[SECURITY] [DSA 1800-1] New Linux 2.6.26 packages fix several vulnerabilities

---------------------------------------------------------------------- Debian Security Advisory DSA-1800-1 [email protected] http://www.debian.org/security/ dann frazier May 15, 2009 http://www.debian.org/security/faq - ----------------------------------------------------------------------...

Design/Logic Flaw

Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap BMP file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420...

Buffer overflow

The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service crash or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which...

Code injection

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets...

CVE-2006-7197

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajpprocesscallback in modjk, which allows remote attackers to read portions of sensitive memory...

Integer overflow

Integer overflow in the substrcompare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991...

CVE-2007-1375

Integer overflow in the substrcompare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991...

CVE-2007-1375

Integer overflow in the substrcompare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991...

CVE-2007-1375

Integer overflow in the substrcompare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991...

CVE-2006-1588

The bridge ioctl ifbridge code in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory...

Design/Logic Flaw

net/ipv4/netfilter/ipconntrackcore.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nfconntrackl3protoipv4.c in 2.6, does not clear sockaddrin.sinzero before returning IPv4 socket names from the getsockopt function with SOORIGINALDST, which allows local users to obtain portions of...

CVE-2006-1343

net/ipv4/netfilter/ipconntrackcore.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nfconntrackl3protoipv4.c in 2.6, does not clear sockaddrin.sinzero before returning IPv4 socket names from the getsockopt function with SOORIGINALDST, which allows local users to obtain portions of...

CVE-2006-0457

Race condition in the 1 addkey, 2 requestkey, and 3 keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service crash or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies t...

CVE-2005-1406

The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory...

CVE-2005-1406

The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory...

CVE-2004-1038

A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: th...

CVE-2004-1038

A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: th...

CVE-2005-0176

The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released...

CVE-2004-1070

The loadelfbinary function in the binfmtelf loader binfmtelf.c in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernelread function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary...

CVE-2004-1038

A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: th...