Linux Security
Linux Security
Linux Security

Debian: Linux 2.6.18 fix several vulnerabilities DSA-1687-1

Date 15 Dec 2008
Posted By LinuxSecurity Advisories
Tavis Ormandy reported a local DoS and potential privilege escalation in the Virtual Dynamic Shared Objects (vDSO) implementation.
- ----------------------------------------------------------------------
Debian Security Advisory DSA-1687-1                This email address is being protected from spambots. You need JavaScript enabled to view it.                           dann frazier
Dec 15, 2008              
- ----------------------------------------------------------------------

Package        : linux-2.6
Vulnerability  : denial of service/privilege escalation
Problem type   : local/remote
Debian-specific: no
CVE Id(s)      : CVE-2008-3527 CVE-2008-3528 CVE-2008-4554 CVE-2008-4576
                 CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029
                 CVE-2008-5079 CVE_2008-5182 CVE-2008-5300

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following


    Tavis Ormandy reported a local DoS and potential privilege
    escalation in the Virtual Dynamic Shared Objects (vDSO)


    Eugene Teo reported a local DoS issue in the ext2 and ext3
    filesystems.  Local users who have been granted the privileges
    necessary to mount a filesystem would be able to craft a corrupted
    filesystem that causes the kernel to output error messages in an
    infinite loop.


    Milos Szeredi reported that the usage of splice() on files opened
    with O_APPEND allows users to write to the file at arbitrary
    offsets, enabling a bypass of possible assumed semantics of the
    O_APPEND flag.


    Vlad Yasevich reported an issue in the SCTP subsystem that may
    allow remote users to cause a local DoS by triggering a kernel


    Eric Sesterhenn reported a local DoS issue in the hfsplus
    filesystem.  Local users who have been granted the privileges
    necessary to mount a filesystem would be able to craft a corrupted
    filesystem that causes the kernel to overrun a buffer, resulting
    in a system oops or memory corruption.


    Eric Sesterhenn reported a local DoS issue in the hfsplus
    filesystem.  Local users who have been granted the privileges
    necessary to mount a filesystem would be able to craft a corrupted
    filesystem that results in a kernel oops due to an unchecked
    return value.


    Eric Sesterhenn reported a local DoS issue in the hfs filesystem.
    Local users who have been granted the privileges necessary to
    mount a filesystem would be able to craft a filesystem with a
    corrupted catalog name length, resulting in a system oops or
    memory corruption.


    Andrea Bittau reported a DoS issue in the unix socket subsystem
    that allows a local user to cause memory corruption, resulting in
    a kernel panic.


    Hugo Dias reported a DoS condition in the ATM subsystem that can
    be triggered by a local user by calling the svc_listen function
    twice on the same socket and reading /proc/net/atm/*vc.


    Al Viro reported race conditions in the inotify subsystem that may
    allow local users to acquire elevated privileges.


    Dann Frazier reported a DoS condition that allows local users to
    cause the out of memory handler to kill off privileged processes
    or trigger soft lockups due to a starvation issue in the unix
    socket subsystem.

For the stable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-23etch1.

We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.

Note: Debian 'etch' includes linux kernel packages based upon both the
2.6.18 and 2.6.24 linux releases.  All known security issues are
carefully tracked against both packages and both packages will receive
security updates until security support for Debian 'etch'
concludes. However, given the high frequency at which low-severity
security issues are discovered in the kernel and the resource
requirements of doing an update, lower severity 2.6.18 and 2.6.24
updates will typically release in a staggered or "leap-frog" fashion.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

The following matrix lists additional source packages that were rebuilt for
compatability with or to take advantage of this update:

                                             Debian 4.0 (etch)
     fai-kernels                             1.17+etch.23etch1
     user-mode-linux                         2.6.18-1um-2etch.23etch1

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:    19360 f0384a843ffc8952cbff2e25fe627a6b
    Size/MD5 checksum:  5413401 4a10af0cabdc8530b9c0d72891db9a42
    Size/MD5 checksum:    14435 4d10c30313e11a24621f7218c31f3582
    Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060
    Size/MD5 checksum:    57771 c453400f733526582aa19eec52109711
    Size/MD5 checksum:      740 f36c4fb705e5b9c7d698421d0aacf047
    Size/MD5 checksum:     5672 8293966d44f0bf254e9f9f5ed1630542
    Size/MD5 checksum:      892 c7b86a1845bc273e6a7f0471e0555e58

Architecture independent packages:
    Size/MD5 checksum:  1682698 9a53cd9991cfb454d638dbad8cea00b3
    Size/MD5 checksum: 41465432 23de1cd9c2a0fbb63065f924e5a9d00f
    Size/MD5 checksum:  3591554 d533d238b7e6864a72d0161a26ebb31a
    Size/MD5 checksum:    56918 822b3798ded87ac2b2729e55d410084e
    Size/MD5 checksum:  1090466 1f40c0abee8e501ef9ec411045f542f5
    Size/MD5 checksum:  3720252 97794d565ab5db3db6cba485c2af80f0

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   269882 c508165b7055b5193accbb4cdc037671
    Size/MD5 checksum: 23468062 084f93a39246bf56e459ce5c831e0f36
    Size/MD5 checksum:   270122 e14bc28b97a2ef24f619b5e16d72f175
    Size/MD5 checksum:   270508 c85a852e5eaddd497fa52df9f54c426f
    Size/MD5 checksum: 23540558 a415d6aa887683a04706d9a6274549ed
    Size/MD5 checksum:    56324 ffaae9d352af3b89e8166e2751ff3e47
    Size/MD5 checksum:    56358 913ae5005ebdf8f65944e0f86d5f5242
    Size/MD5 checksum:  3030252 2d943108a84cc4a642465732859ee59d
    Size/MD5 checksum:   269298 0e763ecd42cc9c8dca46a4abc14754ce
    Size/MD5 checksum:  3055080 07159b547402fc8e14b8a02e0310a1c3
    Size/MD5 checksum: 23846502 aebc7b1a914bae3eec6c5ce06eae800a
    Size/MD5 checksum: 23488466 177f9079cdaa79bb409b8f79ad91db2f

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:  3170560 255cf26cc9f2a0caa6ce02fda46d7070
    Size/MD5 checksum: 15263274 af1df9c75bc768c64ce052962d81b8e7
    Size/MD5 checksum:    56316 13388b32d4f08245e24a3055ad369d6a
    Size/MD5 checksum:   274084 1446f3f108c3ef6f710e1c83bdc7794c
    Size/MD5 checksum: 16865488 e74a4409424bc37afd3cf8d84e7a88ef
    Size/MD5 checksum:   273434 88baa6c7c91768f11cf7356963f0bb21
    Size/MD5 checksum:  3359676 1fe292880b5f92a74e6bca61695082f3
    Size/MD5 checksum:    56338 a5bcb5abdc16f269afeb96d50f725136
    Size/MD5 checksum: 15276526 f2eec94a9296818d23e1e970abc78d37
    Size/MD5 checksum:  5965696 94d7fd7aa223d2f54bcb64cbf553b299
    Size/MD5 checksum:  3193726 368d1927a908710ac8a243776e32c3d5
    Size/MD5 checksum:  3336820 46a4ddc2261240174c15cc854ed4ff08
    Size/MD5 checksum:  1654746 c4a5b2789d28ab76a9bedebf0a8916c8
    Size/MD5 checksum: 16821542 978c7d8f1be5b7489a9e566cfc91acc1
    Size/MD5 checksum:    56294 3fa8984302102d25341ed91540c6ed1f
    Size/MD5 checksum:  1687270 8da6624be3045a0a6893d6038db454e3
    Size/MD5 checksum:   273164 985a1e8e8719d786b32db0162f999b2f
    Size/MD5 checksum:   273524 f00fff5b0c7480e6e16a32d9ccaa2c03
    Size/MD5 checksum:    56306 93073a5b9a30ea081f0e9c12c6488d62

arm architecture (ARM)
    Size/MD5 checksum:  8874552 a280220d21fc5f33397ceccb611b16d3
    Size/MD5 checksum:   236070 b8d951c3d18f5850af73db2d5afe93a6
    Size/MD5 checksum:   235742 5212f40bfeace58989418ae3d8eb6e85
    Size/MD5 checksum:   201472 d25b41af0a2f65cd399c754855680087
    Size/MD5 checksum:  4591646 e2480d80466cb9dd0f6a225d25c256a6
    Size/MD5 checksum:  5015244 e0db634e60cfd8182051d7fdc44b5961
    Size/MD5 checksum:  7927900 94e7099950e3e48ec90a0a120ac48c3e
    Size/MD5 checksum:  3412788 0d97a5df1ef81a19bb749f7eff564450
    Size/MD5 checksum:    56422 698a5a5e7869490e094876dee3ccb040
    Size/MD5 checksum:    56370 92d68631cccf9193aa86be44565293b9
    Size/MD5 checksum:   206500 5ac78126922a636b71ee93be06a8efc0
    Size/MD5 checksum:   241160 b3ba90c2e590d5f2d35b2ec87f0583e4
    Size/MD5 checksum:  7571386 858738aafc789736b85a240abb06d6d1

hppa architecture (HP PA RISC)
    Size/MD5 checksum: 11816650 3eb4a8a52b839f37522c13bf261c2baf
    Size/MD5 checksum:   198896 a243bf6d1631e669536291524fd97ba8
    Size/MD5 checksum:    56350 c692a9c128d4fb72bdf62443208b9afc
    Size/MD5 checksum: 11006106 0def26738a5c0a14e25159f54ef45c9e
    Size/MD5 checksum:   197558 bd829e318bf0ca91e73fae9591baa333
    Size/MD5 checksum: 11410956 261b9a7e7b2404c6eacd2317b9e26973
    Size/MD5 checksum:    56326 6dcc57928f2d3ce4fb73d0450e66ceaf
    Size/MD5 checksum:   199820 1a553bcc50cf8010f555eec232d633fc
    Size/MD5 checksum:  3024676 bf1f90dbddccc38ecdbabc350dbb080e
    Size/MD5 checksum:   198504 2b5266526f59cb83af41ea197cd14e3b
    Size/MD5 checksum: 10559544 bd90bbbc7d8a8c6906a51bbf49b3e139

i386 architecture (Intel ia32)
    Size/MD5 checksum:  3212506 2f2838b74c687f49092cba088aaa5025
    Size/MD5 checksum:   285422 716cabff79e8d108409024beedd5c761
    Size/MD5 checksum:    56364 23fefb20fc7cfb2969c70ec3dcbfd7fc
    Size/MD5 checksum:  3236014 280e515e4d33b74171f18d90192f2781
    Size/MD5 checksum:   289742 0291669c961118af2f8d392d83cc2009
    Size/MD5 checksum: 14388800 1ef26929395c35dd69c68e7d7d539387
    Size/MD5 checksum: 25602042 8edf459235cf919e70db35db6e18a81c
    Size/MD5 checksum: 16540456 b64fd698fbb01314bd39b32b410ae487
    Size/MD5 checksum:   278156 d87fae685c6799e42afdfb33ca8efd42
    Size/MD5 checksum:  5508624 94bb0b0b80f8036b518837d5ce029f2b
    Size/MD5 checksum:    56376 fbc3b44752cc24d54018e7500b7caa9c
    Size/MD5 checksum: 16601198 58ad14c5b7a86283125b9d73f98c40ce
    Size/MD5 checksum:  1330892 02d869d6e62a29107871094dad2d2bfb
    Size/MD5 checksum:   286882 017783780fc1c626df5e6a739713cd2c
    Size/MD5 checksum:   278354 41e31611644a950b6a7b13e21c8fcb14
    Size/MD5 checksum:  3114734 cc9dc53c187d950a1d154a4f59cd54df
    Size/MD5 checksum: 14399606 21d200751abc6f09ad0fe60d5c4655ec
    Size/MD5 checksum: 16929578 4cc1238df2386a76dcd12ce916965be5
    Size/MD5 checksum:   287314 383667c0683ced9603f2a21be6105158
    Size/MD5 checksum: 16474612 6ffb3493ae7141c3af2b00e513bda9b2
    Size/MD5 checksum:    56422 eaad4bcfac9784563526b3ef77c3bbfe
    Size/MD5 checksum:  3228386 53af98a695ee7732f5b682f013e81c9d
    Size/MD5 checksum:    56348 def2ca9b2ceafe1170c6091f170d201d
    Size/MD5 checksum:   285644 2494d714e732fe2ca909cd80e0d4fcc2
    Size/MD5 checksum: 16514302 bbeabc71068d2664535d4d3b7d166b44
    Size/MD5 checksum: 16642362 1d69f5a6471d29ff481ccccdece1d5a3
    Size/MD5 checksum:   286868 76a6bbbb7810bab391fecd078ea713a6
    Size/MD5 checksum: 16323394 ac86cb6986fc48439edf76d0e78c75c4
    Size/MD5 checksum:   276950 548444172100ee78f39b3cbddfb0bd73
    Size/MD5 checksum:  1302696 a9988c16e715718a4d4547edf77d8c63

ia64 architecture (Intel ia64)
    Size/MD5 checksum:    56320 22738127d1c9ce4acc5538d0014fef5d
    Size/MD5 checksum:    56342 ecb66f5138131a351ea46167feda50a4
    Size/MD5 checksum:  3084404 5c6c1b42bc958427686de001a8f1a995
    Size/MD5 checksum: 28020804 40c13c914b51a21a1a24023798899a7b
    Size/MD5 checksum:   257864 475005498346a7d8b38a7c29509ccf4a
    Size/MD5 checksum: 28186348 8826f9beccdf15d89e6e93b453d512c1
    Size/MD5 checksum:   257820 0c8cc79934f006def209bb4a499c60ff

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:  6126884 792de360f86746a53710e5bd33b8f163
    Size/MD5 checksum:    56368 9a395680eae076a224dad896da65691c
    Size/MD5 checksum:   189126 18b896582f9351dc09b6e0a70ef90831
    Size/MD5 checksum:   170032 3458ed1dbcdc45653181b5c0fc7ecdb8
    Size/MD5 checksum:   156908 2ff3f8ac181d494d7cb4ef7222d7b07e
    Size/MD5 checksum:   165172 7a17550dcdfa31d22bf8965127c2339f
    Size/MD5 checksum: 15683930 4561323bdc5a9ad5c7c2a0ce0b6d5b76
    Size/MD5 checksum:  3416968 6e47ae5cf9ac7bd360f619fcc3a75038
    Size/MD5 checksum:    56422 e924dcd73b5c94cabf01955f7f9a69ce
    Size/MD5 checksum:  9081586 6949edfa7335d4dc6b8758d40e4eafbd
    Size/MD5 checksum:  8315142 bedc220176f07a4d49a012acf38884aa
    Size/MD5 checksum:   189364 765a041b2c8374633fac10555019d991
    Size/MD5 checksum: 15657240 01b773f5cebd3bcb5e82a3538afd9a43

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:  9865338 31f59099408adfc72436644f2f8d241f
    Size/MD5 checksum:  3352366 25617a98b59a5bfa023619f4299105af
    Size/MD5 checksum:   185002 6e688580a5b5f19076b769ed6f3a04f8
    Size/MD5 checksum:   184774 0e0657d343cc00aba89ef941f260cb8d
    Size/MD5 checksum:   158046 200fe3fc8019dc123292003cdd13ffea
    Size/MD5 checksum:  6035456 df357ca827f11be089babe11ea898b64
    Size/MD5 checksum:   180620 20de98111af4bad6a471d96e0089e038
    Size/MD5 checksum:    56322 8c8613342248a855676af7a9051719ea
    Size/MD5 checksum:  5949466 ec4818d43fa0c812535d528642cd97f6
    Size/MD5 checksum:   158062 1fc66a76a56aea3b0acdad506c35afa4
    Size/MD5 checksum: 15031350 7c814fc2adb6872726c73ac8798ea855
    Size/MD5 checksum:  5929984 00c1d88fb99faa66fe1a4f96bf2ce23b
    Size/MD5 checksum:   152628 fb85eaff880b8de07536a59b1717b7ff
    Size/MD5 checksum: 15060882 f3930b91f4a1cf543478cf1642fd99fd
    Size/MD5 checksum:    56380 67c590353ceebbd73e78eb7274b419a8

powerpc architecture (PowerPC)
    Size/MD5 checksum:   254232 df3428d02b7caf4d8859ffa421d9fb47
    Size/MD5 checksum:  3394788 bf95b7b549b0e5dff3c131f392f6df10
    Size/MD5 checksum:  3370368 67c60e48f8171e261b681c88a5eb49c1
    Size/MD5 checksum: 18302236 b00e64cee1bd14e44416587727b3e4d8
    Size/MD5 checksum:   231830 db040067803ff3bb9a4677411a4cc25f
    Size/MD5 checksum: 18357864 dde6c4a10d645a9a0a531fdc1cd17669
    Size/MD5 checksum:   255932 4fbc330e627c9912e97d59f96eafb4e8
    Size/MD5 checksum:    56372 9886fc5b03211e6c45c0f096a3a61f53
    Size/MD5 checksum: 16632328 c1c43bb84800ed32d9eb38638dd23d5a
    Size/MD5 checksum: 15163882 fe0bc4a175982e11cce21bb1cb8ab8e7
    Size/MD5 checksum: 17018420 77506217a84db6b8a788059b579a9c84
    Size/MD5 checksum:   255024 30e5ea717182f1c0b6cac5bd441dccbb
    Size/MD5 checksum:   255918 505c4c33c287dfdebeaa98698e97c9f3
    Size/MD5 checksum:   247514 f5b68002876185469625bf32d1e002be
    Size/MD5 checksum: 16408190 97416532c92c57c0e33f97e19853020e
    Size/MD5 checksum:    56326 b058a9108e32625a78db5e411b750b6d
    Size/MD5 checksum:   255198 85fcc0cdb31720c9c0bdf6043c47c138
    Size/MD5 checksum:  3417130 4aa20378bea17d7cd44d77155ff36674
    Size/MD5 checksum: 16974946 b132327c709f7a2a0b69c1aa3dda9ca7

s390 architecture (IBM S/390)
    Size/MD5 checksum:  2968510 3d7773ed1afb8221e10da8e4b4eabdba
    Size/MD5 checksum:  1442824 840860b7a601870db6921de4c42e238b
    Size/MD5 checksum:   145978 e495aa518a5281a63e1131887335a0f0
    Size/MD5 checksum:  5406378 3b9556c4af25a6f611d087500ddaa6c2
    Size/MD5 checksum:   146542 d94c8a951655f053eb92ee574b964f65
    Size/MD5 checksum:  5624558 c9f8f23a2bbbc88c1d15be853cb1f3bb
    Size/MD5 checksum:    56342 55d68538e40adb1b9e35493b2b74915e
    Size/MD5 checksum:    56318 832d1344921a7aba3dd12519427c5a6d
    Size/MD5 checksum:  5666984 b130f7034aec80a7bd91a4aad1bad5ab
    Size/MD5 checksum:  2945466 a4efd6af72524aa0c66f5826b2ba64e0
    Size/MD5 checksum:   147214 ad3a2622e0e6a8f2320a9a588ed69703

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum: 10742802 231ff49c22bbdbae0140dc9321cb38d2
    Size/MD5 checksum:   201818 a8207a5a4c9fe0477e199f0e3122a9ba
    Size/MD5 checksum:   203204 433d0d869346e23e8d8ac404dabc6f05
    Size/MD5 checksum:    56402 d153a7923ae65aa917033593d37431e3
    Size/MD5 checksum:  6462310 5ecc441c0a37c7f36e08d6ae7555f797
    Size/MD5 checksum: 10432952 a4b5abd32db9c00b8c675673da094c7a
    Size/MD5 checksum:    56370 8d7ecca445ea50ab719944b89f5bfeb9
    Size/MD5 checksum:   202588 bbffae6906ea1411033d990001e7bd45
    Size/MD5 checksum:  3247520 bb5b20226d4c291646997f750b8e1735
    Size/MD5 checksum:   170142 43370064b577b685f34d0b9613ce140b
    Size/MD5 checksum: 10701158 a0233a7673dc3b128b49f97d3afd679b
    Size/MD5 checksum:  3223030 0a1a542113a8a800d0afcd562f5679aa

  These changes will probably be included in the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"43","type":"x","order":"1","pct":84.31,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":7.84,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":7.84,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.