5796c124b53d85a8c3a4ed912
        Size/MD5 checksum:   262420 ff0641f04c409dd606c34373e8e16269
        Size/MD5 checksum: 14830990 cce09e8022bee915dcde5dd8b9525428
        Size/MD5 checksum: 13333594 a4dc863b0c84b9006c723db9a581c92e
        Size/MD5 checksum:    83546 990eb24056c7f6a63a4d55ec39563bae
        Size/MD5 checksum:  3446386 6ebfa4544252648df48cfb085cc3d2cc
        Size/MD5 checksum:   258962 75184bed1f0b42cd8e002f93ed42198a
    i386 architecture (Intel ia32)
        Size/MD5 checksum:  3656680 c5499cb98cdcdcadc48e3aa5bdf1d379
        Size/MD5 checksum: 19214268 e3f564cae5a85355f4b5a9248a11af98
        Size/MD5 checksum: 19148424 dd1d713c896888370a1667a16571c08c
        Size/MD5 checksum:   346982 6a6a08f74f9690705e6d770d1f3f2566
        Size/MD5 checksum:   359548 b10fe011746b0df5fbd2587292af34ae
        Size/MD5 checksum: 19482314 5d9cc150e340aea40e253a757cfdc423
        Size/MD5 checksum:    83452 32a1614212e964a4423b161b34cd758d
        Size/MD5 checksum: 19213598 4f459c2d2cdb87a6f945cbee7d4500d4
        Size/MD5 checksum:   358212 58ba32b0701643f043ab38a487cae609
        Size/MD5 checksum:    83424 c1e8493aff96df5b0fe33f5af4686f98
        Size/MD5 checksum:   358752 4e3e9ef18a14fd191444591df571f80c
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:  3569470 9ae824064bfc785f4b3512db78119e46
        Size/MD5 checksum: 32206374 badd40dd68e2c6634c65f79d9536e34d
        Size/MD5 checksum:    83432 64a48fa9283b1741e22f0a22dbb93b20
        Size/MD5 checksum:    83456 235a5572d5e109a4b575080a8262dc57
        Size/MD5 checksum:   319938 d7dc0120458e93119879dcdd1e48017e
        Size/MD5 checksum: 32025762 7595d7dc21d3273f46b35b8c00b0e195
        Size/MD5 checksum:   320226 34731a37b519d726b133093e04d937c3
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum: 22243472 532341ea0847ea19414413f7659ff13d
        Size/MD5 checksum:   248638 ce9da5c377d6328e9bb9be1c3945fff8
        Size/MD5 checksum: 12001172 817c44fd5afbeef1b9f172522ff21bcb
        Size/MD5 checksum: 10553972 20ddd95631b93efd52ae0aa38a5cd6d4
        Size/MD5 checksum:    83600 a7b66d71779dea207a3d49cb9f692fdb
        Size/MD5 checksum: 27858364 54998117445c20f413331d1197355745
        Size/MD5 checksum: 17212542 bf6c996fd387eef151e0db60d1bd00f2
        Size/MD5 checksum:   313302 314b57dc807eb91f617c10b1497e1617
        Size/MD5 checksum:   314602 2c127076bf189be2836a4c3a4c7736af
        Size/MD5 checksum:  3804368 fbcb3bdd668db166ad3f08e6dbfbc6e0
        Size/MD5 checksum: 17194888 9bce41a8b9936a16a3aa9cca675b9638
        Size/MD5 checksum:    83540 8acdb1b4a4bc57f55b9cc5b2b04043a4
        Size/MD5 checksum:   229412 0b93c7c909eca04fad4fa45e3e73e96c
        Size/MD5 checksum:   248700 13266a2acd5fcbd75d11049dd5e5ad58
        Size/MD5 checksum:   218314 4174dec1c73ca114469cbb88fba32926
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum: 16567710 29d2ab68b4259a1822a2ca19e9494f5d
        Size/MD5 checksum:   309868 d69b27ef946f2ac62b115e0200fe8002
        Size/MD5 checksum: 26988356 f0d885b353b15dc42e4e76da8a8fb129
        Size/MD5 checksum:   248150 7c585f74e0752a631050b13b9740c0c3
        Size/MD5 checksum: 13318088 0b0a8b724245ac10817b03c4cf734827
        Size/MD5 checksum:    83484 a678208f18017a9c87d45548916fd98e
        Size/MD5 checksum:   311392 5b1f0957a2756b04be6c95ae8ca5e2c8
        Size/MD5 checksum: 21736368 02da1a4e543b8c5082476b156281cb31
        Size/MD5 checksum:   247968 929ca712a0aa0984f9dc2a6f68f405a5
        Size/MD5 checksum: 16632240 c9de1dfccb8a5cb5d5d652ca694a7108
        Size/MD5 checksum:  3805532 be10a8b64da3adf7ece3846b0b0bf930
        Size/MD5 checksum:    83434 ac0cb9b5939e4ea82c3c83a1a1d473ed
        Size/MD5 checksum:   248174 50e84058a7d710f013f92e1fe68a705c
    powerpc architecture (PowerPC)
        Size/MD5 checksum:   322474 2d7e39cf0b78d98125a0baba377f1af0
        Size/MD5 checksum: 19195556 bb2bd8e203cee7b3c6739d5c5d11901a
        Size/MD5 checksum:   324008 3b021bb4b3dac72dc68e701f4a209939
        Size/MD5 checksum:   295928 ca2bf1c3c12f409e469c516877a8e91c
        Size/MD5 checksum: 21170062 4022dbff73ebfde3a846ce38896cf09c
        Size/MD5 checksum:   322502 4b76cce255e1fcc72cb82053cd34a1a2
        Size/MD5 checksum: 17459240 ad749c6e735e58d775b7190ff3d26e50
        Size/MD5 checksum:    83466 a041c0fdb383832cf725723ce22e40c0
        Size/MD5 checksum:    83430 392d415932625b1a69dc6494d2f737e0
        Size/MD5 checksum:  3674486 200fdcca2140a97f961a37d70db620d5
        Size/MD5 checksum: 19487244 b42ad8431643d89a1f8b0e6e0aaeb39e
    s390 architecture (IBM S/390)
        Size/MD5 checksum:    83532 a1c34683fe304f1a86bbc28f6cbc654c
        Size/MD5 checksum:    83556 bf7fed1ef4da92d782409fe8345f861a
        Size/MD5 checksum:  6976486 5b5db16fea4336068bbcd5bff56ad575
        Size/MD5 checksum:  7228452 75c044fa17d6071de36579a1491c2e1b
        Size/MD5 checksum:  3431908 18825f85900faca81b21e48d43af6ee7
        Size/MD5 checksum:   197006 0a44248e77ec1ff027edd032ebe5b2c6
        Size/MD5 checksum:  1503494 bd7f7b7bd4e120472bf60ad0b7d9184e
        Size/MD5 checksum:   196810 f03114c2f256a97b15f88d2659f9501b
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:    83428 1ea7179752fbb45e10e731991583db68
        Size/MD5 checksum:   263546 ef894d6917cbe692ec9197048538d5e7
        Size/MD5 checksum:  3651402 a0194c650712040f81e97d5b3b62bc79
        Size/MD5 checksum:   264892 0b642e20f00b52c20b6ae9e0ee1f78b8
        Size/MD5 checksum:    83442 6d109d7f131dab564736e2ac6a85dd29
        Size/MD5 checksum: 13318532 dbce062bfa560c331b75bed073868e1d
        Size/MD5 checksum: 13019464 b0b153fafa43b650e996a9d84bbb26d7
      These changes will probably be included in the oldstable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    Which is the best secure Linux distro for pentesting?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"174","title":"Kali Linux","votes":"15","type":"x","order":"1","pct":57.69,"resources":[]},{"id":"175","title":"Parrot OS","votes":"10","type":"x","order":"2","pct":38.46,"resources":[]},{"id":"176","title":"BlackArch Linux","votes":"1","type":"x","order":"3","pct":3.85,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.