| 1 |
--------------------------------------------------------------------------
|
| 2 |
Debian Security Advisory DSA XXX-1 security@debian.org
|
| 3 |
http://www.debian.org/security/ Dann Frazier
|
| 4 |
XXXXX 8th, 2007 http://www.debian.org/security/faq
|
| 5 |
--------------------------------------------------------------------------
|
| 6 |
|
| 7 |
Package : linux-2.6
|
| 8 |
Vulnerability : several
|
| 9 |
Problem-Type : local/remote
|
| 10 |
Debian-specific: no
|
| 11 |
CVE ID : CVE-2007-0005 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592
|
| 12 |
|
| 13 |
Several local and remote vulnerabilities have been discovered in the Linux
|
| 14 |
kernel that may lead to a denial of service or the execution of arbitrary
|
| 15 |
code. The Common Vulnerabilities and Exposures project identifies the
|
| 16 |
following problems:
|
| 17 |
|
| 18 |
CVE-2007-0005
|
| 19 |
|
| 20 |
Daniel Roethlisberger discovered two buffer overflows in the cm4040
|
| 21 |
driver for the Omnikey CardMan 4040 device. A local user or malicious
|
| 22 |
device could exploit this to execute arbitrary code in kernel space.
|
| 23 |
|
| 24 |
CVE-2007-0958
|
| 25 |
|
| 26 |
Santosh Eraniose reported a vulnerability that allows local users to read
|
| 27 |
otherwise unreadable files by triggering a core dump while using PT_INTERP.
|
| 28 |
This is related to CVE-2004-1073.
|
| 29 |
|
| 30 |
CVE-2007-1357
|
| 31 |
|
| 32 |
Jean Delvare reported a vulnerability in the appletalk subsystem.
|
| 33 |
Systems with the appletalk module loaded can be triggered to crash
|
| 34 |
by other systems on the local network via a malformed frame.
|
| 35 |
|
| 36 |
CVE-2007-1592
|
| 37 |
|
| 38 |
Masayuki Nakagawa discovered that flow labels were inadvertently
|
| 39 |
being shared between listening sockets and child sockets. This defect
|
| 40 |
can be exploited by local users to cause a DoS (Oops).
|
| 41 |
|
| 42 |
This problem has been fixed in the stable distribution in version
|
| 43 |
2.6.18.dfsg.1-12etch1.
|
| 44 |
|
| 45 |
The following matrix lists additional packages that were rebuilt for
|
| 46 |
compatibility with or to take advantage of this update:
|
| 47 |
|
| 48 |
Debian 4.0 (etch)
|
| 49 |
fai-kernels 1.17etch1
|
| 50 |
user-mode-linux 2.6.18-1um-2etch1
|
| 51 |
|
| 52 |
We recommend that you upgrade your kernel package immediately and reboot
|
| 53 |
the machine. If you have built a custom kernel from the kernel source
|
| 54 |
package, you will need to rebuild to take advantage of these fixes.
|
| 55 |
|
| 56 |
Upgrade Instructions
|
| 57 |
--------------------
|
| 58 |
|
| 59 |
wget url
|
| 60 |
will fetch the file for you
|
| 61 |
dpkg -i file.deb
|
| 62 |
will install the referenced file.
|
| 63 |
|
| 64 |
If you are using the apt-get package manager, use the line for
|
| 65 |
sources.list as given below:
|
| 66 |
|
| 67 |
apt-get update
|
| 68 |
will update the internal database
|
| 69 |
apt-get upgrade
|
| 70 |
will install corrected packages
|
| 71 |
|
| 72 |
You may use an automated update by adding the resources from the
|
| 73 |
footer to the proper configuration.
|
| 74 |
|
| 75 |
|
| 76 |
Debian GNU/Linux 4.0 alias etch
|
| 77 |
--------------------------------
|
| 78 |
|
| 79 |
|
| 80 |
These files will probably be moved into the stable distribution on
|
| 81 |
its next update.
|
| 82 |
|
| 83 |
---------------------------------------------------------------------------------
|
| 84 |
For apt-get: deb http://security.debian.org/ etch/updates main
|
| 85 |
For dpkg-ftp: ftp://security.debian.org/debian-security dists/etch/updates/main
|
| 86 |
Mailing list: debian-security-announce@lists.debian.org
|
| 87 |
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
|
Parent Directory
| 
Revision Log