- ----------------------------------------------------------------------Debian Security Advisory DSA-1681-1                security@debian.org
http://www.debian.org/security/       Dann Frazier, Alexander Prinsier
December 04, 2008                   http://www.debian.org/security/faq
- ----------------------------------------------------------------------Package        : linux-2.6.24
Vulnerability  : denial of service/privilege escalation
Problem type   : local/remote
Debian-specific: no
CVE Id(s)      : CVE-2008-3528 CVE-2008-4554 CVE-2008-4576 CVE-2008-4618
                 CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029
                 CVE-2008-5134 CVE-2008-5182 CVE-2008-5300

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following


    Eugene Teo reported a local DoS issue in the ext2 and ext3
    filesystems.  Local users who have been granted the privileges
    necessary to mount a filesystem would be able to craft a corrupted
    filesystem that causes the kernel to output error messages in an
    infinite loop.


    Milos Szeredi reported that the usage of splice() on files opened
    with O_APPEND allows users to write to the file at arbitrary
    offsets, enabling a bypass of possible assumed semantics of the
    O_APPEND flag.


    Vlad Yasevich reported an issue in the SCTP subsystem that may
    allow remote users to cause a local DoS by triggering a kernel


    Wei Yongjun reported an issue in the SCTP subsystem that may allow
    remote users to cause a local DoS by triggering a kernel panic.


    Eric Sesterhenn reported a local DoS issue in the hfsplus
    filesystem.  Local users who have been granted the privileges
    necessary to mount a filesystem would be able to craft a corrupted
    filesystem that causes the kernel to overrun a buffer, resulting
    in a system oops or memory corruption.


    Eric Sesterhenn reported a local DoS issue in the hfsplus
    filesystem.  Local users who have been granted the privileges
    necessary to mount a filesystem would be able to craft a corrupted
    filesystem that results in a kernel oops due to an unchecked
    return value.


    Eric Sesterhenn reported a local DoS issue in the hfs filesystem.
    Local users who have been granted the privileges necessary to
    mount a filesystem would be able to craft a filesystem with a
    corrupted catalog name length, resulting in a system oops or
    memory corruption.


    Andrea Bittau reported a DoS issue in the unix socket subsystem
    that allows a local user to cause memory corruption, resulting in
    a kernel panic.


    Johannes Berg reported a remote DoS issue in the libertas wireless
    driver, which can be triggered by a specially crafted beacon/probe


    Al Viro reported race conditions in the inotify subsystem that may
    allow local users to acquire elevated privileges.


    Dann Frazier reported a DoS condition that allows local users to
    cause the out of memory handler to kill off privileged processes
    or trigger soft lockups due to a starvation issue in the unix
    socket subsystem.

For the stable distribution (etch), these problems have been fixed in
version 2.6.24-6~etchnhalf.7.

We recommend that you upgrade your linux-2.6.24 packages.

Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:  3951605 2c2f19150d409bc91052c159bfc2618a
      Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af
      Size/MD5 checksum:     5107 5491cd0340d5f730a95e70844e786646

Architecture independent packages:

      Size/MD5 checksum:  4259978 f92e913356662607598cb222d5dff90b
      Size/MD5 checksum:  1547930 4b6ec3287a2a7c58f9eb7e36f6097073
      Size/MD5 checksum: 46861910 b7deaf2329a6dabc8ad69ba7456be5b8
      Size/MD5 checksum:   781324 42c163f092a7710ae7ca1a280dbb2cc3
      Size/MD5 checksum:    95886 237336e36d5c66c8874fc3e90b01c906
      Size/MD5 checksum:    81484 fb919006ef3884f412a18fdc000cd934

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   329436 9ef6006bd48b4f4433cf30c6af8470eb
      Size/MD5 checksum:   330186 8e9773baa7df02ab60650197e0f54baa
      Size/MD5 checksum:  3452298 0da67a36979ebd940641dd7f5545436f
      Size/MD5 checksum:    81084 2928989d1ed4df77323154079b4efd36
      Size/MD5 checksum: 26752936 0e09ac92c7f2f0e535b3dfc79bd2ddc7
      Size/MD5 checksum:    81108 9f7cbe9a3fe45dd71beb81a515ee392c
      Size/MD5 checksum:   330070 2d42720e8d72230600e49935be80a365
      Size/MD5 checksum: 27342254 bcacd46171a9d7754c5c2b149736bc65
      Size/MD5 checksum: 26731430 650899a54478d9e03dc91daa00af6a0c

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:   347556 5544acada018e12d4ef8398fe7efc1d5
      Size/MD5 checksum:  3647784 42164154b6617c0ba436d3aed2b5c20e
      Size/MD5 checksum:    81086 d68e490812f1556d4aa4d271d9d9e44a
      Size/MD5 checksum: 19592822 cb92f8f4f3caea3d8d2987671385c433
      Size/MD5 checksum:    81090 de26c787b5a761f242f438353e78c899

arm architecture (ARM)

      Size/MD5 checksum:   308040 38431699345228ae923ebd31e0aba4e1
      Size/MD5 checksum:    81216 bbc58508fa9ff44db621929eb80e751c
      Size/MD5 checksum:   296358 d0fb06455bd0dd52c97c89e12d43070b
      Size/MD5 checksum: 10737668 6b189b959a60fc8b9b65c635eb65a5ec
      Size/MD5 checksum:    81188 c79b3b88424c70ee5722bad32e75f3f6
      Size/MD5 checksum:   305284 1c89071587b8ada061a39c944b08205a
      Size/MD5 checksum:  9355002 c5173436480e688734ce3546bd04abce
      Size/MD5 checksum: 10730318 9b9d4b4cf212a1bb30ce6466550fc131
      Size/MD5 checksum:  3935222 529d338129b03913b330882ebbae58f4

hppa architecture (HP PA RISC)

      Size/MD5 checksum: 13329680 7b8749c32e2ac311dec45573a457a641
      Size/MD5 checksum: 14385376 68ce52f35c021bc8335af3eb1212d944
      Size/MD5 checksum: 14847414 ed07ff671736068faf1a13838f7cd0fa
      Size/MD5 checksum:   259872 0abf24914e2467e1716bd1ea7cc25815
      Size/MD5 checksum: 13845366 203f57a6337df0a6f9741c64952e1346
      Size/MD5 checksum:   257054 214036937097f47370694901e58246f1
      Size/MD5 checksum:   257974 8ffd5029ee339ed8612fbf75d56bea33
      Size/MD5 checksum:  3437038 fbbb21a76ace4ed154043e0550d1f4f9
      Size/MD5 checksum:   257230 e317c0ff6179c2c4713aa63d45175103
      Size/MD5 checksum:    81112 4610e1a67440cee6f15dc1aaf6d02548
      Size/MD5 checksum:    81088 f7be3c9cd45f9e8937cd70094b541595

i386 architecture (Intel ia32)

      Size/MD5 checksum:  3652904 46ea0627e98d94c761df84d74355e67a
      Size/MD5 checksum:   343836 47b0b3f7b95a15e42c1c589bf5e35674
      Size/MD5 checksum: 19146844 8a9a904349be3aa44fc14357cd110c79
      Size/MD5 checksum:   355680 e663861309734521e8c5fdf8e1bbabcf
      Size/MD5 checksum:   356332 6ce56310f3193f0f605dfe1d8abed44b
      Size/MD5 checksum:   357066 cbbed580c43cb900703e9fd98c4588b6
      Size/MD5 checksum: 19483198 626da227a202bcbac1dbe7036d70a347
      Size/MD5 checksum:    81106 20d519ae3ecab8de77b4f541759776f3
      Size/MD5 checksum: 19210828 d7e774861bf6140e6f8edb1b04c9e485
      Size/MD5 checksum: 19211142 9344b77b546a287d5b2a285f8b02fbdb
      Size/MD5 checksum:    81076 8d4017d9fc6b61afaaf97a4ec7d5568d

ia64 architecture (Intel ia64)

      Size/MD5 checksum:  3565520 2f8927e7a454ded1886fa1255ac99cd8
      Size/MD5 checksum:    81086 7003072933d4fd3fe813560d0d826227
      Size/MD5 checksum: 32201010 c86d786acb3b64eb9c4e5e2317dda9a5
      Size/MD5 checksum: 32024038 082f739cda08dd04281e123c20781446
      Size/MD5 checksum:   317022 26f85bedb20c4004772ce59a93fea5b6
      Size/MD5 checksum:   317394 640e3c5f4423347144678efae26a9b1a
      Size/MD5 checksum:    81098 9e49f1b1f92fb835487d4ac351427deb

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum: 17185744 a43a8ec9dc1c76a05c53dac50b2110a6
      Size/MD5 checksum:   246732 17dbd46228199c4bfa69a2705ac1ecca
      Size/MD5 checksum:   227180 6a2baf832d10052ea4f1ab9cf6c18840
      Size/MD5 checksum:   246586 ae46e1c1d417c5455f5dc2dc06a94773
      Size/MD5 checksum:   309828 dd7f21c1fd27d8039aded66ffd12705f
      Size/MD5 checksum:   311170 a397b0b972cdbd14c2f0ad6a6cc54971
      Size/MD5 checksum:    81186 aa82d974436c3d47894f57cabbf81d82
      Size/MD5 checksum: 10543374 56bc9e7c6140c2814a78f0f184b85ef4
      Size/MD5 checksum:  3801310 1660f19b375bb13373c1c2a93cf98b75
      Size/MD5 checksum:    81238 8d0736ca7c7a60d2a7d225ffb497d2c5
      Size/MD5 checksum: 22244152 bcedd742286317f4d82e11bedada7cc4
      Size/MD5 checksum: 27847212 0affb18e6b357536b047e72cf7d90b4e
      Size/MD5 checksum: 11990248 6a871820ccd2fec8d6a0922805e239fe
      Size/MD5 checksum:   216186 391292b5aea99f702f43776492edd020
      Size/MD5 checksum: 17202910 1d592724023f76bd0372b4905a2d3ef4

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum: 13315566 0cd74f9e05cc2d31815f373a665c1116
      Size/MD5 checksum: 16624260 7db100dbc69b306dc8df9b1285753525
      Size/MD5 checksum:   308712 dd571f0d9233b3ffc9c30662c64ed838
      Size/MD5 checksum: 21729810 e5ed0fe010f32fec4cd175a9f4410c94
      Size/MD5 checksum: 16562708 29b439da109b751e351c786ec63caaaa
      Size/MD5 checksum:    81134 ea5da915109e06f6d7044e23e7eac408
      Size/MD5 checksum:  3801574 1df57842e612920edd315afa254ff886
      Size/MD5 checksum:   307700 fbb26ab763f0e697448aefcd52ecaec4
      Size/MD5 checksum:    81084 f89c0491fd4871cb5deead793f4d5af0
      Size/MD5 checksum:   245164 0e7680aeaee55f5efd3b5d3c345352f8
      Size/MD5 checksum:   245472 77fc2c29508f4cf68a3d2c55e0f50819
      Size/MD5 checksum: 26968578 b17641f28b89fdc9ec49b14de01f41dc
      Size/MD5 checksum:   244908 7d56c5200a18eb5f62226ca6f25e7ed5

powerpc architecture (PowerPC)

      Size/MD5 checksum:    81120 8e3de4067e283f548d1b1885459d2674
      Size/MD5 checksum:  3670606 b4dfc497b04645123cf938974d0cc4de
      Size/MD5 checksum:   293370 f779befecf93629614c042b645d9e144
      Size/MD5 checksum:   319114 1f92bd8563b8d7b9a061c35930d19ab6
      Size/MD5 checksum: 21149236 b705053a3965b14431b268e12aa52ad3
      Size/MD5 checksum:   320034 cbd7a9dc0ef37281fae9a491268940ba
      Size/MD5 checksum: 19193042 3c8ecaef8f99447708d98209f6e64846
      Size/MD5 checksum: 17458076 d5adf60ff2a97abdb28eecb90215226d
      Size/MD5 checksum:   320636 2c6d4c306e4dca8a94c2ced7f9e19b8b
      Size/MD5 checksum: 19482590 749b6fc27b2a1228fe727615055e16f7
      Size/MD5 checksum:    81090 bbb53435753b18bfbf5e79f3a6b2cdcf

s390 architecture (IBM S/390)

      Size/MD5 checksum:    81080 b2e7e3ee09134a4119106f6b2dbd1b9a
      Size/MD5 checksum:   193016 a738d97e9b92b948b604233b727b57b5
      Size/MD5 checksum:  3427926 a8052afe77d6a40855abfd5632f90ffe
      Size/MD5 checksum:   192808 6873cb323b4a4c482ee70e9681f690db
      Size/MD5 checksum:  1499452 b52895ec51a4442e11f9b9131aabca24
      Size/MD5 checksum:  7196080 9492b52dc99eb89c5e512ed98a02edd0
      Size/MD5 checksum:    81096 abc2970b4b3b4c61096e64630a382e1a
      Size/MD5 checksum:  6945738 55db5c2717615f2b6a906b7a48ba6125

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:    81080 b881c0458f040d249cfadefd6f650ad9
      Size/MD5 checksum:  3649792 e490362b2bc7f2061de496b036bacf6e
      Size/MD5 checksum:    81106 bed849cd37f07f1827b83968205006b9
      Size/MD5 checksum:   259620 376c346454b210fd5a41df9333469054
      Size/MD5 checksum:   257548 e19691a226d0a32cc1c50fd8a8460483
      Size/MD5 checksum: 12978174 2639d1d96059ade27eee89b3be7d5373
      Size/MD5 checksum: 13266842 1809a7df4eeedca63c0100113273119f

  These changes will probably be included in the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New Linux 2.6.24 packages fix several vulnerabilities

December 4, 2008
Eugene Teo reported a local DoS issue in the ext2 and ext3 filesystems