Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1363-1 security@debian.org
http://www.debian.org/security/
Dann Frazier
August 31st, 2007
http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : linux-2.6
Vulnerability : several
Problem-Type : local/remote
Debian-specific: no
CVE ID : CVE-2007-2172 CVE-2007-2875 CVE-2007-3105 CVE-2007-3843
CVE-2007-4308
Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-2172
Thomas Graf reported a typo in the IPV4 protocol handler that could
be used by a local attacker to overrun an array via crafted packets,
potentially resulting in a Denial of Service (system crash).
The DECnet counterpart of this issue was already fixed in DSA-1356.
CVE-2007-2875
iDefense reported a potential integer underflow in the cpuset filesystem
which may permit local attackers to gain access to sensitive kernel
memory. This vulnerability is only exploitable if the cpuset filesystem
is mounted.
CVE-2007-3105
The PaX Team discovered a potential buffer overflow in the random number
generator which may permit local users to cause a denial of service or
gain additional privileges. This issue is not believed to effect default
Debian installations where only root has sufficient privileges to exploit
it.
CVE-2007-3843
A coding error in the CIFS subsystem permits the use of unsigned messages
even if the client has been configured the system to enforce
signing by passing the sec=ntlmv2i mount option. This may allow remote
attackers to spoof CIFS network traffic.
CVE-2007-4308
Alan Cox reported an issue in the aacraid driver that allows unprivileged
local users to make ioctl calls which should be restricted to admin
privileges.
These problems have been fixed in the stable distribution in version
2.6.18.dfsg.1-13etch2.
The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:
Debian 4.0 (etch)
fai-kernels 1.17+etch5
user-mode-linux 2.6.18-1um-2etch4
We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch2.dsc
Size/MD5 checksum: 5672 0d32469058eb990ded360c98a66d027e
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch2.diff.gz
Size/MD5 checksum: 5310664 a99b3fdf8cd187d5209849229202d75c
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060
Architecture independent components:
Size/MD5 checksum: 3587232 152d52b161fda741f7cab6b52035ede0
Size/MD5 checksum: 1082150 5b702a589ad09771ade968eeba946998
Size/MD5 checksum: 1482942 c9d942021c5cacb75b443c2f63965632
Size/MD5 checksum: 41417314 6d28d791ee48f4e20a4c3c7a772298f1
Size/MD5 checksum: 3738432 570762f56596a615a46b654f9e96bda8
Size/MD5 checksum: 51396 1ab0d6ab43a0f1f87446178bf4cbb4d3
Alpha architecture:
Size/MD5 checksum: 3024442 3362559b47ea89f365eb829d1140d0f6
Size/MD5 checksum: 50860 8912d209983bbb4ec3c98f9e220ebc45
Size/MD5 checksum: 50900 0e0d1dba4b55eddde452a64878f1b4dd
Size/MD5 checksum: 263800 ee5976d624f68ba354ff4957479804d8
Size/MD5 checksum: 264146 1dc508e68a44da1852ae74cc4e19c5ec
Size/MD5 checksum: 263308 a6f1bf5783966b75519d2ca470c2b8a8
Size/MD5 checksum: 3048458 68690881006af1d143b92d944a0df512
Size/MD5 checksum: 264500 0f42477463ea486926eb7de63ec8fac2
Size/MD5 checksum: 23484708 0fba7689445cc8e35476a7672ce90492
Size/MD5 checksum: 23464946 65ea27093d7b1240c4fa0986438331ba
Size/MD5 checksum: 23838760 56bf66a83227957b6fd9292be4de67a5
Size/MD5 checksum: 23528896 4eb2f82c1f6c6de513c203fb7c3c6ec3
AMD64 architecture:
Size/MD5 checksum: 3164824 77ab8ac60831b09ca871f29a34283c29
Size/MD5 checksum: 50946 0c879cda7036bb0c06331abd09efd66e
Size/MD5 checksum: 50968 6e04f2796fd3d444d2edb23040a11ca9
Size/MD5 checksum: 270610 a4ab5371b7ba6b9cc5ad51e602800a08
Size/MD5 checksum: 3188018 d51ced41e18f919b50f9e5dedc4b8982
Size/MD5 checksum: 269428 203be35cb321fdc9df212532cc99edff
Size/MD5 checksum: 3331150 dccfb5bd23759816fb0cedc7ccf9f194
Size/MD5 checksum: 269988 2e1ee5d32a4f2b570d6a9bdd0432c39e
Size/MD5 checksum: 3353954 e8fddcfc3991315e5e9df21698a380b1
Size/MD5 checksum: 270278 14cb16db13f5b98c9e9711008a4e3e8a
Size/MD5 checksum: 16800800 81ace49f4b6b820dbe11bb9af347fcbe
Size/MD5 checksum: 16839028 9ecdf246ae8273dba14402de483bd9d2
Size/MD5 checksum: 1648098 94954f6d3525324ea1bd60dac4fbb125
Size/MD5 checksum: 1679122 a3076fb139f94d7306ed1234160d9c5b
Size/MD5 checksum: 15238998 d179d9fa6ac58664fa8f63510b5af5b8
Size/MD5 checksum: 15256744 e3ea330989570cb06b58a0af2d58111b
Size/MD5 checksum: 50916 331b40c2f98d6823d72cabccf5c5cf45
Size/MD5 checksum: 50936 8c5cabeca8417285c4d8fcbcdc3ce9bf
ARM architecture:
Size/MD5 checksum: 3407220 e11422f9cdc08a630cfb09b776a569d7
Size/MD5 checksum: 50870 3e5597986071f5628021b88da2346fa7
Size/MD5 checksum: 50912 3fbc395e8b52a66c6be50c4c271fbfc2
Size/MD5 checksum: 230098 1ccb65412d6f28cef5de3238bfc27995
Size/MD5 checksum: 231066 c7cd102b54594cc3898178ece285f27d
Size/MD5 checksum: 236422 36b2210092b2b9c64292993c8a6f5366
Size/MD5 checksum: 195080 2e3a528d4258e5d462badf6be2dc675d
Size/MD5 checksum: 199870 23cab9a989475b372cb30bad27cc7c25
Size/MD5 checksum: 7560132 8b46abeda5d10617b050f7c4b0c6b57a
Size/MD5 checksum: 7921636 9da34b30bd4485c8337b49bbbd7edfcb
Size/MD5 checksum: 8865008 1d19d9a6eee18bac9aebe32a6290f1f9
Size/MD5 checksum: 4583778 a9e7d53d61083ba3d607e0ed564671bb
Size/MD5 checksum: 5005928 c04668f93d9a315d154d5b6ad2444216
HP Precision architecture:
Size/MD5 checksum: 2964348 5128c6fe342b7172826bf40bf412623f
Size/MD5 checksum: 50942 ed399d1bf1a4b678e436de02c20e393e
Size/MD5 checksum: 50964 678e3603c2c9c228202b4c677b18e510
Size/MD5 checksum: 188708 3d7fd2fb9dcd67a808448eff59db321b
Size/MD5 checksum: 189606 f60a4b3983f5b6440d9a6e077010d31d
Size/MD5 checksum: 189354 aae3a5595e925a30ace2364d9c97666f
Size/MD5 checksum: 190038 e36e733de674a5680e6db13fda862220
Size/MD5 checksum: 10499120 3a1f8485b2329ae16791988b499d8cb2
Size/MD5 checksum: 10940720 02a9b9bbcecec33f4ef44ebcd8697ddd
Size/MD5 checksum: 11345710 8c991105b7ea074f9c7912052c9c8425
Size/MD5 checksum: 11752124 40cc795be6bbc96fe3c4e996626d970a
Intel IA-32 architecture:
Size/MD5 checksum: 3164760 565cbd97958098dceda2d4b1cf5c745e
Size/MD5 checksum: 277776 c961fda294d68a2e51f605441c077f66
Size/MD5 checksum: 277074 4b4f96d43707aff7f2566429d8ef7efa
Size/MD5 checksum: 275952 f0fe08af81997db663d8e617075f66e8
Size/MD5 checksum: 50936 8ebb41c54438c6d952f841fd5e7dfa5b
Size/MD5 checksum: 50994 8d810286dedfb3733a85cf546d29a440
Size/MD5 checksum: 269096 d0daac8a6a46d52dc7e77d1eb81e410a
Size/MD5 checksum: 275854 8660de8170a4bb5fdf475b5a0cc74206
Size/MD5 checksum: 3051096 e60e00f9d41854bfba39fd91a285d071
Size/MD5 checksum: 274500 8785bcd9051ce0a09530a3cd853276d8
Size/MD5 checksum: 274308 07142e47b9e89767c577aaf0f7616bfd
Size/MD5 checksum: 3145454 ad4083e2b92c9519d6faff8f27fcd778
Size/MD5 checksum: 269466 6d91c72b916c6adf77c3e36dfc13c35f
Size/MD5 checksum: 3167544 719e11c2137303882aaa17857fa9c1e7
Size/MD5 checksum: 270048 273d4828e07cb65577f49c9f99fefe30
Size/MD5 checksum: 16170472 156df9018bb9cf1d60acf11da0dc8906
Size/MD5 checksum: 16319626 d0138f70da473b8f8c41402a0b836736
Size/MD5 checksum: 16385140 ef468894c4c90f6dea97cb69172ea168
Size/MD5 checksum: 16816552 da48174b5c23b60e9006fe7ba9ae3108
Size/MD5 checksum: 16450872 d27820e6be19287cc54a076de377df0a
Size/MD5 checksum: 16358526 bcf501a714d81b30247eae6e9f12f0ed
Size/MD5 checksum: 16488842 e0b8a37b009ea3f541a69ede9363fd3f
Size/MD5 checksum: 1296438 29c84f2d63128c92f8d12143557682be
Size/MD5 checksum: 1323614 5d7aca4a7c95b246924a1b01b9605acf
Size/MD5 checksum: 14258626 3a9dbe277a1e5acef334f545b3b7c969
Size/MD5 checksum: 14272316 fc4bda5ae29218e479169eedf18ee883
Size/MD5 checksum: 50920 140a510970c614920108bd4b91d03254
Size/MD5 checksum: 50932 51696902bfbb40bd028148c0cd426c61
Intel IA-64 architecture:
Size/MD5 checksum: 3078660 cd0b4c38cfd220ad24931447bc523c10
Size/MD5 checksum: 50944 3014173e9aa751c0dbc632f0130116a2
Size/MD5 checksum: 50966 3109b9df0c3a19e6f0a195887e8b8ddd
Size/MD5 checksum: 251958 bd38da689cc65f7b9deef7fc3a079735
Size/MD5 checksum: 251842 42d0e8fb18f6ad667ec7ef1e2a6cb87a
Size/MD5 checksum: 28007304 cc75ba0a8fe7b8326e3270408c1c3840
Size/MD5 checksum: 28177892 529c24f23f7c1aacf71656dd7b43ec55
Big endian MIPS architecture:
Size/MD5 checksum: 3346650 8e794572557cc5fb298790ae9dd4d73d
Size/MD5 checksum: 50940 6eb3f44a69be6bbb5f641fe7c9b65d76
Size/MD5 checksum: 50988 5b43acb9b1b1c0c9828e436350c9ae14
Size/MD5 checksum: 146208 09c3632adf6012a27f03fa05c7eeb0f4
Size/MD5 checksum: 156878 e847a3100fbb0609837424eb38b6f4c5
Size/MD5 checksum: 161260 9bd90ae1b01eb2c5ea06ca5a8229d3b7
Size/MD5 checksum: 179732 1d72924cb5bf081900046818e740a55c
Size/MD5 checksum: 179460 5c1366a589406ef7cece065dc5824cfd
Size/MD5 checksum: 6090784 29c9546bbd50ca0bda2ffbbcb46cd0e0
Size/MD5 checksum: 8272214 b593ff7e6f323b066d78cf1396c42ab9
Size/MD5 checksum: 9038058 03917d37e0f845dfccb1170dab1114e9
Size/MD5 checksum: 15636424 b40804614834ee86756bd279992eccc7
Size/MD5 checksum: 15608880 dde30bcf5bc1bb91ab12c19c89d320c5
Little endian MIPS architecture:
Size/MD5 checksum: 3346850 462fd3ec6168ae6109890977f488af47
Size/MD5 checksum: 50944 cd30eaed077c66f3bdcc55d57d9588af
Size/MD5 checksum: 50998 351d58c3c33fe23a4de3d44bd781a2c8
Size/MD5 checksum: 146350 248d8bc63d0457b935ef105dce08902a
Size/MD5 checksum: 152528 e6896b82f477abc7a79360ad7cec97d6
Size/MD5 checksum: 152606 5d0e3c4c7043e24ef199dfa9b789bbdb
Size/MD5 checksum: 175300 f162ba0598e2e29037353ddad6053171
Size/MD5 checksum: 179676 7a561f0067dd1c89cac45ae7c15584b7
Size/MD5 checksum: 179470 d753400358c2710f8fd5fbcb23601a46
Size/MD5 checksum: 6025714 65184bf5ee2fa1f6d4f4ea34c1e14f8d
Size/MD5 checksum: 5938072 5d3ef9327674cb2e55435d6b469f63fc
Size/MD5 checksum: 5921696 6aea1f4776b92db090fcdee828f4953e
Size/MD5 checksum: 9857632 3e6ef62417484887aacb56784a95f3ad
Size/MD5 checksum: 15053652 7bc7203cdebf3282d4dbafa825cfc5a9
Size/MD5 checksum: 15020522 1fcf23a65eb5d835dd07ce4d9ce0c13a
PowerPC architecture:
Size/MD5 checksum: 3389080 e9bce0707b794703b1c49ee18025c91d
Size/MD5 checksum: 50946 b6f1ab01d7fb27d1b30334d29940a141
Size/MD5 checksum: 50988 5fde45bf4d33780f4112e6f4db99625c
Size/MD5 checksum: 248218 36fe6d8e70a671468e8c538f4dc1290f
Size/MD5 checksum: 226390 720cd0a623d616632372f880bc3d0af7
Size/MD5 checksum: 248582 833f02e5501e18bbe0d9fbcf756d05b5
Size/MD5 checksum: 248700 721bc909d03a7dcbc4fd5c357455ca3c
Size/MD5 checksum: 243200 cfe2245eee5948c8f93e9701d77d9aac
Size/MD5 checksum: 3411446 833f6deb7733fedc0831934852cb391f
Size/MD5 checksum: 248562 84ce06dcfd3be86abfcc2a96ee6cc91e
Size/MD5 checksum: 249688 d43c75b5c92ec4ea42cefaf7eb602464
Size/MD5 checksum: 16623846 9ecf11d7decd2812dccf58cc7fd69fbf
Size/MD5 checksum: 15150576 c935b5932b7cc40c240f21bacd1b76c1
Size/MD5 checksum: 16960694 d547274742afc3df332d0314ca5a8a0b
Size/MD5 checksum: 18291500 19328b3d29114000c85a5f4828bc3b45
Size/MD5 checksum: 16397134 028d5aa143c4ab4e93f7aec862d99b74
Size/MD5 checksum: 17008536 19142d786ad597f2e0d2373a9337d7f4
Size/MD5 checksum: 18341688 92e65b411dfed7c80b16158554161108
IBM S/390 architecture:
Size/MD5 checksum: 2939860 b74255932d2a7896dd12ce12e37e5647
Size/MD5 checksum: 50938 6103a4197c459acc0472f6fcd3b78c10
Size/MD5 checksum: 50960 ed6675b16e70a49329037c8b52a098f1
Size/MD5 checksum: 139452 e5865441db3b6ae8565590ea904cfea0
Size/MD5 checksum: 139716 da657eeef5bcded8f616b8135f77f235
Size/MD5 checksum: 2962892 ca307878f35f08aac93cbd26eed371ce
Size/MD5 checksum: 140640 5b9797358eca5a5639f4a71b0c09c03c
Size/MD5 checksum: 5398934 45929ef35c681a89807c22a70874cc45
Size/MD5 checksum: 1435428 3284f9407eba0721c3a1d9e297225aca
Size/MD5 checksum: 5613996 794c4db163d4f545b787521ee4c839b0
Size/MD5 checksum: 5659716 3b9b4ade41389b053f8eeec9a50562b1
Sun Sparc architecture:
Size/MD5 checksum: 3164954 d2d25e0954c941e85cdf90612dad604d
Size/MD5 checksum: 50938 bf6268ea0c0b06952c13c6387af8637f
Size/MD5 checksum: 50968 c262724ca9ce05e1b4f42fdedbc4e6ed
Size/MD5 checksum: 162188 59ec2dcbfb31fde4e7a0688bd83864f8
Size/MD5 checksum: 191242 9c22fc4bfe5283e4483ce1f7f7fefeb4
Size/MD5 checksum: 191966 1a49adafe7e10c27fbb6ffa19d1a2cfc
Size/MD5 checksum: 3187272 26645d4265edaafba9e0fac1996d1726
Size/MD5 checksum: 192404 8a32387b7650d9eaa15006dd4fd92dc3
Size/MD5 checksum: 6406398 e923dabb20729d315f7446eef4040133
Size/MD5 checksum: 10352346 b20befc67997825374f1579af134f125
Size/MD5 checksum: 10610528 a858d25bf4ab21f1713bf90c49e6ebc4
Size/MD5 checksum: 10656406 5d17c4174538585c99f970bcc8eb2688
These files will probably be moved into the stable distribution on
its next update.
- --------------------------------------------------------------------------------- iD8DBQFG2KV1huANDBmkLRkRApffAJ4iB45UKgg0kMlJj5vDfzBvfxfwFwCfe+Wz
For apt-get: deb http://security.debian.org/ etch/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/etch/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
7gAkXIkNk/kXpmHQ3AOo76g=
=xlTz
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org