Re: [SECURITY] [DSA 2153-1] linux-2.6 security update
Hast du die schon eingespielt?
Komischer Weise wird mir das Update nicht mehr angeboten,
aber /cat/proc/version zeigt noch die alte Kernel-Version an!
Oder hast du die Pakete schon eingespielt, aber die Server noch nicht
rebootet (was man ja besser auch mal Nachts machen sollte)?
Am Sonntag, den 30.01.2011, 00:42 -0600 schrieb dann frazier:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2153-1 security@debian.org
> http://www.debian.org/security/ dann frazier
> January 30, 2011 http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : linux-2.6
> Vulnerability : privilege escalation/denial of service/information leak
> Problem type : local/remote
> Debian-specific: no
> CVE Id(s) : CVE-2010-0435 CVE-2010-3699 CVE-2010-4158 CVE-2010-4162
> CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248
> CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346
> CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565
> CVE-2010-4649 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521
>
> Several vulnerabilities have been discovered in the Linux kernel that may lead
> to a privilege escalation, denial of service or information leak. The Common
> Vulnerabilities and Exposures project identifies the following problems:
>
> CVE-2010-0435
>
> Gleb Napatov reported an issue in the KVM subsystem that allows virtual
> machines to cause a denial of service of the host machine by executing mov
> to/from DR instructions.
>
> CVE-2010-3699
>
> Keir Fraser provided a fix for an issue in the Xen subsystem. A guest can
> cause a denial of service on the host by retaining a leaked reference to a
> device. This can result in a zombie domain, xenwatch process hangs, and xm
> command failures.
>
> CVE-2010-4158
>
> Dan Rosenberg discovered an issue in the socket filters subsystem, allowing
> local unprivileged users to obtain the contents of sensitive kernel memory.
>
> CVE-2010-4162
>
> Dan Rosenberg discovered an overflow issue in the block I/O subsystem that
> allows local users to map large numbers of pages, resulting in a denial of
> service due to invocation of the out of memory killer.
>
> CVE-2010-4163
>
> Dan Rosenberg discovered an issue in the block I/O subsystem. Due to
> improper validation of iov segments, local users can trigger a kernel panic
> resulting in a denial of service.
>
> CVE-2010-4242
>
> Alan Cox reported an issue in the Bluetooth subsystem. Local users with
> sufficient permission to access HCI UART devices can cause a denial of
> service (NULL pointer dereference) due to a missing check for an existing
> tty write operation.
>
> CVE-2010-4243
>
> Brad Spengler reported a denial-of-service issue in the kernel memory
> accounting system. By passing large argv/envp values to exec, local users
> can cause the out of memory killer to kill processes owned by other users.
>
> CVE-2010-4248
>
> Oleg Nesterov reported an issue in the POSIX CPU timers subsystem. Local
> users can cause a denial of service (Oops) due to incorrect assumptions
> about thread group leader behavior.
>
> CVE-2010-4249
>
> Vegard Nossum reported an issue with the UNIX socket garbage collector.
> Local users can consume all of LOWMEM and decrease system performance by
> overloading the system with inflight sockets.
>
> CVE-2010-4258
>
> Nelson Elhage reported an issue in Linux oops handling. Local users may be
> able to obtain elevated privileges if they are able to trigger an oops with
> a process' fs set to KERNEL_DS.
>
> CVE-2010-4342
>
> Nelson Elhage reported an issue in the econet protocol. Remote attackers can
> cause a denial of service by sending an Acorn Universal Networking packet
> over UDP.
>
> CVE-2010-4346
>
> Tavis Ormandy discovered an issue in the install_special_mapping routine
> which allows local users to bypass the mmap_min_addr security restriction.
> Combined with an otherwise low severity local denial of service
> vulnerability (NULL pointer dereference), a local user could obtain elevated
> privileges.
>
> CVE-2010-4526
>
> Eugene Teo reported a race condition in the Linux SCTP implementation.
> Remote users can cause a denial of service (kernel memory corruption) by
> transmitting an ICMP unreachable message to a locked socket.
>
> CVE-2010-4527
>
> Dan Rosenberg reported two issues in the OSS soundcard driver. Local users
> with access to the device (members of group 'audio' on default Debian
> installations) may contain access to sensitive kernel memory or cause a
> buffer overflow, potentially leading to an escalation of privileges.
>
> CVE-2010-4529
>
> Dan Rosenberg reported an issue in the Linux kernel IrDA socket
> implementation on non-x86 architectures. Local users may be able to gain
> access to sensitive kernel memory via a specially crafted IRLMP_ENUMDEVICES
> getsockopt call.
>
> CVE-2010-4565
>
> Dan Rosenberg reported an issue in the Linux CAN protocol implementation.
> Local users can obtain the address of a kernel heap object which might help
> facilitate system exploitation.
>
> CVE-2010-4649
>
> Dan Carpenter reported an issue in the uverb handling of the InfiniBand
> subsystem. A potential buffer overflow may allow local users to cause a
> denial of service (memory corruption) by passing in a large cmd.ne value.
>
> CVE-2010-4656
>
> Kees Cook reported an issue in the driver for I/O-Warrior USB devices.
> Local users with access to these devices maybe able to overrun kernel
> buffers, resulting in a denial of service or privilege escalation.
>
> CVE-2010-4668
>
> Dan Rosenberg reported an issue in the block subsystem. A local user can
> cause a denial of service (kernel panic) by submitting certain 0-length I/O
> requests.
>
> CVE-2011-0521
>
> Dan Carpenter reported an issue in the DVB driver for AV7110 cards. Local
> users can pass a negative info->num value, corrupting kernel memory and
> causing a denial of service.
>
> For the stable distribution (lenny), this problem has been fixed in
> version 2.6.26-26lenny2.
>
> The following matrix lists additional source packages that were rebuilt for
> compatibility with or to take advantage of this update:
>
> Debian 5.0 (lenny)
> user-mode-linux 2.6.26-1um-2+26lenny2
>
> We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
>
> Note that these updates will not become active until after your system is
> rebooted.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQIcBAEBCAAGBQJNRQQVAAoJEBv4PF5U/IZAH/4P/RxhngAjXnE7T6V2ReVQ7U0U
> qh0NKKHfEUIRmK6v4t3LkKiVTDswArOUtt3JUThs9J/TgLJjQyAIjOAQWk7Hgy6G
> 5BNyCkndO5X2Cfl1Q69NhPljpjPD5emyqytw39Q0MyTWQf91DpXz+sgmozij52nk
> cR1pl7UcCzUozr5DVgNTOtuRjbgavSiuEXwpfDF9rX7+I+zkLyfs70uH3FcNvK0k
> fcl6rFTG25pGGHyEC9uW5VfZ/EKJn1QFlxabwACvxL/sODQtGg7obWFvxYKUSuBh
> 7yRfsxOaZeKPco7SLG0aI4JAk7rpRgAkbpPq2/su/LtOXsP67xuus0X1O4scp+eW
> PojK7ESyE89GCoVCHEVqh1HjQW3OeBea0j9oLWHe4K0enswcpc2b3MzvOXf0lU53
> hx1QTzMGHcH19a/LDDZ5AtdP2mkxSChOFAvQMBJW0fAu4Dd/w7VxwK2znMg3UnR+
> uRsLlYk75jlKjlZ2Ol1E/KHmW2RP/Msn9HgWxywvMPaFoOcwZhDPUKl+H5uEhux6
> prHCrL70Uo/MwSp6N3u2qH2Rtkk8OK1OdefdMp+/Tn7AHu4FlbqMKI41OFOtLxME
> wkXSy//QGPm/pLNOsd4Jp8AtC/2UeHNv1m46GgiCGGvc7fngKIpBgQLst1pgWsjZ
> MC+/ZgUkQGUrY/0pi/dN
> =wlsd
> -----END PGP SIGNATURE-----
>
>
--
Kai Moritz
Entwicklung
Telefon: 0234/7090883
Mobil: 0176/20504747
E-Mail: kai@coolibri.de
---------------------------------------------------------
coolibri Büro in Bochum:
Telefon: 0234/93737-0
Fax: 0234/93737-99
E-Mail: info@coolibri.de
coolibri - Deutschlands meistgelesene Stadtillustrierte, 279.000 Leser
pro Ausgabe (AWA 2009)
www.coolibri.de - Freizeitverführer Metropole West
coolibri, Sponsorpartner von RUHR.2010
Roland Scherer Verlags- und Werbeservice GmbH
Ehrenfeldstr. 34
44789 Bochum
---------------------------------------------------------
Sitz der Gesellschaft: Bochum
Registergericht: Amtsgericht Bochum HRB 3259
Geschäftsführer: Roland Scherer
Reply to: