Debian: DSA-2310-1: linux-2.6 security update

    Date22 Sep 2011
    CategoryDebian
    42
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-2310-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                              dann frazier
    September 22, 2011                     http://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : linux-2.6
    Vulnerability  : privilege escalation/denial of service/information leak
    Problem type   : local/remote
    Debian-specific: no
    CVE Id(s)      : CVE-2009-4067 CVE-2011-0712 CVE-2011-1020 CVE-2011-2209
                     CVE-2011-2211 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491
                     CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497
                     CVE-2011-2525 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191
    Debian Bug     : 633738
    
    Several vulnerabilities have been discovered in the Linux kernel that may lead
    to a privilege escalation, denial of service or information leak.  The Common
    Vulnerabilities and Exposures project identifies the following problems:
    
    CVE-2009-4067
    
        Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald
        module, a driver for Auerswald PBX/System Telephone USB devices.  Attackers
        with physical access to a system's USB ports could obtain elevated
        privileges using a specially crafted USB device.
    
    CVE-2011-0712
    
        Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq
        module, a USB driver for Native Instruments USB audio devices. Attackers
        with physical access to a system's USB ports could obtain elevated
        privileges using a specially crafted USB device.
    
    CVE-2011-1020
    
        Kees Cook discovered an issue in the /proc filesystem that allows local
        users to gain access to sensitive process information after execution of a
        setuid binary.
    
    CVE-2011-2209
    
        Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the
        alpha architecture. Local users could obtain access to sensitive kernel
        memory.
        
    CVE-2011-2211
    
        Dan Rosenberg discovered an issue in the osf_wait4() system call on the
        alpha architecture permitting local users to gain elevated privileges.
    
    CVE-2011-2213
    
        Dan Rosenberg discovered an issue in the INET socket monitoring interface.
        Local users could cause a denial of service by injecting code and causing
        the kernel to execute an infinite loop.
    
    CVE-2011-2484
    
        Vasiliy Kulikov of Openwall discovered that the number of exit handlers that
        a process can register is not capped, resulting in local denial of service
        through resource exhaustion (cpu time and memory).
    
    CVE-2011-2491
    
        Vasily Averin discovered an issue with the NFS locking implementation.  A
        malicious NFS server can cause a client to hang indefinitely in an unlock
        call.
    
    CVE-2011-2492
    
        Marek Kroemeke and Filip Palian discovered that uninitialized struct
        elements in the Bluetooth subsystem could lead to a leak of sensitive kernel
        memory through leaked stack memory.
    
    CVE-2011-2495
    
        Vasiliy Kulikov of Openwall discovered that the io file of a process' proc
        directory was world-readable, resulting in local information disclosure of
        information such as password lengths.
    
    CVE-2011-2496
    
        Robert Swiecki discovered that mremap() could be abused for local denial of
        service by triggering a BUG_ON assert.
    
    CVE-2011-2497
    
        Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,
        which could lead to denial of service or privilege escalation.
    
    CVE-2011-2525
    
        Ben Pfaff reported an issue in the network scheduling code. A local user
        could cause a denial of service (NULL pointer dereference) by sending a
        specially crafted netlink message.
    
    CVE-2011-2928
    
        Timo Warns discovered that insufficient validation of Be filesystem images
        could lead to local denial of service if a malformed filesystem image is
        mounted.
    
    CVE-2011-3188
    
        Dan Kaminsky reported a weakness of the sequence number generation in the
        TCP protocol implementation. This can be used by remote attackers to inject
        packets into an active session.
    
    CVE-2011-3191
    
        Darren Lavender reported an issue in the Common Internet File System (CIFS).
        A malicious file server could cause memory corruption leading to a denial of
        service.
    
    This update also includes a fix for a regression introduced with the previous
    security fix for CVE-2011-1768 (Debian: #633738)
    
    For the oldstable distribution (lenny), this problem has been fixed in version
    2.6.26-26lenny4. Updates for arm and alpha are not yet available, but will be
    released as soon as possible. Updates for the hppa and ia64 architectures will
    be included in the upcoming 5.0.9 point release.
    
    The following matrix lists additional source packages that were rebuilt for
    compatibility with or to take advantage of this update:
    
                                                 Debian 5.0 (lenny)
         user-mode-linux                         2.6.26-1um-2+26lenny4
    
    We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
    These updates will not become active until after your system is rebooted.
    
    Note: Debian carefully tracks all known security issues across every
    linux kernel package in all releases under active security support.
    However, given the high frequency at which low-severity security
    issues are discovered in the kernel and the resource requirements of
    doing an update, updates for lower priority issues will normally not
    be released for all kernels at the same time. Rather, they will be
    released in a staggered or "leap-frog" fashion.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"14","type":"x","order":"1","pct":53.85,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":30.77,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.