Linux Security
Linux Security
Linux Security

Debian: Linux 2.6.8 fix several vulnerabilities DSA-922-1

Date 14 Dec 2005
Posted By Joe Shakespeare
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 922-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
December 14th, 2005           
- --------------------------------------------------------------------------

Package        : kernel-source-2.4.27
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2004-2302 CVE-2005-0756 CVE-2005-0757 CVE-2005-1265
                 CVE-2005-1761 CVE-2005-1762 CVE-2005-1763 CVE-2005-1765
		 CVE-2005-1767 CVE-2005-2456 CVE-2005-2458 CVE-2005-2459
		 CVE-2005-2548 CVE-2005-2801 CVE-2005-2872 CVE-2005-3105
		 CVE-2005-3106 CVE-2005-3107 CVE-2005-3108 CVE-2005-3109
		 CVE-2005-3110 CVE-2005-3271 CVE-2005-3272 CVE-2005-3273
		 CVE-2005-3274 CVE-2005-3275 CVE-2005-3276
BugTraq IDs    : 14477 15527 15528 15533
Debian Bugs    : 309308 311164 321401 322237 322339

Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code.  The Common Vulnerabilieis and Exposures project
identifies the following problems:


    A race condition in the sysfs filesystem allows local users to
    read kernel memory and cause a denial of service (crash).


    Alexander Nyberg discovered that the ptrace() system call does not
    properly verify addresses on the amd64 architecture which can be
    exploited by a local attacker to crash the kernel.


    A problem in the offset handling in the xattr file system code for
    ext3 has been discovered that may allow users on 64-bit systems
    that have access to an ext3 filesystem with extended attributes to
    cause the kernel to crash.


    Chris Wright discovered that the mmap() function could create
    illegal memory maps that could be exploited by a local user to
    crash the kernel or potentially execute arbitrary code.


    A vulnerability on the IA-64 architecture can lead local attackers
    to overwrite kernel memory and crash the kernel.


    A vulnerability has been discovered in the ptrace() system call on
    the amd64 architecture that allowas a local attacker to cause the
    kernel to crash.


    A buffer overflow in the ptrace system call for 64-bit
    architectures allows local users to write bytes into arbitrary
    kernel memory.


    Zou Nan Hai has discovered that a local user could cause the
    kernel to hang on the amd64 architecture after invoking syscall()
    with specially crafted arguments.


    A vulnerability has been discovered in the stack segment fault
    handler that could allow a local attacker to cause stack exception
    that will leed the kernel to crash under certain circumstances.


    Balazs Scheidler discovered that a local attacker could call
    setsockopt() with an invalid xfrm_user policy message which would
    cause the kernel to write beyond the boundaries of an array and


    Vladimir Volovich discovered a bug in the zlib routines which are
    also present in the Linux kernel and allows remote attackers to
    krash the kernel


    Another vulnerability has been discovered in the zlib routines
    which are also present in the Linux kernel and allows remote
    attackers to crash the kernel


    Peter Sandstrom noticed that snmpwalk from a remote host could
    cause a denial of service (kernel oops from null dereference) via
    certain UDP packets that lead to a function call with the wrong


    Andreas Gruenbacher discovered a bug in the ext2 and ext3 file
    systems.  When data areas are to be shared among two inodes not
    all information were compared for equality, which could expose
    wrong ACLs for files.


    Chad Walstrom discovered that the ipt_recent kernel module on
    64-bit processors such as AMD64 ows remote attackers to cause a
    denial of service (kernel panic) via certain attacks such as SSH
    brute force.


    The mprotect code on Itanium IA-64 Montecito processors does not
    properly maintain cache coherency as required by the architecture,
    which allows local users to cause a denial of service and possibly
    corrupt data by modifying PTE protections.


    A race condition in the thread management may allow local users to
    cause a denial of service (deadlock) when threads are sharing
    memory and waiting for a thread that has just performed an exec.


    When one thread is tracing another thread that shares the same
    memory map a local user could cause a denial of service (deadlock)
    by forcing a core dump when the traced thread is in the
    TASK_TRACED state.


    A bug in the ioremap() system call has been discovered on the
    amd65 architecture that could allow local users to cause a
    denial of service or an information leak when performing a lookup
    of a non-existant memory page.


    The HFS and HFS+ (hfsplus) modules allow local attackers to cause
    a denial of service (oops) by using hfsplus to mount a filesystem
    that is not hfsplus.


    A race ondition in the ebtables netfilter module on an SMB system
    running under high load may allow remote attackers to cause a
    denial of service (crash).


    Roland McGrath discovered exec() does not properly clear
    posix-timers in multi-threaded environments, which results in a
    resource leak and could allow a large number of multiple local
    users to cause a denial of service by using more posix-timers than
    specified by the quota for a single user.


    The kernel allows remote attackers to poison the bridge forwarding
    table using frames that have already been dropped by filtering,
    which can cause the bridge to forward spoofed packets.


    The ioctl for the packet radio ROSE protocol does not properly
    verify the arguments when setting a new router, which allows
    attackers to trigger out-of-bounds errors.


    A race condition in on SMP systems allows local users to cause a
    denial of service (null dereference) by causing a connection timer
    to expire while the connection table is being flushed before the
    appropriate lock is acquired.


    An error in the NAT code allows remote attackers to cause a denial
    of service (memory corruption) by causing two packets for the same
    protocol to be NATed at the same time, which leads to memory


    A missing memory cleanup in the thread handling routines before
    copying data into userspace allows a user process to obtain
    sensitive information.

This update also contains a number of corrections for issues that
turned out to have no security implication afterwards.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                    Debian 3.1 (sarge)
Source                              2.6.8-16sarge1
Alpha architecture                  2.6.8-16sarge1
AMD64 architecture                  2.6.8-16sarge1
HP Precision architecture           2.6.8-6sarge1
Intel IA-32 architecture            2.6.8-16sarge1
Intel IA-64 architecture            2.6.8-14sarge1
Motorola 680x0 architecture         2.6.8-4sarge1
PowerPC architecture                2.6.8-12sarge1
IBM S/390 architecture              2.6.8-5sarge1
Sun Sparc architecture              2.6.8-15sarge1

We recommend that you upgrade your kernel package immediately and
reboot the machine.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1001 84ee501faac6cc5966fea3326bc5f6f0
      Size/MD5 checksum:   961237 cd72f4d2eb2309a2d77d2ec7a3471c7c
      Size/MD5 checksum: 43929719 0393c05ffa4770c3c5178b74dc7a4282
      Size/MD5 checksum:      812 9b010ed11a18ae7a63ca1c0d9ce6b520
      Size/MD5 checksum:    37158 c1e462dc0aceed47aeba4788de1ef813
      Size/MD5 checksum:     1097 19abba41030b997320056d4006afaec3
      Size/MD5 checksum:    73962 73afecb44cda1a833afae9ade8592ae6
      Size/MD5 checksum:     1008 f8913a5c70c8e6db41ba33582aa1eedd
      Size/MD5 checksum:    65779 f6d20923c5a468b8c396f396d3f54468
      Size/MD5 checksum:     1047 8f17db00dbe1e0cfe9959e0ede3abad7
      Size/MD5 checksum:    88795 b5551e3a6f67218c2a37514b8662e4b7
      Size/MD5 checksum:     1191 1450b82c0ebd64a2f89e5b39b6fba66f
      Size/MD5 checksum:    62501 04ce7a79112bf21d7732b362bf2f2a8c
      Size/MD5 checksum:      874 cc02a1965a5236b0b56418924aeca2b2
      Size/MD5 checksum:    14227 fc0f38314b443bc4375a230622c69bed
      Size/MD5 checksum:     1026 628e05a33d5383d644c40c44b5a262a8
      Size/MD5 checksum:    24891 c099d3dc524bff486e3ac3aaed728baf
      Size/MD5 checksum:      833 0ca25fa6cf5060acbd7f86ee78b10fcb
      Size/MD5 checksum:    11363 cc5f02d8a1cc1c93edfd229bdcc9cb53
      Size/MD5 checksum:     1036 28ddac5872f5c07438473aa97b0babb0
      Size/MD5 checksum:    22734 5a9d2e75078588a6f94918aebc25e89b

  Architecture independent components:
      Size/MD5 checksum:  6179472 b7388d2256a4396d2da938a687b3ab9b
      Size/MD5 checksum:  1007230 309f32838373e76c9b61be0e6c191252
      Size/MD5 checksum: 34934446 65dca34768d7aa10074845d9b2f20431
      Size/MD5 checksum:    32120 5b04fd03ede3ae235a03624dc53e2026
      Size/MD5 checksum:     9182 04e70fd86504e721ad91a2b3352231d2

  Alpha architecture:
      Size/MD5 checksum:  2757876 e94cdb8d12552d293018c7ca24199f47
      Size/MD5 checksum:   230608 fdf2cc6f010f2b618672422c3293f3b9
      Size/MD5 checksum:   225502 2a21bf8197792a789420b1838526186f
      Size/MD5 checksum: 20226800 f627945f7f8216fbe6961a9559766f29
      Size/MD5 checksum: 20068720 7aa6c0137c94e2e7ee45e5ae702cfe27

  AMD64 architecture:
      Size/MD5 checksum:  2719948 51945c8ba3e5d86f81df067f73225201
      Size/MD5 checksum:   224276 33205d1399f5df2dce3583f737fb528a
      Size/MD5 checksum:   223300 bb55484a26b5a9a3fc01b68af37af569
      Size/MD5 checksum:   219178 010a7d13b9c5546006b736caddcfb1b9
      Size/MD5 checksum:   221054 c3674ad6b1c88ae5aa1c36c732fe1fe0
      Size/MD5 checksum:   217440 22ab9501c6422fd3b160e27bf7a59d2d
      Size/MD5 checksum: 12558694 a27949d59b7d84a4638ddb91a273ef47
      Size/MD5 checksum: 13250392 9c8f5ebcb94dd1509f46c4056d0555be
      Size/MD5 checksum: 13210004 b701fd7c35dccc26dfaba57183de5c2d
      Size/MD5 checksum: 13058704 1ac0827d7d189589c92f6e9cf07def85
      Size/MD5 checksum: 13042396 f41bf487053ea369d2ba635d7c2bb03c

  HP Precision architecture:
      Size/MD5 checksum:  2798740 3bd227d7f6ce63d13f4eb4cef3cc7efa
      Size/MD5 checksum:   209500 8b284495343adf74bca8219421f4b48d
      Size/MD5 checksum:   208722 941a680674931ec594e3512c5736c9bf
      Size/MD5 checksum:   208356 7ab2df2b04391d75500083585a96701b
      Size/MD5 checksum:   207502 0a840281a00f4762978af411d7a3e7fb
      Size/MD5 checksum: 16020358 6423b4288f949286ce1c70a743d03373
      Size/MD5 checksum: 16926452 be46b30fdb54c08c6cef2fcf7c9a2450
      Size/MD5 checksum: 17472682 d8ecab478805553c2f978dd405dca57d
      Size/MD5 checksum: 18305956 42ae9163eaba822e863ea8dd2cdedcaa

  Intel IA-32 architecture:
      Size/MD5 checksum:  2719920 0984a4d0f8de19308e49bc822b2d7c71
      Size/MD5 checksum:   224274 4faa8c6ee4aceae2ea01a2398c433599
      Size/MD5 checksum:   223264 298ec2bb85e50e58b4e0ba131648e1b2
      Size/MD5 checksum:   219174 d7422d17926f1e654627e08a71a8da94
      Size/MD5 checksum:   220996 0433d7f8f2ce52acde87fd1518b1987c
      Size/MD5 checksum:   217432 f34fb2bc6f9986cc94b002385392ff98
      Size/MD5 checksum: 12558490 4696f82bada71e27c3e1918b6a453f69
      Size/MD5 checksum: 13250408 200fcd489897d816ef3e7bfe5266541a
      Size/MD5 checksum: 13210500 df01307ce5ceed0e7b34e40aef5ff56f
      Size/MD5 checksum: 13208672 2aefa612e0e46772f15ab816dfd0ec75
      Size/MD5 checksum: 13188388 2e889282559ab1b62fbd3908ebae585d
      Size/MD5 checksum:  2777236 af649947c652a9486461b92bbc33be8a
      Size/MD5 checksum:   256920 88db1b684f215fdd35de0989f148b57f
      Size/MD5 checksum:   254646 553205bb17cfc57f4c4a7aadff46650a
      Size/MD5 checksum:   251590 51ebd6202b7f347f66df0e189b2a3946
      Size/MD5 checksum:   254818 746967059979238eb49cfdcba572c07b
      Size/MD5 checksum:   251708 33a61355c7a48d87b7570b772e454760
      Size/MD5 checksum: 14058198 fd607b13caf99093ef31071ff7395d6d
      Size/MD5 checksum: 15531820 5871afdf04de65bda6f5eb3266b0621d
      Size/MD5 checksum: 15339250 f3ab94a1304a28732cea6be8dd871ac7
      Size/MD5 checksum: 15258514 cc888a3d69727d61b86a7f0945a51eff
      Size/MD5 checksum: 15118194 fb0e7f6b830b7a012f06bf7c25ff15cc
      Size/MD5 checksum:     4972 9373407fba3ac5dd750058711dbaba35
      Size/MD5 checksum:     5040 0e0546f2897a3a4e70efe7a564fb6aff
      Size/MD5 checksum:     5002 ec64c94170f496062172d743aee4442a
      Size/MD5 checksum:     5068 bf99db45889934b45ce4834b9c770b16
      Size/MD5 checksum:  3097054 691f7cd4d1b2f184e50ab566f20a13e4
      Size/MD5 checksum:   198662 72e0e4b4331b8a600de3a98d6ac59a82
      Size/MD5 checksum:   197920 6e19efeac81a2a9416328af58316c4cb
      Size/MD5 checksum:   198394 6d946fcc7b1fcf88c9ee9a47f7015384
      Size/MD5 checksum:   197828 8be7e8290bd8e7cf1b9c162c9e369b36
      Size/MD5 checksum:     4972 db66d54714fc6042db69d30918c51b02
      Size/MD5 checksum:     5040 7712bc3701d2548903dd5b9337ab3b91
      Size/MD5 checksum:     4994 6621e8ce1be6e3f4a8b41991d834b144
      Size/MD5 checksum:     5064 d0f9af9891bd728a119763fddc6d3394
      Size/MD5 checksum: 22041474 4419d9b68b593646ed49ff194fcbcc9e
      Size/MD5 checksum: 22666884 7aab34e05eed41eee4b56ca45e1c4c2c
      Size/MD5 checksum: 21959066 27fe9dc58a04851cfbbac5b4a53f21ae
      Size/MD5 checksum: 22689900 4011393c3e3a94354d81c909a1aaef91

  Motorola 680x0 architecture:
      Size/MD5 checksum:  3304098 c9e4aeaa7b178b3396e8784dab38cc00
      Size/MD5 checksum:  3097378 d1f63a282acbc6b3f6891617b9350fae
      Size/MD5 checksum:  3010318 9b541a162fc8d966abf43c2a9fdce4d8
      Size/MD5 checksum:  2983934 73a518deadceae9ea5ee730fbaae8c61
      Size/MD5 checksum:  3171548 0c9ffc6fe6914da804987a43cd74e9f7
      Size/MD5 checksum:  2975620 b1bc12e308b7abf81ae7878680f17617
      Size/MD5 checksum:  3044876 d578ffdb0e11b61cb6446d599b160560
      Size/MD5 checksum:  3102300 9936cab2275643f32728c4f6d4dc77ad
      Size/MD5 checksum:  2988830 fa46326fc2398c39d044bda9120dbea0

  PowerPC architecture:
      Size/MD5 checksum:   405670 bd347754ea8c4cee14686b207e6cf46d
      Size/MD5 checksum:   405666 1dec752373178a4aef51f74c6d917073
      Size/MD5 checksum:   405598 c39f371744ca92eec853ad8746f0f009
      Size/MD5 checksum:   405568 b346b94897fca3c678daadc99b515428
      Size/MD5 checksum:   405912 14475ec4cdc9b337ad2dc0ab3a772bdb
      Size/MD5 checksum:   405698 4c3c94aa9afb4e6d73986bbfa26484bb
      Size/MD5 checksum:  5143830 3a6cd285eba77baae74a2a16f8029be2
      Size/MD5 checksum: 13494684 2ab633af498a4486190d3754c530e7f4
      Size/MD5 checksum: 13855580 1245c9d474405a277864484b0237252f
      Size/MD5 checksum: 13486150 80b9f2ed16acb2c9fdb7c9cb133a4c03
      Size/MD5 checksum: 13842602 e4013da64e44e6e0401aa87b1e68c1ce
      Size/MD5 checksum: 13514634 a3fbbf23d7b805431a5f9f28aadd25ab
      Size/MD5 checksum: 13769858 20783767bb65e7ea6ca76662438bf7ca

  IBM S/390 architecture:
      Size/MD5 checksum:  5083010 42c4dd8c6c67ce7940f0d24bb745385c
      Size/MD5 checksum:  2973758 c8d12dd2fbddca3ab1b7bd905de4a90c
      Size/MD5 checksum:  1140118 328edfc2944127e2f1d6dca1842ce51d
      Size/MD5 checksum:  3179326 487c36323990a6ae1119f4c30f16cdd9

  Sun Sparc architecture:
      Size/MD5 checksum:     3462 c68f0624f124db25f3a41f78432ca11c
      Size/MD5 checksum:  2888690 29723527245a48a00e724c7366868ec9
      Size/MD5 checksum:   107974 788d40ca3a1a3f53b8b2cf4c1fc4badc
      Size/MD5 checksum:   142726 8719b1bf0d3aff36f7711d8979f87a7d
      Size/MD5 checksum:   143332 87bc055c575e3ec3ea44136ed44dff6a
      Size/MD5 checksum:  4545570 00d7c7e1caef41efcbc198a282f2b9f2
      Size/MD5 checksum:  7428184 1f146c58f98331bf5826520379bacd33
      Size/MD5 checksum:  7622116 4de4c114879d82d79fc34cb93c070d43

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"52","type":"x","order":"1","pct":77.61,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"9","type":"x","order":"2","pct":13.43,"resources":[]},{"id":"181","title":"Hardly ever","votes":"6","type":"x","order":"3","pct":8.96,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.