Several security related problems have been discovered in the Linux kernel which may lead to a denial of service or even the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2004-2660
Toshihiro Iwamoto discovered a memory leak in the handling of direct I/O writes that allows local users to cause a denial of service.
CVE-2005-4798
A buffer overflow in NFS readlink handling allows a malicious remote server to cause a denial of service.
CVE-2006-1052
Stephen Smalley discovered a bug in the SELinux ptrace handling that allows local users with ptrace permissions to change the tracer SID to the SID of another process.
CVE-2006-1343
Pavel Kankovsky discovered an information leak in the getsockopt system call which can be exploited by a local program to leak potentially sensitive memory to userspace.
CVE-2006-1528
Douglas Gilbert reported a bug in the sg driver that allows local users to cause a denial of service by performing direct I/O transfers from the sg driver to memory mapped I/O space.
CVE-2006-1855
Mattia Belletti noticed that certain debugging code left in the process management code could be exploited by a local attacker to cause a denial of service.
CVE-2006-1856
Kostik Belousov discovered a missing LSM file_permission check in the readv and writev functions which might allow attackers to bypass intended access restrictions.
CVE-2006-2444
Patrick McHardy discovered a bug in the SNMP NAT helper that allows remote attackers to cause a denial of service.
CVE-2006-2446
A race condition in the socket buffer handling allows remote attackers to cause a denial of service.
CVE-2006-2935
Diego Calleja Garcia discovered a buffer overflow in the DVD handling code that could be exploited by a specially crafted DVD or USB storage device to execute arbitrary code.
CVE-2006-2936
A bug in the serial USB driver has been discovered that could be exploited by a custom made USB serial adapter to consume arbitrary amounts of memory.
CVE-2006-3468
James McKenzie discovered a denial of service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet.
CVE-2006-3745
Wei Wang discovered a bug in the SCTP implementation that allows local users to cause a denial of service and possibly gain root privileges.
CVE-2006-4093
Olof Johansson discovered that the kernel did not disable the HID0 bit on PowerPC 970 processors which could be exploited by a local attacker to cause a denial of service.
CVE-2006-4145
A bug in the Universal Disk Format (UDF) filesystem driver could be exploited by a local user to cause a denial of service.
CVE-2006-4535
David Miller reported a problem with the fix for CVE-2006-3745 that allows local users to crash the system using via an SCTP socket with a certain SO_LINGER value.
The following matrix explains which kernel version for which architecture fixes the problem mentioned above:
stable (sarge) Source 2.6.8-16sarge5 Alpha architecture 2.6.8-16sarge5 AMD64 architecture 2.6.8-16sarge5 HP Precision architecture 2.6.8-6sarge5 Intel IA-32 architecture 2.6.8-16sarge5 Intel IA-64 architecture 2.6.8-14sarge5 Motorola 680x0 architecture 2.6.8-4sarge5 PowerPC architecture 2.6.8-12sarge5 IBM S/390 2.6.8-5sarge5 Sun Sparc architecture 2.6.8-15sarge5 FAI 1.9.1sarge4
Due to some internal problems kernel packages for the S/390 are missing and will be provided later.
For the unstable distribution (sid) these problems have been fixed in version 2.6.18-1.
We recommend that you upgrade your kernel package and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.
Upgrade Instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge - --------------------------------