User: Password:
Subscribe / Log in / New account

Debian alert DSA-2310-1 (linux-2.6)

From:  dann frazier <>
Subject:  [SECURITY] [DSA 2310-1] linux-2.6 security update
Date:  Thu, 22 Sep 2011 16:48:48 -0600
Message-ID:  <>
Archive-link:  Article, Thread

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2310-1 dann frazier September 22, 2011 - ------------------------------------------------------------------------- Package : linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2009-4067 CVE-2011-0712 CVE-2011-1020 CVE-2011-2209 CVE-2011-2211 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2525 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191 Debian Bug : 633738 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4067 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for Auerswald PBX/System Telephone USB devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device. CVE-2011-0712 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq module, a USB driver for Native Instruments USB audio devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device. CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. CVE-2011-2209 Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the alpha architecture. Local users could obtain access to sensitive kernel memory. CVE-2011-2211 Dan Rosenberg discovered an issue in the osf_wait4() system call on the alpha architecture permitting local users to gain elevated privileges. CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop. CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (cpu time and memory). CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths. CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert. CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message. CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session. CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service. This update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768 (Debian: #633738) For the oldstable distribution (lenny), this problem has been fixed in version 2.6.26-26lenny4. Updates for arm and alpha are not yet available, but will be released as soon as possible. Updates for the hppa and ia64 architectures will be included in the upcoming 5.0.9 point release. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+26lenny4 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. These updates will not become active until after your system is rebooted. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: Mailing list: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJOe7rIAAoJEBv4PF5U/IZAwr4QAKWBSdhvlgEUiCsO6oPc5c0T KtoGcYZRCypiSzQPSuW+tjwJpkAQD9XJYiPC7E3to19NHGQBMhjauFsr/8bfeftC 8JInvnqymOwLzOd8/Gv6fJ3NadLdDZQgrov72KYKS7ZtRR0fc0o/kiRB5Ol1BwUd dFktxgR5K2NZpAdexzUF7e1GMyAMiKQr3zDvebSE8D2h0RFi1a/gjn1zvIjVbCzD lbqK11Owz4fiZ22oTyJmd/P0j/CzCkQoEFopSJzMQCi0/yr5bKfmXv99WSFgvIh4 fnf7GGrZtwWL21+PcuNPdhIN21GSE6OWntflfoPNzr56qPZg83HU8LjgMcI7btmD 1bCOGDRP2CIgIT4RG9vG0Pj9Bo7f+yaR3Z8Gt6pVSi+lWKSAxyKNL8ig1ItPYD/r lK37jkHQ2p3XfGgEZA1nSFpFnarWDF77mREd/7Kk6zG7Zw9V8Nn/s39V2NrDXNCO KvuloB0nbWAR0RuwSGRtBHPrxmuRDO6ILwjMeGzMqyn8OfWTmjCpH3mdSNjkp+fO vLJDbljvhxTYn/lwsMfClfCdyy1ELSQFfGKc5lZE13lh2NqpB6b2BTUI+kCeV2Op 4hMJhQDwnXptNeAkL7ZnltCtWUjGvJT6NV3g8KdMTBdFfKuxbh/ahS4P4BmwiuE4 P1GRA7vke6qqsHvPGBoA =66e/ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to with a subject of "unsubscribe". Trouble? Contact Archive:

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds