Linux Security
Linux Security
Linux Security

Debian: New Linux kernel 2.6.8 packages fix several issues

Date 22 Feb 2008
Posted By LinuxSecurity Advisories
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1504                  This email address is being protected from spambots. You need JavaScript enabled to view it.                           dann frazier
February 22, 2008         
- ------------------------------------------------------------------------

Package        : kernel-source-2.6.8 (2.6.8-17sarge1)
Vulnerability  : several
Problem-Type   : local
Debian-specific: no
CVE ID         : CVE-2006-5823 CVE-2006-6054 CVE-2006-6058 CVE-2006-7203
                 CVE-2007-1353 CVE-2007-2172 CVE-2007-2525 CVE-2007-3105
                 CVE-2007-3739 CVE-2007-3740 CVE-2007-3848 CVE-2007-4133
                 CVE-2007-4308 CVE-2007-4573 CVE-2007-5093 CVE-2007-6063
                 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:


    LMH reported a potential local DoS which could be exploited by a malicious
    user with the privileges to mount and read a corrupted cramfs filesystem.


    LMH reported a potential local DoS which could be exploited by a malicious
    user with the privileges to mount and read a corrupted ext2 filesystem.


    LMH reported an issue in the minix filesystem that allows local users
    with mount privileges to create a DoS (printk flood) by mounting a
    specially crafted corrupt filesystem.


    OpenVZ Linux kernel team reported an issue in the smbfs filesystem which
    can be exploited by local users to cause a DoS (oops) during mount.


    Ilja van Sprundel discovered that kernel memory could be leaked via the
    Bluetooth setsockopt call due to an uninitialized stack buffer. This
    could be used by local attackers to read the contents of sensitive kernel


    Thomas Graf reported a typo in the DECnet protocol handler that could
    be used by a local attacker to overrun an array via crafted packets,
    potentially resulting in a Denial of Service (system crash).
    A similar issue exists in the IPV4 protocol handler and will be fixed
    in a subsequent update.


    Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused
    by releasing a socket before PPPIOCGCHAN is called upon it. This could
    be used by a local user to DoS a system by consuming all available memory.


    The PaX Team discovered a potential buffer overflow in the random number
    generator which may permit local users to cause a denial of service or
    gain additional privileges. This issue is not believed to effect default
    Debian installations where only root has sufficient privileges to exploit


    Adam Litke reported a potential local denial of service (oops) on
    powerpc platforms resulting from unchecked VMA expansion into address
    space reserved for hugetlb pages.


    Steve French reported that CIFS filesystems with CAP_UNIX enabled 
    were not honoring a process' umask which may lead to unintentinally
    relaxed permissions.

    Wojciech Purczynski discovered that pdeath_signal was not being reset
    properly under certain conditions which may allow local users to gain
    privileges by sending arbitrary signals to suid binaries.


    Hugh Dickins discovered a potential local DoS (panic) in hugetlbfs.
    A misconversion of hugetlb_vmtruncate_list to prio_tree may allow
    local users to trigger a BUG_ON() call in exit_mmap.


    Alan Cox reported an issue in the aacraid driver that allows unprivileged
    local users to make ioctl calls which should be restricted to admin


    Wojciech Purczynski discovered a vulnerability that can be exploited
    by a local user to obtain superuser privileges on x86_64 systems.
    This resulted from improper clearing of the high bits of registers
    during ia32 system call emulation. This vulnerability is relevant
    to the Debian amd64 port as well as users of the i386 port who run
    the amd64 linux-image flavour.


    Alex Smith discovered an issue with the pwc driver for certain webcam
    devices. If the device is removed while a userspace application has it
    open, the driver will wait for userspace to close the device, resulting
    in a blocked USB subsystem. This issue is of low security impact as
    it requires the attacker to either have physical access to the system
    or to convince a user with local access to remove the device on their

    Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl
    handling, exploitable by a local user.


    ADLAB discovered a possible memory overrun in the ISDN subsystem that
    may permit a local user to overwrite kernel memory leading by issuing
    ioctls with unterminated data.


    Blake Frantz discovered that when a core file owned by a non-root user
    exists, and a root-owned process dumps core over it, the core file
    retains its original ownership. This could be used by a local user to
    gain access to sensitive information.


    Cyrill Gorcunov reported a NULL pointer dereference in code specific
    to the CHRP PowerPC platforms. Local users could exploit this issue
    to achieve a Denial of Service (DoS).


    Nick Piggin of SuSE discovered a number of issues in subsystems which
    register a fault handler for memory mapped areas. This issue can be
    exploited by local users to achieve a Denial of Service (DoS) and possibly
    execute arbitrary code.

The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:

                                 Debian 3.1 (sarge)
     kernel-image-2.6.8-alpha    2.6.8-17sarge1
     kernel-image-2.6.8-amd64    2.6.8-17sarge1
     kernel-image-2.6.8-hppa     2.6.8-7sarge1
     kernel-image-2.6.8-i386     2.6.8-17sarge1
     kernel-image-2.6.8-ia64     2.6.8-15sarge1
     kernel-image-2.6.8-m68k     2.6.8-5sarge1
     kernel-image-2.6.8-s390     2.6.8-6sarge1
     kernel-image-2.6.8-sparc    2.6.8-16sarge1
     kernel-patch-powerpc-2.6.8  2.6.8-13sarge1
     fai-kernels                 1.9.1sarge8

We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, hppa, i386, ia64, m68k, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:      846 4503eeaf9e1a21a9f220e2d9c31e0123
    Size/MD5 checksum:     1191 bfba4b91bbd166d14d0bace5ac137715
    Size/MD5 checksum:  1124155 d0e37e157fd2c4a9889222377ae6a956
    Size/MD5 checksum:    18572 fffdd006af1f26150eb6131f10c14c8f
    Size/MD5 checksum:    73206 97e4fadb9612c1a9ce969a0cbdc663f4
    Size/MD5 checksum:      621 fd5cf0a4b08aadf72cedb8029390fdeb
    Size/MD5 checksum:     1103 27f8b65b1acae74eac82f6484edbc5e5
    Size/MD5 checksum:    44625 4e68e046835cd0dce3ba2dc096f21924
    Size/MD5 checksum:    32565 406db278e655291be89254da5a4e15f8
    Size/MD5 checksum:     1013 defcdc70dd9d969ddfaed2819b341758
    Size/MD5 checksum:    69734 a5e62e3da21f1e89e1c7f76508de9673
    Size/MD5 checksum:    82008 c90b3a12c9bf77807d0d5c3ab6cf1567
    Size/MD5 checksum:    22997 75027ce480514543ad6d565d43890a3e
    Size/MD5 checksum:    32414 676fdb7a2c0cb66cd6c13a75b836f755
    Size/MD5 checksum:     1036 088234b948dd74a6c869f743a5346a54
    Size/MD5 checksum:      812 e12f4f68ee249f53bab5b4752d6b2795
    Size/MD5 checksum:    96384 bd4d726f97468d6cca1139cf80b1342a
    Size/MD5 checksum:     1047 80bb021a47b74d6b1e486c2bba6c55b8
    Size/MD5 checksum:     1002 0a956bc9d48251885d52d4b4d4b07310
    Size/MD5 checksum:     1071 39e866b6617c57f4acf7e06d3b7ae82e
    Size/MD5 checksum:    32434 ee1ef40c64f09bcdc25d9c9b7ea325e0
    Size/MD5 checksum:      874 9db0c07fe9a8cc114a82f3d4f8a209a9
    Size/MD5 checksum: 43929719 0393c05ffa4770c3c5178b74dc7a4282

Architecture independent packages:
    Size/MD5 checksum: 34955480 ece884d31c0a9bd290d467f00973252e
    Size/MD5 checksum:    16650 2304fae6c3d145826acea1403133ef98
    Size/MD5 checksum:    39758 12ee237ef5816a9c1f87697a0397802a
    Size/MD5 checksum:  6190062 e7e672dd30a416f98fb8dd3ead7e938b
    Size/MD5 checksum:  1194926 dfc3e12e6e7739c91c17e150a7242fa2

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   238146 8dd62b8c39cceeedd5efaa4b2eee4582
    Size/MD5 checksum:   232626 0f789080227336bd274f4ddacc4a749b
    Size/MD5 checksum:  2765374 6f857f2bc6f2f0d5a94a98ae814c4e87
    Size/MD5 checksum: 20094120 e0a3941fdaa513458f54b78e5b3ebd41
    Size/MD5 checksum: 20242970 0944d9b857e2383f2748fab122de3a5d

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   225228 fc7e590bc877da3505ee3442409bf8ee
    Size/MD5 checksum:   228186 4663c6daf166b5559e408795f44d84f5
    Size/MD5 checksum: 12579110 41c47936fe7cd1bb8e28177cf282e957
    Size/MD5 checksum:   231428 dfdf341727fcca4af9ff41f7f0046e1b
    Size/MD5 checksum: 13238846 51bca8a45157f119dc001e786e325cca
    Size/MD5 checksum: 13063162 14486d83aee59b7616ff63de003340ac
    Size/MD5 checksum: 13275762 767dcb70ca259ff0dc07f6cb8351a83d
    Size/MD5 checksum:  2728264 db7534ded22b911afffa5413d540dbbd
    Size/MD5 checksum:   226722 33c904e9fd0a2f754f0d5aed640a3bd3
    Size/MD5 checksum:   230322 917d95bec917d2a7588867f81d88a2e9
    Size/MD5 checksum: 13082028 78be67d79a13baba4a6c798624f7f818

hppa architecture (HP PA RISC)
    Size/MD5 checksum:  2820206 0a14c1185bcde28d0a97eaeef9e11e3f
    Size/MD5 checksum: 17550802 fabf823c16fcb3e0bbf69d0081faafd8
    Size/MD5 checksum:   219244 ff1d717d7b3d1db40c96d15b96b8a447
    Size/MD5 checksum: 18374164 e088d77a7e64efa4d825416f94fd5db6
    Size/MD5 checksum:   220054 5e8db88176af86cf5d5968dac2816ac6
    Size/MD5 checksum: 17020158 1e3f2fc9f9764e1823054df8abde860c
    Size/MD5 checksum:   220598 e3419d467dc69e90e2db720c519268d3
    Size/MD5 checksum: 16110870 cb91278b4861aa27da3555e3ae05a842
    Size/MD5 checksum:   219758 ff98c244a5777bf1cb9d3aa42e92035b

i386 architecture (Intel ia32)
    Size/MD5 checksum:   258700 b406cff5cdfce0b1ebb0999b940bcf77
    Size/MD5 checksum: 14079400 b3034d3d756026061d6d1ae64f7670ac
    Size/MD5 checksum:   226622 89ab2fe13383be55139f779983e76f56
    Size/MD5 checksum:   228124 0232808c2f4af4679ff387fd5aef30c2
    Size/MD5 checksum: 13238830 83c9fa536a5039d9b7faaedd55c0d2df
    Size/MD5 checksum: 13208166 7d76aba45eeea785e68e144c93f8fa55
    Size/MD5 checksum:   231474 a9af96e38de18058a0bbb855ed0193f3
    Size/MD5 checksum: 15558172 1ef83fe26c46d25f209cb0a76140c0e3
    Size/MD5 checksum: 13236626 fad30247937094d606a01d53a2eff086
    Size/MD5 checksum:  2728376 e2538d185c863ac7adf9dd41ac73f83d
    Size/MD5 checksum: 15397692 580feea340f69d04fafcd052268bb314
    Size/MD5 checksum: 15173410 f477356acda36ec633c3bee285794377
    Size/MD5 checksum:  2784978 76f4162d37d785b5e0648435936774f6
    Size/MD5 checksum:   263456 3ddcc23d88f64f8a185c3a3dc4ae3402
    Size/MD5 checksum:   225052 c266db2ed1f497b91c8202c2e9511bd3
    Size/MD5 checksum: 15282426 bce3bfbc0e6aede5dc503b37935b050a
    Size/MD5 checksum:   230266 2172a8e3ff5107cb582b5a31111b904b
    Size/MD5 checksum:   258222 e02e548b571117fa3a0b68add40c3893
    Size/MD5 checksum:   260930 a4765a3da36be625c104281daecc29d2
    Size/MD5 checksum: 12010766 5c06b0a78b203b2032aa327839fa9795
    Size/MD5 checksum:   260956 5bf06a1619132b0624299735caf26879
    Size/MD5 checksum: 12579278 f6c685f628478fcc8f37257a6e71aedd
    Size/MD5 checksum: 13276128 541fc888c5aa5dee5e186185d1f2256f

ia64 architecture (Intel ia64)
    Size/MD5 checksum: 21496770 8336b695564c2eb6d8dc98a13c3b4e1a
    Size/MD5 checksum:   205878 2f8285b89e03dee6c71f9d8079d13499
    Size/MD5 checksum:    12228 b69b46b5a764b898baaf3ba3ad056d5f
    Size/MD5 checksum:    12162 3d5dfd32448f8cb967dd1ce9549789af
    Size/MD5 checksum:  3104422 af94110dd2e8401a975315dd93aaa28b
    Size/MD5 checksum:    12172 618961c987120133ee1c999e4cf5f62f
    Size/MD5 checksum:    12236 7ca412f9885d85f92340423de43e284f
    Size/MD5 checksum:    12140 031a5db578a7291bf25c13b7be4b4ec6
    Size/MD5 checksum:   206340 85610c56d71469abb003503c9395f639
    Size/MD5 checksum:   206076 62768e32c962c2f1f2f19c0062800557
    Size/MD5 checksum:    12202 a4a24b0e48c4f6c2c3d8ab17fc6fe4ae
    Size/MD5 checksum: 21417820 daa90c69a36eb5baf3231fed495766e1
    Size/MD5 checksum:   205672 e5befe9b90d7f8d43ed7e1dfff89851c
    Size/MD5 checksum: 22158208 8a186facbb3023845284531d27c01486
    Size/MD5 checksum:    12136 fe3ae95000fba99026557e9f3110eef9
    Size/MD5 checksum: 22174026 de343e5cddd6936ec435cdc87d5ab689
    Size/MD5 checksum:    12200 75abbf3dc640b0765b0f510c0c783ecb

m68k architecture (Motorola Mc680x0)
    Size/MD5 checksum:  2997446 90b62190daab090dd211b2e2fa76e634
    Size/MD5 checksum:  3053150 9876f36e6cbad66ac690362955b3ee6c
    Size/MD5 checksum:  3111618 38fdf55f9f32aa26df0b3001fd6b77a2
    Size/MD5 checksum:  3311580 052d54a9c2e6eab73cf870634aaf78e3
    Size/MD5 checksum:  2992404 cd498a3a110af341e7052fb06ec8b0bc
    Size/MD5 checksum:  3178962 1160ae756c286e7e2845cbeb1326c3bb
    Size/MD5 checksum:  2982482 677c66d0af2580084d6d061bfd63ffd4
    Size/MD5 checksum:  3018000 89321aa5c34c8c9c95a61a86d0337699
    Size/MD5 checksum:  3105192 0a020af9116bd8ac96d2c3eb054b6840

powerpc architecture (PowerPC)
    Size/MD5 checksum:  5153168 2f57ad5241d60f31e262541b1b9bf08a
    Size/MD5 checksum: 13953866 46a1861b3cd33737bdd60a0f72f397c4
    Size/MD5 checksum: 13599558 0ddb46fa72e94a9018eccfd3d2f0b40c
    Size/MD5 checksum: 13873214 f012b664fbc58bfcdfbba594d38bc855
    Size/MD5 checksum: 13943782 153a4ba86086ae315977b069a3c8fa3c
    Size/MD5 checksum:   412788 719ae014adea5b6a7c3c36b2b0e268ed
    Size/MD5 checksum:   412382 228e63e6d49179b0dc802b903b1b52e4
    Size/MD5 checksum:   411974 bcf255c3858b2d9a01bbbb2b7c25aff2
    Size/MD5 checksum: 13616728 e6762f501e5422e23f023b79037a8ca5
    Size/MD5 checksum:   412034 0334c1128e3e843ebc68963633480ba4
    Size/MD5 checksum:   412136 a761c81f7e2c38637fecefeb197f8a5b
    Size/MD5 checksum:   412708 584de35626e4445772f28341560aae76
    Size/MD5 checksum: 13583634 0f334a6487d58f02b75f9102641d4541

s390 architecture (IBM S/390)
    Size/MD5 checksum:  3199350 2dec14becfc609e1414a00a726a78153
    Size/MD5 checksum:  2992448 d90f45f8f995286690ed2c460f5f418b
    Size/MD5 checksum:  5092100 c603b5b67a2e4be7b92fc909a64493cd
    Size/MD5 checksum:  1150168 8cf8f4a0193c71df9a27b3362b868cc5

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:  7645904 2c30dc864de96d05d0a3426b36c26d3a
    Size/MD5 checksum:  2896286 54cdf0c85119d5a049164705e54a24d9
    Size/MD5 checksum:  4563634 2df1caceab9295aca03f8efb9abfa33a
    Size/MD5 checksum:  7449244 1833928627fd502581b283c8d508b423
    Size/MD5 checksum:   116254 ccfa57772f57fc041c7e2f52fc09216c
    Size/MD5 checksum:   151548 0170da5a8e3a7179073a6ee42fe41b27
    Size/MD5 checksum:    10856 5866644f6a69cd14120b2f27b936097e
    Size/MD5 checksum:   150948 ed82830f3020847472660683d0a8b5cd

  These files will probably be moved into the oldstable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"43","type":"x","order":"1","pct":84.31,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":7.84,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":7.84,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.