Jan Lühr wrote: > things seem to be in a rush right now, and I'm looking for a little overview. > In the past 1-2 months several kernel exploits rushed through the news that > might / can / probably will affect debian stable. However, I haven't seen any > signle DSA regarding the following issues: Can you please give me an > overview: Which problems do affected kernel-source-2,4.18? - If so, what is > the current status of the according DSA? I'm afraid that I can only tell you the status of 2.6.8 and 2.4.27 in unstable/testing. AFAIK there have not been DSAs for any of these to fix stable, and I don't know which ones really affect stable. Probably most of them. Some of the information below may be incorrect, the kernel team knows better than I. > CAN-2005-0001 "Linux kernel i386 SMP page fault handler privilege escalation": > http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt (I'm not runnig > SMP ;) The kernel team are aware of it, I expect a fix will be uploaded soon for unstable. > CAN-2004-1235 "Linux kernel uselib() privilege elevation" > http://isec.pl/vulnerabilities/isec-0021-uselib.txt (Sounds scary PoC Code is > included, seems to be discussed here) Fixed in kernel-source-2.6.8 2.6.9-5 and kernel-source-2.4.27 2.4.27-8 (which should be released today or so), and the kernel-image packages indirectly built from them. > CAN-2004-1137 "Linux kernel IGMP vulnerabilities" (Sounds really scary. Are we > effected? Debian Woody seems to be uneffected, but what about sarge / sid?) > http://isec.pl/vulnerabilities/isec-0018-igmp.txt Fixed in kernel-source-2.4.27 2.4.27-7. > CAN-2004-1016 "Linux kernel scm_send local DoS" > http://isec.pl/vulnerabilities/isec-0019-scm.txt Also fixed in kernel-source-2.4.27 2.4.27-7. > Georgi Guninski security advisory #72, 2004 "Fun with the linux kernel > (2.6,2.4)" > http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html This is CAN-2004-1333 and was fixed in kernel-source-2.6.8 2.6.8-11. AFAIK 2.4 is not yet fixed. > grsecurity 2.1.0 > http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0070.html > gives on scary / FUD-ish view on the linux kernel. Without discussing their > thesis in detail, are patches available? Is kernel-source-2.4.18 affected? I don't think CANs have yet been assigned for those holes. A few others you left out: CAN-2004-1337 Apparently only affects 2.6, we're not very vulnerable since the module is loaded by the initrd. Not yet fixed. CAN-2004-1335 Fixed in kernel-source-2.6.8. 2.4 is not fixed. CAN-2004-1234 Does not affect sarge since we have a kernel > 2.4.25. CAN-2004-1191 Should not affect our 2.4 kernel since it was fixed in 2.4.27. Probably our 2.6.8 kernel is vulnerable. CAN-2004-1190 Could be SuSE specific, unclear and not enough info. CAN-2004-1151 My notes indicate that this was fixed in svn at some point, but I can't find the fix now. CAN-2004-1144 Amd64 specific, don't know if we're vulnerable. CAN-2004-1074 Fixed in kernel-source-2.6.8 2.6.8-11, kernel-source-2.4.27 2.4.27-7, and te binary packages uild from them. CAN-2004-1073 CAN-2004-1072 CAN-2004-1071 CAN-2004-1070 2.6.8 and 2.4.27 are not vulnerable to these. CAN-2004-1069 Only affects 2.6. Fixed in kernel-source-2.6.8 2.6.8-11. CAN-2004-1068 Fixed in kernel-source-2.4.27 2.4.27-7, kernel-source-2.6.8 2.6.8-11. CAN-2004-1058 AFAIK it's unfixed. CAN-2004-1056 Fixed in kernel-source-2.4.27 2.4.27-8 (not yet released), kernel-source-2.6.8 2.6.8-11. CAN-2004-1017 Unknown. CAN-2004-1016 Fixed in kernel-image-2.4.27-i386 2.4.27-7. CAN-2004-0949 Fixed in 2.4.27, but 2.6.8 may still be vulnerable. CAN-2004-0887 s390 specific. Fixed in linux-kernel-image-2.6.8-s390 2.6.8-3, kernel-source-2.6.8 2.6.8-10 CAN-2004-0883 Unknown. CAN-2004-0814 Fixed in kernel-source-2.6.8 2.6.8-8, kernel-source-2.4.27 2.4.27-7 CAN-2004-0813 Fixed in recent 2.6 and 2.4 kernels. CAN-2004-0685 Unknown. CAN-2004-0596 Unknown. CAN-2003-0465 May be unfixed in our 2.4.27 kernel on some arches (bug #280492) i386 and ppc32 are ok. 2.6 fixed. -- see shy jo, wondering when the kernel security silly season closes
Attachment:
signature.asc
Description: Digital signature