[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DESA-2008-001: linux-2.6 -- missing access checks

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2008-001
http://www.skolelinux.org/security/                  Morten Werner Forsbring
February 11th, 2008              debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : linux-2.6
Vulnerability       : missing access checks
Problem-Type        : local
Need reboot         : yes
Debian-Edu-specific : no
CVE ID              : CVE-2008-0010 CVE-2008-0163 CVE-2008-0600
DSA ID              : DSA-1494-1

The vulnerability described in this DESA affects Debian Edu/Skolelinux
3.0 (codename terra) based on Debian GNU/Linux 4.0 (codename etch).

An internal system call in ther Linux-kernel did not properly verify
address arguments passed by user space processes. This can be used to
gain root privileges. For the details, please take a look at the DSA
from Debian:


We recommend that you upgrade your kernel packages to the new 2.6.18
packages built for Debian immidiately and then reboot your system(s).

Upgrade Instructions
- --------------------

Make sure 'deb http://security.debian.org/debian etch/updates main' or
similar is present in your /etc/apt/sources.list and run 'aptitude update' 
to update your package lists.

Find which flavour of the kernel you are running with the command
'uname -r' (examples: 386, 586tsc, 686, 686-smp, k6, k7, k7-smp).

To upgrade, run this command replacing <flavour> with yours:

  aptitude install linux-image-2.6.18-6-<flavour>

Remember that you have to reboot your system(s) after upgrading this
package. If you are unfamiliar with kernel upgrades, please visit our
mini-HOWTO on this subject:


- --------------------------------------------------------------------------
Mailing lists: debian-edu-announce@lists.debian.org
Package info: `apt-cache show <pkg>'

Attachment: signature.asc
Description: Digital signature

Reply to: