Linux Security
    Linux Security
    Linux Security

    Debian: New Linux kernel 2.6.8 packages fix several issues

    Date 22 Feb 2008
    Posted By LinuxSecurity Advisories
    Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1504                  This email address is being protected from spambots. You need JavaScript enabled to view it.                           dann frazier
    February 22, 2008         
    - ------------------------------------------------------------------------
    Package        : kernel-source-2.6.8 (2.6.8-17sarge1)
    Vulnerability  : several
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CVE-2006-5823 CVE-2006-6054 CVE-2006-6058 CVE-2006-7203
                     CVE-2007-1353 CVE-2007-2172 CVE-2007-2525 CVE-2007-3105
                     CVE-2007-3739 CVE-2007-3740 CVE-2007-3848 CVE-2007-4133
                     CVE-2007-4308 CVE-2007-4573 CVE-2007-5093 CVE-2007-6063
                     CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007
    Several local and remote vulnerabilities have been discovered in the Linux
    kernel that may lead to a denial of service or the execution of arbitrary
    code. The Common Vulnerabilities and Exposures project identifies the
    following problems:
        LMH reported a potential local DoS which could be exploited by a malicious
        user with the privileges to mount and read a corrupted cramfs filesystem.
        LMH reported a potential local DoS which could be exploited by a malicious
        user with the privileges to mount and read a corrupted ext2 filesystem.
        LMH reported an issue in the minix filesystem that allows local users
        with mount privileges to create a DoS (printk flood) by mounting a
        specially crafted corrupt filesystem.
        OpenVZ Linux kernel team reported an issue in the smbfs filesystem which
        can be exploited by local users to cause a DoS (oops) during mount.
        Ilja van Sprundel discovered that kernel memory could be leaked via the
        Bluetooth setsockopt call due to an uninitialized stack buffer. This
        could be used by local attackers to read the contents of sensitive kernel
        Thomas Graf reported a typo in the DECnet protocol handler that could
        be used by a local attacker to overrun an array via crafted packets,
        potentially resulting in a Denial of Service (system crash).
        A similar issue exists in the IPV4 protocol handler and will be fixed
        in a subsequent update.
        Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused
        by releasing a socket before PPPIOCGCHAN is called upon it. This could
        be used by a local user to DoS a system by consuming all available memory.
        The PaX Team discovered a potential buffer overflow in the random number
        generator which may permit local users to cause a denial of service or
        gain additional privileges. This issue is not believed to effect default
        Debian installations where only root has sufficient privileges to exploit
        Adam Litke reported a potential local denial of service (oops) on
        powerpc platforms resulting from unchecked VMA expansion into address
        space reserved for hugetlb pages.
        Steve French reported that CIFS filesystems with CAP_UNIX enabled 
        were not honoring a process' umask which may lead to unintentinally
        relaxed permissions.
        Wojciech Purczynski discovered that pdeath_signal was not being reset
        properly under certain conditions which may allow local users to gain
        privileges by sending arbitrary signals to suid binaries.
        Hugh Dickins discovered a potential local DoS (panic) in hugetlbfs.
        A misconversion of hugetlb_vmtruncate_list to prio_tree may allow
        local users to trigger a BUG_ON() call in exit_mmap.
        Alan Cox reported an issue in the aacraid driver that allows unprivileged
        local users to make ioctl calls which should be restricted to admin
        Wojciech Purczynski discovered a vulnerability that can be exploited
        by a local user to obtain superuser privileges on x86_64 systems.
        This resulted from improper clearing of the high bits of registers
        during ia32 system call emulation. This vulnerability is relevant
        to the Debian amd64 port as well as users of the i386 port who run
        the amd64 linux-image flavour.
        Alex Smith discovered an issue with the pwc driver for certain webcam
        devices. If the device is removed while a userspace application has it
        open, the driver will wait for userspace to close the device, resulting
        in a blocked USB subsystem. This issue is of low security impact as
        it requires the attacker to either have physical access to the system
        or to convince a user with local access to remove the device on their
        Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl
        handling, exploitable by a local user.
        ADLAB discovered a possible memory overrun in the ISDN subsystem that
        may permit a local user to overwrite kernel memory leading by issuing
        ioctls with unterminated data.
        Blake Frantz discovered that when a core file owned by a non-root user
        exists, and a root-owned process dumps core over it, the core file
        retains its original ownership. This could be used by a local user to
        gain access to sensitive information.
        Cyrill Gorcunov reported a NULL pointer dereference in code specific
        to the CHRP PowerPC platforms. Local users could exploit this issue
        to achieve a Denial of Service (DoS).
        Nick Piggin of SuSE discovered a number of issues in subsystems which
        register a fault handler for memory mapped areas. This issue can be
        exploited by local users to achieve a Denial of Service (DoS) and possibly
        execute arbitrary code.
    The following matrix lists additional packages that were rebuilt for
    compatibility with or to take advantage of this update:
                                     Debian 3.1 (sarge)
         kernel-image-2.6.8-alpha    2.6.8-17sarge1
         kernel-image-2.6.8-amd64    2.6.8-17sarge1
         kernel-image-2.6.8-hppa     2.6.8-7sarge1
         kernel-image-2.6.8-i386     2.6.8-17sarge1
         kernel-image-2.6.8-ia64     2.6.8-15sarge1
         kernel-image-2.6.8-m68k     2.6.8-5sarge1
         kernel-image-2.6.8-s390     2.6.8-6sarge1
         kernel-image-2.6.8-sparc    2.6.8-16sarge1
         kernel-patch-powerpc-2.6.8  2.6.8-13sarge1
         fai-kernels                 1.9.1sarge8
    We recommend that you upgrade your kernel package immediately and reboot
    the machine. If you have built a custom kernel from the kernel source
    package, you will need to rebuild to take advantage of these fixes.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    Debian 3.1 (oldstable)
    - ----------------------
    Oldstable updates are available for alpha, amd64, hppa, i386, ia64, m68k, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:      846 4503eeaf9e1a21a9f220e2d9c31e0123
        Size/MD5 checksum:     1191 bfba4b91bbd166d14d0bace5ac137715
        Size/MD5 checksum:  1124155 d0e37e157fd2c4a9889222377ae6a956
        Size/MD5 checksum:    18572 fffdd006af1f26150eb6131f10c14c8f
        Size/MD5 checksum:    73206 97e4fadb9612c1a9ce969a0cbdc663f4
        Size/MD5 checksum:      621 fd5cf0a4b08aadf72cedb8029390fdeb
        Size/MD5 checksum:     1103 27f8b65b1acae74eac82f6484edbc5e5
        Size/MD5 checksum:    44625 4e68e046835cd0dce3ba2dc096f21924
        Size/MD5 checksum:    32565 406db278e655291be89254da5a4e15f8
        Size/MD5 checksum:     1013 defcdc70dd9d969ddfaed2819b341758
        Size/MD5 checksum:    69734 a5e62e3da21f1e89e1c7f76508de9673
        Size/MD5 checksum:    82008 c90b3a12c9bf77807d0d5c3ab6cf1567
        Size/MD5 checksum:    22997 75027ce480514543ad6d565d43890a3e
        Size/MD5 checksum:    32414 676fdb7a2c0cb66cd6c13a75b836f755
        Size/MD5 checksum:     1036 088234b948dd74a6c869f743a5346a54
        Size/MD5 checksum:      812 e12f4f68ee249f53bab5b4752d6b2795
        Size/MD5 checksum:    96384 bd4d726f97468d6cca1139cf80b1342a
        Size/MD5 checksum:     1047 80bb021a47b74d6b1e486c2bba6c55b8
        Size/MD5 checksum:     1002 0a956bc9d48251885d52d4b4d4b07310
        Size/MD5 checksum:     1071 39e866b6617c57f4acf7e06d3b7ae82e
        Size/MD5 checksum:    32434 ee1ef40c64f09bcdc25d9c9b7ea325e0
        Size/MD5 checksum:      874 9db0c07fe9a8cc114a82f3d4f8a209a9
        Size/MD5 checksum: 43929719 0393c05ffa4770c3c5178b74dc7a4282
    Architecture independent packages:
        Size/MD5 checksum: 34955480 ece884d31c0a9bd290d467f00973252e
        Size/MD5 checksum:    16650 2304fae6c3d145826acea1403133ef98
        Size/MD5 checksum:    39758 12ee237ef5816a9c1f87697a0397802a
        Size/MD5 checksum:  6190062 e7e672dd30a416f98fb8dd3ead7e938b
        Size/MD5 checksum:  1194926 dfc3e12e6e7739c91c17e150a7242fa2
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   238146 8dd62b8c39cceeedd5efaa4b2eee4582
        Size/MD5 checksum:   232626 0f789080227336bd274f4ddacc4a749b
        Size/MD5 checksum:  2765374 6f857f2bc6f2f0d5a94a98ae814c4e87
        Size/MD5 checksum: 20094120 e0a3941fdaa513458f54b78e5b3ebd41
        Size/MD5 checksum: 20242970 0944d9b857e2383f2748fab122de3a5d
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:   225228 fc7e590bc877da3505ee3442409bf8ee
        Size/MD5 checksum:   228186 4663c6daf166b5559e408795f44d84f5
        Size/MD5 checksum: 12579110 41c47936fe7cd1bb8e28177cf282e957
        Size/MD5 checksum:   231428 dfdf341727fcca4af9ff41f7f0046e1b
        Size/MD5 checksum: 13238846 51bca8a45157f119dc001e786e325cca
        Size/MD5 checksum: 13063162 14486d83aee59b7616ff63de003340ac
        Size/MD5 checksum: 13275762 767dcb70ca259ff0dc07f6cb8351a83d
        Size/MD5 checksum:  2728264 db7534ded22b911afffa5413d540dbbd
        Size/MD5 checksum:   226722 33c904e9fd0a2f754f0d5aed640a3bd3
        Size/MD5 checksum:   230322 917d95bec917d2a7588867f81d88a2e9
        Size/MD5 checksum: 13082028 78be67d79a13baba4a6c798624f7f818
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:  2820206 0a14c1185bcde28d0a97eaeef9e11e3f
        Size/MD5 checksum: 17550802 fabf823c16fcb3e0bbf69d0081faafd8
        Size/MD5 checksum:   219244 ff1d717d7b3d1db40c96d15b96b8a447
        Size/MD5 checksum: 18374164 e088d77a7e64efa4d825416f94fd5db6
        Size/MD5 checksum:   220054 5e8db88176af86cf5d5968dac2816ac6
        Size/MD5 checksum: 17020158 1e3f2fc9f9764e1823054df8abde860c
        Size/MD5 checksum:   220598 e3419d467dc69e90e2db720c519268d3
        Size/MD5 checksum: 16110870 cb91278b4861aa27da3555e3ae05a842
        Size/MD5 checksum:   219758 ff98c244a5777bf1cb9d3aa42e92035b
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   258700 b406cff5cdfce0b1ebb0999b940bcf77
        Size/MD5 checksum: 14079400 b3034d3d756026061d6d1ae64f7670ac
        Size/MD5 checksum:   226622 89ab2fe13383be55139f779983e76f56
        Size/MD5 checksum:   228124 0232808c2f4af4679ff387fd5aef30c2
        Size/MD5 checksum: 13238830 83c9fa536a5039d9b7faaedd55c0d2df
        Size/MD5 checksum: 13208166 7d76aba45eeea785e68e144c93f8fa55
        Size/MD5 checksum:   231474 a9af96e38de18058a0bbb855ed0193f3
        Size/MD5 checksum: 15558172 1ef83fe26c46d25f209cb0a76140c0e3
        Size/MD5 checksum: 13236626 fad30247937094d606a01d53a2eff086
        Size/MD5 checksum:  2728376 e2538d185c863ac7adf9dd41ac73f83d
        Size/MD5 checksum: 15397692 580feea340f69d04fafcd052268bb314
        Size/MD5 checksum: 15173410 f477356acda36ec633c3bee285794377
        Size/MD5 checksum:  2784978 76f4162d37d785b5e0648435936774f6
        Size/MD5 checksum:   263456 3ddcc23d88f64f8a185c3a3dc4ae3402
        Size/MD5 checksum:   225052 c266db2ed1f497b91c8202c2e9511bd3
        Size/MD5 checksum: 15282426 bce3bfbc0e6aede5dc503b37935b050a
        Size/MD5 checksum:   230266 2172a8e3ff5107cb582b5a31111b904b
        Size/MD5 checksum:   258222 e02e548b571117fa3a0b68add40c3893
        Size/MD5 checksum:   260930 a4765a3da36be625c104281daecc29d2
        Size/MD5 checksum: 12010766 5c06b0a78b203b2032aa327839fa9795
        Size/MD5 checksum:   260956 5bf06a1619132b0624299735caf26879
        Size/MD5 checksum: 12579278 f6c685f628478fcc8f37257a6e71aedd
        Size/MD5 checksum: 13276128 541fc888c5aa5dee5e186185d1f2256f
    ia64 architecture (Intel ia64)
        Size/MD5 checksum: 21496770 8336b695564c2eb6d8dc98a13c3b4e1a
        Size/MD5 checksum:   205878 2f8285b89e03dee6c71f9d8079d13499
        Size/MD5 checksum:    12228 b69b46b5a764b898baaf3ba3ad056d5f
        Size/MD5 checksum:    12162 3d5dfd32448f8cb967dd1ce9549789af
        Size/MD5 checksum:  3104422 af94110dd2e8401a975315dd93aaa28b
        Size/MD5 checksum:    12172 618961c987120133ee1c999e4cf5f62f
        Size/MD5 checksum:    12236 7ca412f9885d85f92340423de43e284f
        Size/MD5 checksum:    12140 031a5db578a7291bf25c13b7be4b4ec6
        Size/MD5 checksum:   206340 85610c56d71469abb003503c9395f639
        Size/MD5 checksum:   206076 62768e32c962c2f1f2f19c0062800557
        Size/MD5 checksum:    12202 a4a24b0e48c4f6c2c3d8ab17fc6fe4ae
        Size/MD5 checksum: 21417820 daa90c69a36eb5baf3231fed495766e1
        Size/MD5 checksum:   205672 e5befe9b90d7f8d43ed7e1dfff89851c
        Size/MD5 checksum: 22158208 8a186facbb3023845284531d27c01486
        Size/MD5 checksum:    12136 fe3ae95000fba99026557e9f3110eef9
        Size/MD5 checksum: 22174026 de343e5cddd6936ec435cdc87d5ab689
        Size/MD5 checksum:    12200 75abbf3dc640b0765b0f510c0c783ecb
    m68k architecture (Motorola Mc680x0)
        Size/MD5 checksum:  2997446 90b62190daab090dd211b2e2fa76e634
        Size/MD5 checksum:  3053150 9876f36e6cbad66ac690362955b3ee6c
        Size/MD5 checksum:  3111618 38fdf55f9f32aa26df0b3001fd6b77a2
        Size/MD5 checksum:  3311580 052d54a9c2e6eab73cf870634aaf78e3
        Size/MD5 checksum:  2992404 cd498a3a110af341e7052fb06ec8b0bc
        Size/MD5 checksum:  3178962 1160ae756c286e7e2845cbeb1326c3bb
        Size/MD5 checksum:  2982482 677c66d0af2580084d6d061bfd63ffd4
        Size/MD5 checksum:  3018000 89321aa5c34c8c9c95a61a86d0337699
        Size/MD5 checksum:  3105192 0a020af9116bd8ac96d2c3eb054b6840
    powerpc architecture (PowerPC)
        Size/MD5 checksum:  5153168 2f57ad5241d60f31e262541b1b9bf08a
        Size/MD5 checksum: 13953866 46a1861b3cd33737bdd60a0f72f397c4
        Size/MD5 checksum: 13599558 0ddb46fa72e94a9018eccfd3d2f0b40c
        Size/MD5 checksum: 13873214 f012b664fbc58bfcdfbba594d38bc855
        Size/MD5 checksum: 13943782 153a4ba86086ae315977b069a3c8fa3c
        Size/MD5 checksum:   412788 719ae014adea5b6a7c3c36b2b0e268ed
        Size/MD5 checksum:   412382 228e63e6d49179b0dc802b903b1b52e4
        Size/MD5 checksum:   411974 bcf255c3858b2d9a01bbbb2b7c25aff2
        Size/MD5 checksum: 13616728 e6762f501e5422e23f023b79037a8ca5
        Size/MD5 checksum:   412034 0334c1128e3e843ebc68963633480ba4
        Size/MD5 checksum:   412136 a761c81f7e2c38637fecefeb197f8a5b
        Size/MD5 checksum:   412708 584de35626e4445772f28341560aae76
        Size/MD5 checksum: 13583634 0f334a6487d58f02b75f9102641d4541
    s390 architecture (IBM S/390)
        Size/MD5 checksum:  3199350 2dec14becfc609e1414a00a726a78153
        Size/MD5 checksum:  2992448 d90f45f8f995286690ed2c460f5f418b
        Size/MD5 checksum:  5092100 c603b5b67a2e4be7b92fc909a64493cd
        Size/MD5 checksum:  1150168 8cf8f4a0193c71df9a27b3362b868cc5
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:  7645904 2c30dc864de96d05d0a3426b36c26d3a
        Size/MD5 checksum:  2896286 54cdf0c85119d5a049164705e54a24d9
        Size/MD5 checksum:  4563634 2df1caceab9295aca03f8efb9abfa33a
        Size/MD5 checksum:  7449244 1833928627fd502581b283c8d508b423
        Size/MD5 checksum:   116254 ccfa57772f57fc041c7e2f52fc09216c
        Size/MD5 checksum:   151548 0170da5a8e3a7179073a6ee42fe41b27
        Size/MD5 checksum:    10856 5866644f6a69cd14120b2f27b936097e
        Size/MD5 checksum:   150948 ed82830f3020847472660683d0a8b5cd
      These files will probably be moved into the oldstable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.