CVE-2006-6060 CVE-2006-6106 CVE-2006-6535 CVE-2007-0958
CVE-2007-1357 CVE-2007-1592
Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code.
This update also fixes a regression in the smbfs subsystem which was introduced
in DSA-1233
which caused symlinks to be interpreted as regular files.
The Common Vulnerabilities and Exposures project identifies the
following problems:
- CVE-2005-4811
David Gibson reported an issue in the hugepage code which could permit
a local DoS (system crash) on appropriately configured systems.
- CVE-2006-4814
Doug Chapman discovered a potential local DoS (deadlock) in the mincore
function caused by improper lock handling.
- CVE-2006-4623
Ang Way Chuang reported a remote DoS (crash) in the dvb driver which
can be triggered by a ULE package with an SNDU length of 0.
- CVE-2006-5753
Eric Sandeen provided a fix for a local memory corruption vulnerability
resulting from a misinterpretation of return values when operating on
inodes which have been marked bad.
- CVE-2006-5754
Darrick Wong discovered a local DoS (crash) vulnerability resulting from
the incorrect initialization of nr_pages in aio_setup_ring().
- CVE-2006-5757
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted iso9660 filesystem.
- CVE-2006-6053
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted ext3 filesystem.
- CVE-2006-6056
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted hfs filesystem on
systems with SELinux hooks enabled (Debian does not enable SELinux by
default).
- CVE-2006-6060
LMH reported a potential local DoS (infinite loop) which could be exploited
by a malicious user with the privileges to mount and read a corrupted NTFS
filesystem.
- CVE-2006-6106
Marcel Holtman discovered multiple buffer overflows in the Bluetooth
subsystem which can be used to trigger a remote DoS (crash) and potentially
execute arbitrary code.
- CVE-2006-6535
Kostantin Khorenko discovered an invalid error path in dev_queue_xmit()
which could be exploited by a local user to cause data corruption.
- CVE-2007-0958
Santosh Eraniose reported a vulnerability that allows local users to read
otherwise unreadable files by triggering a core dump while using PT_INTERP.
This is related to CVE-2004-1073.
- CVE-2007-1357
Jean Delvare reported a vulnerability in the appletalk subsystem.
Systems with the appletalk module loaded can be triggered to crash
by other systems on the local network via a malformed frame.
- CVE-2007-1592
Masayuki Nakagawa discovered that flow labels were inadvertently
being shared between listening sockets and child sockets. This defect
can be exploited by local users to cause a DoS (Oops).
The following matrix explains which kernel version for which architecture
fix the problems mentioned above:
|
Debian 3.1 (sarge) |
Source |
2.6.8-16sarge7 |
Alpha architecture |
2.6.8-16sarge7 |
AMD64 architecture |
2.6.8-16sarge7 |
HP Precision architecture |
2.6.8-6sarge7 |
Intel IA-32 architecture |
2.6.8-16sarge7 |
Intel IA-64 architecture |
2.6.8-14sarge7 |
Motorola 680x0 architecture |
2.6.8-4sarge7 |
PowerPC architecture |
2.6.8-12sarge7 |
IBM S/390 architecture |
2.6.8-5sarge7 |
Sun Sparc architecture |
2.6.8-15sarge7 |
We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.