Package : kernel-source-2.6.8 et. al. Vulnerability : race condition Problem-Type : local Debian-specific: no CVE ID : CVE-2006-3625
It was discovered that a race condition in the process filesystem can lead to privilege escalation.
The following matrix explains which kernel version for which architecture fixes the problem mentioned above:
Debian 3.1 (sarge) Source 2.6.8-16sarge4 Alpha architecture 2.6.8-16sarge4 AMD64 architecture 2.6.8-12sarge4 Intel IA-32 architecture 2.6.8-16sarge4 Intel IA-64 architecture 2.6.8-14sarge4 PowerPC architecture 2.6.8-12sarge4 Sun Sparc architecture 2.6.8-15sarge4 IBM S/390 2.6.8-5sarge4 Motorola 680x0 2.6.8-4sarge4 HP Precision 2.6.8-6sarge3 FAI 1.9.1sarge3
The initial advisory lacked builds for the IBM S/390, Motorola 680x0 and HP Precision architectures, which are now provided. Also, the kernels for the FAI installer have been updated.
We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.
Upgrade Instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge - --------------------------------