Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: dann frazier <dannf <at> debian.org>
Subject: [DSA 2240-1] linux-2.6 security update
Newsgroups: gmane.linux.debian.user.security.announce
Date: Wednesday 25th May 2011 05:22:29 UTC (over 5 years ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-2240-1                [email protected]
http://www.debian.org/security/ 
                         dann frazier
May 24, 2011                        http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package        : linux-2.6
Vulnerability  : privilege escalation/denial of service/information leak
Problem type   : local/remote
Debian-specific: no
CVE Id(s)      : CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726
                 CVE-2011-1016 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080
                 CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170
                 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180
                 CVE-2011-1182 CVE-2011-1476 CVE-2011-1477 CVE-2011-1478
                 CVE-2011-1493 CVE-2011-1494 CVE-2011-1495 CVE-2011-1585
                 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746
                 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1770
                 CVE-2011-1776 CVE-2011-2022
Debian Bug(s)  : 
                 
Several vulnerabilities have been discovered in the Linux kernel that may
lead
to a denial of service or privilege escalation. The Common Vulnerabilities
and
Exposures project identifies the following problems:

CVE-2010-3875

    Vasiliy Kulikov discovered an issue in the Linux implementation of the
    Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to
    sensitive kernel memory.

CVE-2011-0695

    Jens Kuehnel reported an issue in the InfiniBand stack. Remote
attackers can
    exploit a race condition to cause a denial of service (kernel panic).

CVE-2011-0711

    Dan Rosenberg reported an issue in the XFS filesystem. Local users may
    obtain access to sensitive kernel memory.

CVE-2011-0726

    Kees Cook reported an issue in the /proc/pid/stat implementation. Local
    users could learn the text location of a process, defeating protections
    provided by address space layout randomization (ASLR).

CVE-2011-1016

    Marek Olšák discovered an issue in the driver for ATI/AMD Radeon
video
    chips. Local users could pass arbitrary values to video memory and the
    graphics translation table, resulting in denial of service or escalated
    privileges. On default Debian installations, this is exploitable only
by
    members of the 'video' group.

CVE-2011-1078

    Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local
users
    can obtain access to sensitive kernel memory.

CVE-2011-1079

    Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local
users
    with the CAP_NET_ADMIN capability can cause a denial of service (kernel
    Oops).
    
CVE-2011-1080

    Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local
users
    can obtain access to sensitive kernel memory.

CVE-2011-1090

    Neil Horman discovered a memory leak in the setacl() call on NFSv4
    filesystems. Local users can explot this to cause a denial of service
    (Oops).

CVE-2011-1160

    Peter Huewe reported an issue in the Linux kernel's support for TPM
security
    chips. Local users with permission to open the device can gain access
to
    sensitive kernel memory.

CVE-2011-1163

    Timo Warns reported an issue in the kernel support for Alpha OSF format
disk
    partitions. Users with physical access can gain access to sensitive
kernel
    memory by adding a storage device with a specially crafted OSF
partition.

CVE-2011-1170

    Vasiliy Kulikov reported an issue in the Netfilter arp table
    implementation. Local users with the CAP_NET_ADMIN capability can gain
    access to sensitive kernel memory.

CVE-2011-1171

    Vasiliy Kulikov reported an issue in the Netfilter IP table
    implementation. Local users with the CAP_NET_ADMIN capability can gain
    access to sensitive kernel memory.
    
CVE-2011-1172

    Vasiliy Kulikov reported an issue in the Netfilter IP6 table
    implementation. Local users with the CAP_NET_ADMIN capability can gain
    access to sensitive kernel memory.
    
CVE-2011-1173

    Vasiliy Kulikov reported an issue in the Acorn Econet protocol
    implementation. Local users can obtain access to sensitive kernel
memory on
    systems that use this rare hardware.

CVE-2011-1180

    Dan Rosenberg reported a buffer overflow in the Information Access
Service
    of the IrDA protocol, used for Infrared devices. Remote attackers
within IR
    device range can cause a denial of service or possibly gain elevated
    privileges.

CVE-2011-1182

    Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local
    users can generate signals with falsified source pid and uid
information.

CVE-2011-1476

    Dan Rosenberg reported issues in the Open Sound System MIDI interface
that
    allow local users to cause a denial of service. This issue does not
affect
    official Debian Linux image packages as they no longer provide support
for
    OSS.  However, custom kernels built from Debians linux-source-2.6.32
may
    have enabled this configuration and would therefore be vulnerable.

CVE-2011-1477

    Dan Rosenberg reported issues in the Open Sound System driver for cards
that
    include a Yamaha FM synthesizer chip. Local users can cause memory
    corruption resulting in a denial of service. This issue does not affect
    official Debian Linux image packages as they no longer provide support
for
    OSS.  However, custom kernels built from Debians linux-source-2.6.32
may
    have enabled this configuration and would therefore be vulnerable.

CVE-2011-1478

    Ryan Sweat reported an issue in the Generic Receive Offload (GRO)
support in
    the Linux networking subsystem. If an interface has GRO enabled and is
    running in promiscuous mode, remote users can cause a denial of service
    (NULL pointer dereference) by sending packets on an unknown VLAN.

CVE-2011-1493

    Dan Rosenburg reported two issues in the Linux implementation of the
Amateur
    Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of
service
    by providing specially crafted facilities fields.

CVE-2011-1494

    Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided
by
    the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can
obtain
    elevated privileges by specially crafted ioctl calls. On default Debian
    installations this is not exploitable as this interface is only
accessible
    to root.

CVE-2011-1495

    Dan Rosenberg reported two additional issues in the /dev/mpt2ctl
interface
    provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local
users
    can obtain elevated privileges and ready arbitrary kernel memory by
using
    specially crafted ioctl calls. On default Debian installations this is
not
    exploitable as this interface is only accessible to root.

CVE-2011-1585

    Jeff Layton reported an issue in the Common Internet File System
(CIFS).
    Local users can bypass authentication requirements for shares that are
    already mounted by another user.

CVE-2011-1593

    Robert Swiecki reported a signednes issue in the next_pidmap()
function,
    which can be exploited my local users to cause a denial of service.

CVE-2011-1598

    Dave Jones reported an issue in the Broadcast Manager Controller Area
    Network (CAN/BCM) protocol that may allow local users to cause a NULL
    pointer dereference, resulting in a denial of service.

CVE-2011-1745

    Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
    Local users can obtain elevated privileges or cause a denial of service
due
    to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian
    installations, this is exploitable only by users in the video group.

CVE-2011-1746

    Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
    Local users can obtain elevated privileges or cause a denial of service
due
    to missing bounds checking in the agp_allocate_memory and
    agp_create_user_memory. On default Debian installations, this is
exploitable
    only by users in the video group.

CVE-2011-1748

    Oliver Kartkopp reported an issue in the Controller Area Network (CAN)
raw
    socket implementation which permits ocal users to cause a NULL pointer
    dereference, resulting in a denial of service.
    
CVE-2011-1759

    Dan Rosenberg reported an issue in the support for executing "old ABI"
    binaries on ARM processors. Local users can obtain elevated privileges
due
    to insufficient bounds checking in the semtimedop system call.

CVE-2011-1767

    Alexecy Dobriyan reported an issue in the GRE over IP implementation.
    Remote users can cause a denial of service by sending a packet during
module
    initialization.

CVE-2011-1770

    Dan Rosenberg reported an issue in the Datagram Congestion Control
Protocol
    (DCCP). Remote users can cause a denial of service or potentially
obtain
    access to sensitive kernel memory.

CVE-2011-1776

    Timo Warns reported an issue in the Linux implementation for GUID
    partitions. Users with physical access can gain access to sensitive
kernel
    memory by adding a storage device with a specially crafted corrupted
invalid
    partition table.

CVE-2011-2022

    Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
    Local users can obtain elevated privileges or cause a denial of service
due
    to missing bounds checking in the AGPIOC_UNBIND ioctl. On default
Debian
    installations, this is exploitable only by users in the video group.

This update also includes changes queued for the next point release of
Debian 6.0, which also fix various non-security issues. These additional
changes are described in the package changelog which can be viewed at:

  http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-34/changelog

For the stable distribution (squeeze), this problem has been fixed in
version
2.6.32-34squeeze1. Updates for issues impacting the oldstable distribution
(lenny) will be available soon.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

                                             Debian 6.0 (squeeze)
     user-mode-linux                         2.6.32-1um-4+34squeeze1

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJN3I4aAAoJEBv4PF5U/IZAaa4P/j+l40Mp6naHByZt3jpwNWSA
RN/jkkrYnYNDyT7crB+/DOdu84zalYa2KqfffOd/faV9+NSCBayjJ5c+FvVgeTay
Il8elfcWP/uK0BXJn2xVb7YAsLpIe0HRlhxe72ZqcT4Yxo1/IBnEpUS56JRd2tlA
k7x7dbj+smlzlM4qiXQy1F6LNyDqoGDUKNohQHUoyQ5dGq/gdi3C7EnUs4Nx9vjK
RU1HUWLXB4qm7JpoK6o3u6Hpe0ynZm74tYvTi0XhayGXGevaBvIQuEWqhY6gZF1P
v6a5gvBQC2pRIQXAVUbAhjoXpuF5jahTgicLdJanDqLfhefQ3qV11Ahvui2lzZuT
iKbMVGzO/azPLzskH8YNBq6drFPX2ZqRsxGmrTdzEtLWnJCN6nBBe4kF6C3z5T1A
1ez4/F+OhNl2wnimq3CxiyfXun9WWs6IlULpqsKgJjE4bItg5a8+zTYGjkhQxX+X
fPzO1xZCtQK4i+59Ejs5FwIfps0fA0m8c1Z5bnIaj4Q+0X5sJt2kwws8yrQKoOH1
eKGOgRqM70rOnyW/TQtXDGnTC4+vCCv89UjZUpG+sxZtWUxeh8CL2scUyceTeSNC
IS2+EgvilN+a3hQlYJH4YNshmQCtJDp7qMTLaXLHM9hoV1L383nbJV4AtrFlcsCO
KRI5f0ds95H6TsEoTSmO
=gx2x
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact
[email protected]
Archive: http:[email protected]
 
CD: 5ms