Re: [SECURITY] [DSA 2153-1] linux-2.6 security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2153-1] linux-2.6 security update
From: Kai Moritz <kai@coolibri.de>
Date: Sun, 30 Jan 2011 14:30:13 +0100
Message-id: <[🔎] 1296394213.8789.1.camel@macbook>
In-reply-to: <20110130064204.GA21460@dannf.org>
References: <20110130064204.GA21460@dannf.org>
Hast du die schon eingespielt?
Komischer Weise wird mir das Update nicht mehr angeboten,
aber /cat/proc/version zeigt noch die alte Kernel-Version an!
Oder hast du die Pakete schon eingespielt, aber die Server noch nicht
rebootet (was man ja besser auch mal Nachts machen sollte)?


Am Sonntag, den 30.01.2011, 00:42 -0600 schrieb dann frazier:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2153-1                   security@debian.org
> http://www.debian.org/security/                              dann frazier
> January 30, 2011                       http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : linux-2.6
> Vulnerability  : privilege escalation/denial of service/information leak
> Problem type   : local/remote
> Debian-specific: no
> CVE Id(s)      : CVE-2010-0435 CVE-2010-3699 CVE-2010-4158 CVE-2010-4162 
>                  CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248 
>                  CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346 
>                  CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565 
>                  CVE-2010-4649 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521
> 
> Several vulnerabilities have been discovered in the Linux kernel that may lead
> to a privilege escalation, denial of service or information leak.  The Common
> Vulnerabilities and Exposures project identifies the following problems:
> 
> CVE-2010-0435
> 
>     Gleb Napatov reported an issue in the KVM subsystem that allows virtual
>     machines to cause a denial of service of the host machine by executing mov
>     to/from DR instructions.
> 
> CVE-2010-3699
> 
>     Keir Fraser provided a fix for an issue in the Xen subsystem. A guest can
>     cause a denial of service on the host by retaining a leaked reference to a
>     device. This can result in a zombie domain, xenwatch process hangs, and xm
>     command failures.
> 
> CVE-2010-4158
> 
>     Dan Rosenberg discovered an issue in the socket filters subsystem, allowing
>     local unprivileged users to obtain the contents of sensitive kernel memory.
> 
> CVE-2010-4162
> 
>     Dan Rosenberg discovered an overflow issue in the block I/O subsystem that
>     allows local users to map large numbers of pages, resulting in a denial of
>     service due to invocation of the out of memory killer.
> 
> CVE-2010-4163
> 
>     Dan Rosenberg discovered an issue in the block I/O subsystem. Due to
>     improper validation of iov segments, local users can trigger a kernel panic
>     resulting in a denial of service.
> 
> CVE-2010-4242
> 
>     Alan Cox reported an issue in the Bluetooth subsystem. Local users with
>     sufficient permission to access HCI UART devices can cause a denial of
>     service (NULL pointer dereference) due to a missing check for an existing
>     tty write operation.
> 
> CVE-2010-4243
> 
>     Brad Spengler reported a denial-of-service issue in the kernel memory
>     accounting system. By passing large argv/envp values to exec, local users
>     can cause the out of memory killer to kill processes owned by other users.
> 
> CVE-2010-4248
> 
>     Oleg Nesterov reported an issue in the POSIX CPU timers subsystem. Local
>     users can cause a denial of service (Oops) due to incorrect assumptions
>     about thread group leader behavior.
> 
> CVE-2010-4249
> 
>     Vegard Nossum reported an issue with the UNIX socket garbage collector.
>     Local users can consume all of LOWMEM and decrease system performance by
>     overloading the system with inflight sockets.
> 
> CVE-2010-4258
> 
>     Nelson Elhage reported an issue in Linux oops handling. Local users may be
>     able to obtain elevated privileges if they are able to trigger an oops with
>     a process' fs set to KERNEL_DS.
> 
> CVE-2010-4342
> 
>     Nelson Elhage reported an issue in the econet protocol. Remote attackers can
>     cause a denial of service by sending an Acorn Universal Networking packet
>     over UDP.
> 
> CVE-2010-4346
> 
>     Tavis Ormandy discovered an issue in the install_special_mapping routine
>     which allows local users to bypass the mmap_min_addr security restriction.
>     Combined with an otherwise low severity local denial of service
>     vulnerability (NULL pointer dereference), a local user could obtain elevated
>     privileges.
> 
> CVE-2010-4526
> 
>     Eugene Teo reported a race condition in the Linux SCTP implementation.
>     Remote users can cause a denial of service (kernel memory corruption) by
>     transmitting an ICMP unreachable message to a locked socket.
> 
> CVE-2010-4527
> 
>     Dan Rosenberg reported two issues in the OSS soundcard driver. Local users
>     with access to the device (members of group 'audio' on default Debian
>     installations) may contain access to sensitive kernel memory or cause a
>     buffer overflow, potentially leading to an escalation of privileges.
> 
> CVE-2010-4529
> 
>     Dan Rosenberg reported an issue in the Linux kernel IrDA socket
>     implementation on non-x86 architectures. Local users may be able to gain
>     access to sensitive kernel memory via a specially crafted IRLMP_ENUMDEVICES
>     getsockopt call.
> 
> CVE-2010-4565
> 
>     Dan Rosenberg reported an issue in the Linux CAN protocol implementation.
>     Local users can obtain the address of a kernel heap object which might help
>     facilitate system exploitation.
> 
> CVE-2010-4649
> 
>     Dan Carpenter reported an issue in the uverb handling of the InfiniBand
>     subsystem. A potential buffer overflow may allow local users to cause a
>     denial of service (memory corruption) by passing in a large cmd.ne value.
> 
> CVE-2010-4656
> 
>     Kees Cook reported an issue in the driver for I/O-Warrior USB devices.
>     Local users with access to these devices maybe able to overrun kernel
>     buffers, resulting in a denial of service or privilege escalation.
> 
> CVE-2010-4668
> 
>     Dan Rosenberg reported an issue in the block subsystem. A local user can
>     cause a denial of service (kernel panic) by submitting certain 0-length I/O
>     requests.
> 
> CVE-2011-0521
> 
>     Dan Carpenter reported an issue in the DVB driver for AV7110 cards.  Local
>     users can pass a negative info->num value, corrupting kernel memory and
>     causing a denial of service.
> 
> For the stable distribution (lenny), this problem has been fixed in
> version 2.6.26-26lenny2.
> 
> The following matrix lists additional source packages that were rebuilt for
> compatibility with or to take advantage of this update:
> 
>                                              Debian 5.0 (lenny)
>      user-mode-linux                         2.6.26-1um-2+26lenny2
> 
> We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
> 
> Note that these updates will not become active until after your system is
> rebooted.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> 
> iQIcBAEBCAAGBQJNRQQVAAoJEBv4PF5U/IZAH/4P/RxhngAjXnE7T6V2ReVQ7U0U
> qh0NKKHfEUIRmK6v4t3LkKiVTDswArOUtt3JUThs9J/TgLJjQyAIjOAQWk7Hgy6G
> 5BNyCkndO5X2Cfl1Q69NhPljpjPD5emyqytw39Q0MyTWQf91DpXz+sgmozij52nk
> cR1pl7UcCzUozr5DVgNTOtuRjbgavSiuEXwpfDF9rX7+I+zkLyfs70uH3FcNvK0k
> fcl6rFTG25pGGHyEC9uW5VfZ/EKJn1QFlxabwACvxL/sODQtGg7obWFvxYKUSuBh
> 7yRfsxOaZeKPco7SLG0aI4JAk7rpRgAkbpPq2/su/LtOXsP67xuus0X1O4scp+eW
> PojK7ESyE89GCoVCHEVqh1HjQW3OeBea0j9oLWHe4K0enswcpc2b3MzvOXf0lU53
> hx1QTzMGHcH19a/LDDZ5AtdP2mkxSChOFAvQMBJW0fAu4Dd/w7VxwK2znMg3UnR+
> uRsLlYk75jlKjlZ2Ol1E/KHmW2RP/Msn9HgWxywvMPaFoOcwZhDPUKl+H5uEhux6
> prHCrL70Uo/MwSp6N3u2qH2Rtkk8OK1OdefdMp+/Tn7AHu4FlbqMKI41OFOtLxME
> wkXSy//QGPm/pLNOsd4Jp8AtC/2UeHNv1m46GgiCGGvc7fngKIpBgQLst1pgWsjZ
> MC+/ZgUkQGUrY/0pi/dN
> =wlsd
> -----END PGP SIGNATURE-----
> 
> 

-- 
Kai Moritz
Entwicklung

Telefon: 0234/7090883
Mobil: 0176/20504747

E-Mail: kai@coolibri.de


---------------------------------------------------------
coolibri Büro in Bochum:

Telefon: 0234/93737-0
Fax: 0234/93737-99

E-Mail: info@coolibri.de

coolibri - Deutschlands meistgelesene Stadtillustrierte, 279.000 Leser
pro Ausgabe (AWA 2009)

www.coolibri.de - Freizeitverführer Metropole West

coolibri, Sponsorpartner von RUHR.2010

Roland Scherer Verlags- und Werbeservice GmbH
Ehrenfeldstr. 34
44789 Bochum
---------------------------------------------------------
Sitz der Gesellschaft: Bochum
Registergericht: Amtsgericht Bochum HRB 3259
Geschäftsführer: Roland Scherer
Reply to:
Prev by Date: Re: [SECURITY] [DSA-2154-1] exim4 security update
Next by Date: Re: [SECURITY] [DSA-2154-1] exim4 security update
Previous by thread: Re: [SECURITY] [DSA-2154-1] exim4 security update
Next by thread: regression in exim4 DSA-2154-1
Index(es):
- Date
- Thread