Linux Security
    Linux Security
    Linux Security

    Debian: Linux 2.6.8 fix several vulnerabilities DSA-922-1

    Date 14 Dec 2005
    Posted By Joe Shakespeare
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 922-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    December 14th, 2005           
    - --------------------------------------------------------------------------
    Package        : kernel-source-2.4.27
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CVE-2004-2302 CVE-2005-0756 CVE-2005-0757 CVE-2005-1265
                     CVE-2005-1761 CVE-2005-1762 CVE-2005-1763 CVE-2005-1765
    		 CVE-2005-1767 CVE-2005-2456 CVE-2005-2458 CVE-2005-2459
    		 CVE-2005-2548 CVE-2005-2801 CVE-2005-2872 CVE-2005-3105
    		 CVE-2005-3106 CVE-2005-3107 CVE-2005-3108 CVE-2005-3109
    		 CVE-2005-3110 CVE-2005-3271 CVE-2005-3272 CVE-2005-3273
    		 CVE-2005-3274 CVE-2005-3275 CVE-2005-3276
    BugTraq IDs    : 14477 15527 15528 15533
    Debian Bugs    : 309308 311164 321401 322237 322339
    Several local and remote vulnerabilities have been discovered in the
    Linux kernel that may lead to a denial of service or the execution of
    arbitrary code.  The Common Vulnerabilieis and Exposures project
    identifies the following problems:
        A race condition in the sysfs filesystem allows local users to
        read kernel memory and cause a denial of service (crash).
        Alexander Nyberg discovered that the ptrace() system call does not
        properly verify addresses on the amd64 architecture which can be
        exploited by a local attacker to crash the kernel.
        A problem in the offset handling in the xattr file system code for
        ext3 has been discovered that may allow users on 64-bit systems
        that have access to an ext3 filesystem with extended attributes to
        cause the kernel to crash.
        Chris Wright discovered that the mmap() function could create
        illegal memory maps that could be exploited by a local user to
        crash the kernel or potentially execute arbitrary code.
        A vulnerability on the IA-64 architecture can lead local attackers
        to overwrite kernel memory and crash the kernel.
        A vulnerability has been discovered in the ptrace() system call on
        the amd64 architecture that allowas a local attacker to cause the
        kernel to crash.
        A buffer overflow in the ptrace system call for 64-bit
        architectures allows local users to write bytes into arbitrary
        kernel memory.
        Zou Nan Hai has discovered that a local user could cause the
        kernel to hang on the amd64 architecture after invoking syscall()
        with specially crafted arguments.
        A vulnerability has been discovered in the stack segment fault
        handler that could allow a local attacker to cause stack exception
        that will leed the kernel to crash under certain circumstances.
        Balazs Scheidler discovered that a local attacker could call
        setsockopt() with an invalid xfrm_user policy message which would
        cause the kernel to write beyond the boundaries of an array and
        Vladimir Volovich discovered a bug in the zlib routines which are
        also present in the Linux kernel and allows remote attackers to
        krash the kernel
        Another vulnerability has been discovered in the zlib routines
        which are also present in the Linux kernel and allows remote
        attackers to crash the kernel
        Peter Sandstrom noticed that snmpwalk from a remote host could
        cause a denial of service (kernel oops from null dereference) via
        certain UDP packets that lead to a function call with the wrong
        Andreas Gruenbacher discovered a bug in the ext2 and ext3 file
        systems.  When data areas are to be shared among two inodes not
        all information were compared for equality, which could expose
        wrong ACLs for files.
        Chad Walstrom discovered that the ipt_recent kernel module on
        64-bit processors such as AMD64 ows remote attackers to cause a
        denial of service (kernel panic) via certain attacks such as SSH
        brute force.
        The mprotect code on Itanium IA-64 Montecito processors does not
        properly maintain cache coherency as required by the architecture,
        which allows local users to cause a denial of service and possibly
        corrupt data by modifying PTE protections.
        A race condition in the thread management may allow local users to
        cause a denial of service (deadlock) when threads are sharing
        memory and waiting for a thread that has just performed an exec.
        When one thread is tracing another thread that shares the same
        memory map a local user could cause a denial of service (deadlock)
        by forcing a core dump when the traced thread is in the
        TASK_TRACED state.
        A bug in the ioremap() system call has been discovered on the
        amd65 architecture that could allow local users to cause a
        denial of service or an information leak when performing a lookup
        of a non-existant memory page.
        The HFS and HFS+ (hfsplus) modules allow local attackers to cause
        a denial of service (oops) by using hfsplus to mount a filesystem
        that is not hfsplus.
        A race ondition in the ebtables netfilter module on an SMB system
        running under high load may allow remote attackers to cause a
        denial of service (crash).
        Roland McGrath discovered exec() does not properly clear
        posix-timers in multi-threaded environments, which results in a
        resource leak and could allow a large number of multiple local
        users to cause a denial of service by using more posix-timers than
        specified by the quota for a single user.
        The kernel allows remote attackers to poison the bridge forwarding
        table using frames that have already been dropped by filtering,
        which can cause the bridge to forward spoofed packets.
        The ioctl for the packet radio ROSE protocol does not properly
        verify the arguments when setting a new router, which allows
        attackers to trigger out-of-bounds errors.
        A race condition in on SMP systems allows local users to cause a
        denial of service (null dereference) by causing a connection timer
        to expire while the connection table is being flushed before the
        appropriate lock is acquired.
        An error in the NAT code allows remote attackers to cause a denial
        of service (memory corruption) by causing two packets for the same
        protocol to be NATed at the same time, which leads to memory
        A missing memory cleanup in the thread handling routines before
        copying data into userspace allows a user process to obtain
        sensitive information.
    This update also contains a number of corrections for issues that
    turned out to have no security implication afterwards.
    The following matrix explains which kernel version for which architecture
    fix the problems mentioned above:
                                        Debian 3.1 (sarge)
    Source                              2.6.8-16sarge1
    Alpha architecture                  2.6.8-16sarge1
    AMD64 architecture                  2.6.8-16sarge1
    HP Precision architecture           2.6.8-6sarge1
    Intel IA-32 architecture            2.6.8-16sarge1
    Intel IA-64 architecture            2.6.8-14sarge1
    Motorola 680x0 architecture         2.6.8-4sarge1
    PowerPC architecture                2.6.8-12sarge1
    IBM S/390 architecture              2.6.8-5sarge1
    Sun Sparc architecture              2.6.8-15sarge1
    We recommend that you upgrade your kernel package immediately and
    reboot the machine.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:     1001 84ee501faac6cc5966fea3326bc5f6f0
          Size/MD5 checksum:   961237 cd72f4d2eb2309a2d77d2ec7a3471c7c
          Size/MD5 checksum: 43929719 0393c05ffa4770c3c5178b74dc7a4282
          Size/MD5 checksum:      812 9b010ed11a18ae7a63ca1c0d9ce6b520
          Size/MD5 checksum:    37158 c1e462dc0aceed47aeba4788de1ef813
          Size/MD5 checksum:     1097 19abba41030b997320056d4006afaec3
          Size/MD5 checksum:    73962 73afecb44cda1a833afae9ade8592ae6
          Size/MD5 checksum:     1008 f8913a5c70c8e6db41ba33582aa1eedd
          Size/MD5 checksum:    65779 f6d20923c5a468b8c396f396d3f54468
          Size/MD5 checksum:     1047 8f17db00dbe1e0cfe9959e0ede3abad7
          Size/MD5 checksum:    88795 b5551e3a6f67218c2a37514b8662e4b7
          Size/MD5 checksum:     1191 1450b82c0ebd64a2f89e5b39b6fba66f
          Size/MD5 checksum:    62501 04ce7a79112bf21d7732b362bf2f2a8c
          Size/MD5 checksum:      874 cc02a1965a5236b0b56418924aeca2b2
          Size/MD5 checksum:    14227 fc0f38314b443bc4375a230622c69bed
          Size/MD5 checksum:     1026 628e05a33d5383d644c40c44b5a262a8
          Size/MD5 checksum:    24891 c099d3dc524bff486e3ac3aaed728baf
          Size/MD5 checksum:      833 0ca25fa6cf5060acbd7f86ee78b10fcb
          Size/MD5 checksum:    11363 cc5f02d8a1cc1c93edfd229bdcc9cb53
          Size/MD5 checksum:     1036 28ddac5872f5c07438473aa97b0babb0
          Size/MD5 checksum:    22734 5a9d2e75078588a6f94918aebc25e89b
      Architecture independent components:
          Size/MD5 checksum:  6179472 b7388d2256a4396d2da938a687b3ab9b
          Size/MD5 checksum:  1007230 309f32838373e76c9b61be0e6c191252
          Size/MD5 checksum: 34934446 65dca34768d7aa10074845d9b2f20431
          Size/MD5 checksum:    32120 5b04fd03ede3ae235a03624dc53e2026
          Size/MD5 checksum:     9182 04e70fd86504e721ad91a2b3352231d2
      Alpha architecture:
          Size/MD5 checksum:  2757876 e94cdb8d12552d293018c7ca24199f47
          Size/MD5 checksum:   230608 fdf2cc6f010f2b618672422c3293f3b9
          Size/MD5 checksum:   225502 2a21bf8197792a789420b1838526186f
          Size/MD5 checksum: 20226800 f627945f7f8216fbe6961a9559766f29
          Size/MD5 checksum: 20068720 7aa6c0137c94e2e7ee45e5ae702cfe27
      AMD64 architecture:
          Size/MD5 checksum:  2719948 51945c8ba3e5d86f81df067f73225201
          Size/MD5 checksum:   224276 33205d1399f5df2dce3583f737fb528a
          Size/MD5 checksum:   223300 bb55484a26b5a9a3fc01b68af37af569
          Size/MD5 checksum:   219178 010a7d13b9c5546006b736caddcfb1b9
          Size/MD5 checksum:   221054 c3674ad6b1c88ae5aa1c36c732fe1fe0
          Size/MD5 checksum:   217440 22ab9501c6422fd3b160e27bf7a59d2d
          Size/MD5 checksum: 12558694 a27949d59b7d84a4638ddb91a273ef47
          Size/MD5 checksum: 13250392 9c8f5ebcb94dd1509f46c4056d0555be
          Size/MD5 checksum: 13210004 b701fd7c35dccc26dfaba57183de5c2d
          Size/MD5 checksum: 13058704 1ac0827d7d189589c92f6e9cf07def85
          Size/MD5 checksum: 13042396 f41bf487053ea369d2ba635d7c2bb03c
      HP Precision architecture:
          Size/MD5 checksum:  2798740 3bd227d7f6ce63d13f4eb4cef3cc7efa
          Size/MD5 checksum:   209500 8b284495343adf74bca8219421f4b48d
          Size/MD5 checksum:   208722 941a680674931ec594e3512c5736c9bf
          Size/MD5 checksum:   208356 7ab2df2b04391d75500083585a96701b
          Size/MD5 checksum:   207502 0a840281a00f4762978af411d7a3e7fb
          Size/MD5 checksum: 16020358 6423b4288f949286ce1c70a743d03373
          Size/MD5 checksum: 16926452 be46b30fdb54c08c6cef2fcf7c9a2450
          Size/MD5 checksum: 17472682 d8ecab478805553c2f978dd405dca57d
          Size/MD5 checksum: 18305956 42ae9163eaba822e863ea8dd2cdedcaa
      Intel IA-32 architecture:
          Size/MD5 checksum:  2719920 0984a4d0f8de19308e49bc822b2d7c71
          Size/MD5 checksum:   224274 4faa8c6ee4aceae2ea01a2398c433599
          Size/MD5 checksum:   223264 298ec2bb85e50e58b4e0ba131648e1b2
          Size/MD5 checksum:   219174 d7422d17926f1e654627e08a71a8da94
          Size/MD5 checksum:   220996 0433d7f8f2ce52acde87fd1518b1987c
          Size/MD5 checksum:   217432 f34fb2bc6f9986cc94b002385392ff98
          Size/MD5 checksum: 12558490 4696f82bada71e27c3e1918b6a453f69
          Size/MD5 checksum: 13250408 200fcd489897d816ef3e7bfe5266541a
          Size/MD5 checksum: 13210500 df01307ce5ceed0e7b34e40aef5ff56f
          Size/MD5 checksum: 13208672 2aefa612e0e46772f15ab816dfd0ec75
          Size/MD5 checksum: 13188388 2e889282559ab1b62fbd3908ebae585d
          Size/MD5 checksum:  2777236 af649947c652a9486461b92bbc33be8a
          Size/MD5 checksum:   256920 88db1b684f215fdd35de0989f148b57f
          Size/MD5 checksum:   254646 553205bb17cfc57f4c4a7aadff46650a
          Size/MD5 checksum:   251590 51ebd6202b7f347f66df0e189b2a3946
          Size/MD5 checksum:   254818 746967059979238eb49cfdcba572c07b
          Size/MD5 checksum:   251708 33a61355c7a48d87b7570b772e454760
          Size/MD5 checksum: 14058198 fd607b13caf99093ef31071ff7395d6d
          Size/MD5 checksum: 15531820 5871afdf04de65bda6f5eb3266b0621d
          Size/MD5 checksum: 15339250 f3ab94a1304a28732cea6be8dd871ac7
          Size/MD5 checksum: 15258514 cc888a3d69727d61b86a7f0945a51eff
          Size/MD5 checksum: 15118194 fb0e7f6b830b7a012f06bf7c25ff15cc
          Size/MD5 checksum:     4972 9373407fba3ac5dd750058711dbaba35
          Size/MD5 checksum:     5040 0e0546f2897a3a4e70efe7a564fb6aff
          Size/MD5 checksum:     5002 ec64c94170f496062172d743aee4442a
          Size/MD5 checksum:     5068 bf99db45889934b45ce4834b9c770b16
          Size/MD5 checksum:  3097054 691f7cd4d1b2f184e50ab566f20a13e4
          Size/MD5 checksum:   198662 72e0e4b4331b8a600de3a98d6ac59a82
          Size/MD5 checksum:   197920 6e19efeac81a2a9416328af58316c4cb
          Size/MD5 checksum:   198394 6d946fcc7b1fcf88c9ee9a47f7015384
          Size/MD5 checksum:   197828 8be7e8290bd8e7cf1b9c162c9e369b36
          Size/MD5 checksum:     4972 db66d54714fc6042db69d30918c51b02
          Size/MD5 checksum:     5040 7712bc3701d2548903dd5b9337ab3b91
          Size/MD5 checksum:     4994 6621e8ce1be6e3f4a8b41991d834b144
          Size/MD5 checksum:     5064 d0f9af9891bd728a119763fddc6d3394
          Size/MD5 checksum: 22041474 4419d9b68b593646ed49ff194fcbcc9e
          Size/MD5 checksum: 22666884 7aab34e05eed41eee4b56ca45e1c4c2c
          Size/MD5 checksum: 21959066 27fe9dc58a04851cfbbac5b4a53f21ae
          Size/MD5 checksum: 22689900 4011393c3e3a94354d81c909a1aaef91
      Motorola 680x0 architecture:
          Size/MD5 checksum:  3304098 c9e4aeaa7b178b3396e8784dab38cc00
          Size/MD5 checksum:  3097378 d1f63a282acbc6b3f6891617b9350fae
          Size/MD5 checksum:  3010318 9b541a162fc8d966abf43c2a9fdce4d8
          Size/MD5 checksum:  2983934 73a518deadceae9ea5ee730fbaae8c61
          Size/MD5 checksum:  3171548 0c9ffc6fe6914da804987a43cd74e9f7
          Size/MD5 checksum:  2975620 b1bc12e308b7abf81ae7878680f17617
          Size/MD5 checksum:  3044876 d578ffdb0e11b61cb6446d599b160560
          Size/MD5 checksum:  3102300 9936cab2275643f32728c4f6d4dc77ad
          Size/MD5 checksum:  2988830 fa46326fc2398c39d044bda9120dbea0
      PowerPC architecture:
          Size/MD5 checksum:   405670 bd347754ea8c4cee14686b207e6cf46d
          Size/MD5 checksum:   405666 1dec752373178a4aef51f74c6d917073
          Size/MD5 checksum:   405598 c39f371744ca92eec853ad8746f0f009
          Size/MD5 checksum:   405568 b346b94897fca3c678daadc99b515428
          Size/MD5 checksum:   405912 14475ec4cdc9b337ad2dc0ab3a772bdb
          Size/MD5 checksum:   405698 4c3c94aa9afb4e6d73986bbfa26484bb
          Size/MD5 checksum:  5143830 3a6cd285eba77baae74a2a16f8029be2
          Size/MD5 checksum: 13494684 2ab633af498a4486190d3754c530e7f4
          Size/MD5 checksum: 13855580 1245c9d474405a277864484b0237252f
          Size/MD5 checksum: 13486150 80b9f2ed16acb2c9fdb7c9cb133a4c03
          Size/MD5 checksum: 13842602 e4013da64e44e6e0401aa87b1e68c1ce
          Size/MD5 checksum: 13514634 a3fbbf23d7b805431a5f9f28aadd25ab
          Size/MD5 checksum: 13769858 20783767bb65e7ea6ca76662438bf7ca
      IBM S/390 architecture:
          Size/MD5 checksum:  5083010 42c4dd8c6c67ce7940f0d24bb745385c
          Size/MD5 checksum:  2973758 c8d12dd2fbddca3ab1b7bd905de4a90c
          Size/MD5 checksum:  1140118 328edfc2944127e2f1d6dca1842ce51d
          Size/MD5 checksum:  3179326 487c36323990a6ae1119f4c30f16cdd9
      Sun Sparc architecture:
          Size/MD5 checksum:     3462 c68f0624f124db25f3a41f78432ca11c
          Size/MD5 checksum:  2888690 29723527245a48a00e724c7366868ec9
          Size/MD5 checksum:   107974 788d40ca3a1a3f53b8b2cf4c1fc4badc
          Size/MD5 checksum:   142726 8719b1bf0d3aff36f7711d8979f87a7d
          Size/MD5 checksum:   143332 87bc055c575e3ec3ea44136ed44dff6a
          Size/MD5 checksum:  4545570 00d7c7e1caef41efcbc198a282f2b9f2
          Size/MD5 checksum:  7428184 1f146c58f98331bf5826520379bacd33
          Size/MD5 checksum:  7622116 4de4c114879d82d79fc34cb93c070d43
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.