Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2303-2: New linux-2.6 packages fix regression

    Date 10 Sep 2011
    Posted By LinuxSecurity Advisories
    The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a regression that can result in an oops during invalid accesses to /proc//maps files.
    Hash: SHA1
    - ----------------------------------------------------------------------
    Debian Security Advisory DSA-2303-2                This email address is being protected from spambots. You need JavaScript enabled to view it.                           Dann Frazier
    September 10, 2011        
    - ----------------------------------------------------------------------
    Package        : linux-2.6
    Vulnerability  : privilege escalation/denial of service/information leak
    Problem type   : local/remote
    Debian-specific: no
    CVE Id(s)      : CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491
                     CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497
                     CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723
                     CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928
                     CVE-2011-3188 CVE-2011-3191
    Debian Bug     : 640966
    The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a
    regression that can result in an oops during invalid accesses to
    /proc//maps files.
    The text of the original advisory is reproduced for reference:
    Several vulnerabilities have been discovered in the Linux kernel that may lead
    to a denial of service or privilege escalation. The Common Vulnerabilities and
    Exposures project identifies the following problems:
        Kees Cook discovered an issue in the /proc filesystem that allows local
        users to gain access to sensitive process information after execution of a
        setuid binary.
        Ryan Sweat discovered an issue in the VLAN implementation. Local users may
        be able to cause a kernel memory leak, resulting in a denial of service.
        Vasiliy Kulikov of Openwall discovered that the number of exit handlers that
        a process can register is not capped, resulting in local denial of service
        through resource exhaustion (cpu time and memory).
        Vasily Averin discovered an issue with the NFS locking implementation.  A
        malicious NFS server can cause a client to hang indefinitely in an unlock
        Marek Kroemeke and Filip Palian discovered that uninitialized struct
        elements in the Bluetooth subsystem could lead to a leak of sensitive kernel
        memory through leaked stack memory.
        Vasiliy Kulikov of Openwall discovered that the io file of a process' proc
        directory was world-readable, resulting in local information disclosure of
        information such as password lengths.
        Robert Swiecki discovered that mremap() could be abused for local denial of
        service by triggering a BUG_ON assert.
        Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,
        which could lead to denial of service or privilege escalation.
        It was discovered that the netlink-based wireless configuration interface
        performed insufficient length validation when parsing SSIDs, resulting in
        buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a
        denial of service.
        Ben Pfaff reported an issue in the network scheduling code. A local user
        could cause a denial of service (NULL pointer dereference) by sending a
        specially crafted netlink message.
        Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the
        driver for the Si4713 FM Radio Transmitter driver used by N900 devices.
        Local users could exploit this issue to cause a denial of service or
        potentially gain elevated privileges.
        Brent Meshier reported an issue in the GRO (generic receive offload)
        implementation. This can be exploited by remote users to create a denial of
        service (system crash) in certain network device configurations.
        Christian Ohm discovered that the 'perf' analysis tool searches for its
        config files in the current working directory. This could lead to denial of
        service or potential privilege escalation if a user with elevated privileges
        is tricked into running 'perf' in a directory under the control of the
        Vasiliy Kulikov of Openwall discovered that a programming error in
        the Comedi driver could lead to the information disclosure through 
        leaked stack memory.
        Vince Weaver discovered that incorrect handling of software event overflows
        in the 'perf' analysis tool could lead to local denial of service.
        Timo Warns discovered that insufficient validation of Be filesystem images
        could lead to local denial of service if a malformed filesystem image is
        Dan Kaminsky reported a weakness of the sequence number generation in the
        TCP protocol implementation. This can be used by remote attackers to inject
        packets into an active session.
        Darren Lavender reported an issue in the Common Internet File System (CIFS).
        A malicious file server could cause memory corruption leading to a denial of
    This update also includes a fix for a regression introduced with the previous
    security fix for CVE-2011-1768 (Debian: #633738)
    For the stable distribution (squeeze), this problem has been fixed in version
    2.6.32-35squeeze2. Updates for issues impacting the oldstable distribution
    (lenny) will be available soon.
    The following matrix lists additional source packages that were rebuilt for
    compatibility with or to take advantage of this update:
                                                 Debian 6.0 (squeeze)
         user-mode-linux                         2.6.32-1um-4+35squeeze2
    We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at:
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.