Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New Linux 2.6.18 packages fix several vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems below.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1356-1                                         Dann Frazier
August 15th, 2007             
- --------------------------------------------------------------------------

Package        : linux-2.6
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE ID         : CVE-2007-1353 CVE-2007-2172 CVE-2007-2453 CVE-2007-2525
                 CVE-2007-2876 CVE-2007-3513 CVE-2007-3642 CVE-2007-3848
Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:


    Ilja van Sprundel discovered that kernel memory could be leaked via the
    Bluetooth setsockopt call due to an uninitialized stack buffer. This
    could be used by local attackers to read the contents of sensitive kernel


    Thomas Graf reported a typo in the DECnet protocol handler that could
    be used by a local attacker to overrun an array via crafted packets,
    potentially resulting in a Denial of Service (system crash).
    A similar issue exists in the IPV4 protocol handler and will be fixed
    in a subsequent update.


    A couple of issues with random number generation were discovered.
    Slightly less random numbers resulted from hashing a subset of the
    available entropy. zero-entropy systems were seeded with the same
    inputs at boot time, resulting in repeatable series of random numbers.


    Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused
    by releasing a socket before PPPIOCGCHAN is called upon it. This could
    be used by a local user to DoS a system by consuming all available memory.


    Vilmos Nebehaj discovered a NULL pointer dereference condition in the
    netfilter subsystem. This allows remote systems which communicate using
    the SCTP protocol to crash a system by creating a connection with an
    unknown chunk type.


    Oliver Neukum reported an issue in the usblcd driver which, by not
    limiting the size of write buffers, permits local users with write access
    to trigger a DoS by consuming all available memory.


    Zhongling Wen reported an issue in nf_conntrack_h323 where the lack of
    range checking may lead to NULL pointer dereferences. Remote attackers
    could exploit this to create a DoS condition (system crash).


    Wojciech Purczynski discovered that pdeath_signal was not being reset
    properly under certain conditions which may allow local users to gain
    privileges by sending arbitrary signals to suid binaries.

    Dave Airlie reported that Intel 965 and above chipsets have relocated
    their batch buffer security bits. Local X server users may exploit this
    to write user data to arbitrary physical memory addresses.

These problems have been fixed in the stable distribution in version 

The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:

                                 Debian 4.0 (etch)
     fai-kernels                 1.17+etch4
     user-mode-linux             2.6.18-1um-2etch3

We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- --------------------------------

  Source archives:
      Size/MD5 checksum:     5672 ef2648e54c6ea1769b29ba191fc13083
      Size/MD5 checksum:  5306139 589297d453d15848b5879cf22eed7d40
      Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060

  Architecture independent components:
      Size/MD5 checksum:  3585938 a94cd1247d3dc98378dd094b3b364044
      Size/MD5 checksum:  1081908 36d119bd92dbd35a8f83b191f74daf09
      Size/MD5 checksum:  1475708 0373ab2ac016f31d2591eab4de39e4d3
      Size/MD5 checksum: 41417232 279c0d7b44a451169a118e0a2b0c4eeb
      Size/MD5 checksum:  3738202 e4cfce3e67d3a0f6aeb4fe1fb5706372
      Size/MD5 checksum:    51094 b22167a8b2ab8d0cfb9eded0d0b8d8a0

  Alpha architecture:
      Size/MD5 checksum:  3024210 ad1fc21ac8fcb76a0db86d25737c8a83
      Size/MD5 checksum:    50680 28ad3748b8d76abbb2e896f7ff190240
      Size/MD5 checksum:    50720 1f106b97c91e07921402b0a2174574c6
      Size/MD5 checksum:   263524 4ce1e83ad733aee9d36b075babc6f908
      Size/MD5 checksum:   263838 4c9ebe648f73818252ed3de79567219e
      Size/MD5 checksum:   262864 a3d6389b9224fcef726128f3a747a4f8
      Size/MD5 checksum:  3048212 d86c3c8fac6533904b91592016e2afba
      Size/MD5 checksum:   264300 15606dadab1e1bbb4d9234a8bfb09b5e
      Size/MD5 checksum: 23485186 1978fddd39e8e7ce9ebc88efefd4ebe0
      Size/MD5 checksum: 23464818 bdfd39761fd0bc68de001efb430895af
      Size/MD5 checksum: 23838852 e9ae2b4f056d9b47832234d2aa6ec4d7
      Size/MD5 checksum: 23528772 4f029181ad02c46f2ae2b34038b629e0

  AMD64 architecture:
      Size/MD5 checksum:  3164562 5bef24546e02e53d0b866b68e57c8294
      Size/MD5 checksum:    50644 173c9d06298afe48e609cd08a5420737
      Size/MD5 checksum:    50668 61e625ce94855d474c0562819ae3b879
      Size/MD5 checksum:   270036 cd6f518453e0b75e3d4e17bc1fca62a3
      Size/MD5 checksum:  3187796 2958630378a24cb3f16807e04fe17297
      Size/MD5 checksum:   269650 dbfd4c56547401e7b6a6460f41dd266b
      Size/MD5 checksum:  3330944 996a5cba350ae0c9110f8ca72492bfc2
      Size/MD5 checksum:   271784 c1841e07342a73c9cf87058cc0ca943b
      Size/MD5 checksum:  3353796 730dd7dd17cb532152463000f16459f0
      Size/MD5 checksum:   270068 363ff82948e473032eaa4fc37d2b9d6b
      Size/MD5 checksum: 16838550 dee2a96f0c89bc9b59b2febd42dc8bb1
      Size/MD5 checksum:  1647400 8f72b372c132b40f5c828d7d0a94bf62
      Size/MD5 checksum:  1679728 853224dc22a8fa38c8b4af6534886a77
      Size/MD5 checksum: 15238676 d62ddc5e61a35e84529262c9101b0e93
      Size/MD5 checksum: 15256142 8b0667dd7cb043b753ce3a9770058515
      Size/MD5 checksum:    50618 0da191c5dcd2406d079f9aab3b4ca0a3
      Size/MD5 checksum:    50632 46cd39c06556d9bc465099cddb3c7f3d

  ARM architecture:
      Size/MD5 checksum:  3346806 bc6581484d2364ccba4bbdb275072ecb
      Size/MD5 checksum:    50652 976339e33b567d816811d561dc575cc8
      Size/MD5 checksum:    50694 19473ef72c0109f1ce9dc9dfd4f3de3d
      Size/MD5 checksum:   225038 969f487c6c9d50fef7200e0a3ecb5c4b
      Size/MD5 checksum:   226564 c5f03ec763dfb6b27d00f8f90e0ae9da
      Size/MD5 checksum:   232748 bb9606e416b2aa84c3cc8071ac2350d8
      Size/MD5 checksum:   192126 cd01397be860265e013d55aa574c7347
      Size/MD5 checksum:   194764 e05a0715a2bf9cbac171217b22314b19
      Size/MD5 checksum:  7518754 018e9a847ff04f7fc3580f85bfc2abe1
      Size/MD5 checksum:  7869416 e4750e15d602443f08ba02c7e7c2a137
      Size/MD5 checksum:  8806748 7436ed2118660e9c7f4f4697ac5868c3
      Size/MD5 checksum:  4558510 68d071f5a09c182509bea873aef02105
      Size/MD5 checksum:  4981066 6c261104c98cc528d6633f79274ad72a

  HP Precision architecture:
      Size/MD5 checksum:  2964238 f6fd8c5dd6071370f953e496756851cf
      Size/MD5 checksum:    50642 8aca6d6bffa3b334b71b66332dd125ae
      Size/MD5 checksum:    50668 7dfc3cbdd0f0763008e0246015fe5c9f
      Size/MD5 checksum:   188488 31502e1f9bdcc0a24d6a7762f6f4cbe8
      Size/MD5 checksum:   189420 e6deaa2c4a398b59a40a732cb9018940
      Size/MD5 checksum:   189146 133d151b9aa064b61c90c0c9ce20656c
      Size/MD5 checksum:   189834 c7ada740b1647894ceda503d4ee8399b
      Size/MD5 checksum: 10498710 5d3ee84cc71a57eabe1d0647f704ad3c
      Size/MD5 checksum: 10940810 8e1de20ffcc7df26862544af83f78771
      Size/MD5 checksum: 11344516 a6fe777a6d6296c1d95c81c25931102e
      Size/MD5 checksum: 11751450 e0c73577059ad7ee24893278e8bb580c

  Intel IA-32 architecture:
      Size/MD5 checksum:  3164474 5581e6b60de382087f4e3cd05a326cd8
      Size/MD5 checksum:   277248 ff8b78d10cb79fc1c9258cd43a408499
      Size/MD5 checksum:   275932 874d04ecd1f692d9781e2cb47c687ee6
      Size/MD5 checksum:   276286 dbcc90161edc6a46b7a89a10b0fc22ff
      Size/MD5 checksum:    50640 34b3065eb0fdc3a02576c9ebdd2508d9
      Size/MD5 checksum:    50700 77d1ae15ad63b7e9675225a6ca7db47c
      Size/MD5 checksum:   268294 a60191beaaf0d62099dbd1a20eaf6b75
      Size/MD5 checksum:   275830 f9a83308d8ecd6eb36d6791b864116c5
      Size/MD5 checksum:  3050892 8283afde8651de38ff35c68ac9d34feb
      Size/MD5 checksum:   273688 759941012b1848db94e34d6f1c57cfd6
      Size/MD5 checksum:   273764 bc27c920b5a85c643d3f9a7fa3bb2f9f
      Size/MD5 checksum:  3145220 f0cee6bc58f389ef78fc3cbcad757197
      Size/MD5 checksum:   270550 b1aca209d3f63334b8512bd70e7fee04
      Size/MD5 checksum:  3167356 72a44aac33deb66d1eed41b37d9f6f84
      Size/MD5 checksum:   271130 cebd78501825a595f992a575371cd8b7
      Size/MD5 checksum: 16170152 7dbf8514bc38e86a6d6454593628a9a8
      Size/MD5 checksum: 16319248 a099f9f04a33385dc29a7cc5ed743411
      Size/MD5 checksum: 16384438 83d05912745de976a2648295241f0b15
      Size/MD5 checksum: 16816198 1c14cd0e4867b12f05bea602a7940b11
      Size/MD5 checksum: 16449650 9c195ec1b9f2b5f2531017389234d817
      Size/MD5 checksum: 16358054 727d0f2e6e821a34c527c44946660653
      Size/MD5 checksum: 16488812 1619800305c3c55e48f9b5484cd7ec39
      Size/MD5 checksum:  1296346 6f233c2b69738b9d577a4c1d7d9283a3
      Size/MD5 checksum:  1323270 c3ba3e1299340fe9666746ada15cafe2
      Size/MD5 checksum: 14258314 37215c1b602209320153136ddae5b53d
      Size/MD5 checksum: 14272088 00cfea4d19109eff959c360f63b90c18
      Size/MD5 checksum:    50620 3d60ebbd894ac77ddaafaaba903083b8
      Size/MD5 checksum:    50636 9277c97ebb5c14fc93c5449c5e5a391c

  Intel IA-64 architecture:
      Size/MD5 checksum:  3078390 7c1dc7cf08fdce40fdb01acd14c6167b
      Size/MD5 checksum:    50644 4303c1255e6d4840b9ce34b8da158125
      Size/MD5 checksum:    50662 5235fb30a8f35c91ea15335ee439a60d
      Size/MD5 checksum:   251576 5b89eeb214501b0a1b6e2d2712763fe3
      Size/MD5 checksum:   251558 573aa9cc9fba9924a98a1b6ca786edfe
      Size/MD5 checksum: 28008514 baaf3f87d60cb1d68c361cea849d3c27
      Size/MD5 checksum: 28178022 c6cb8de82903383b78c7a9646d7df7da

  Big endian MIPS architecture:
      Size/MD5 checksum:  3346354 c0c5d438a80a114ffbe515104f44785f
      Size/MD5 checksum:    50644 822db9efc5caba5bd3f96c2ffef90ce8
      Size/MD5 checksum:    50692 9fbd9cb53ce75b25243adfb5568bd2f9
      Size/MD5 checksum:   146348 4a2ede92f7cba5e409a01504a5787786
      Size/MD5 checksum:   156600 b56c8fe624757cca08eafda9a7b62122
      Size/MD5 checksum:   160930 14710075883c5cb17ed1f4dfa854461f
      Size/MD5 checksum:   179380 f61160dd2e459a70170e5ba8524aea36
      Size/MD5 checksum:   179154 aba921bcc75c80c0c96c727eac34afaf
      Size/MD5 checksum:  6090314 99e9641ce38b6d0530199ad566738d73
      Size/MD5 checksum:  8271518 6979492cd1b01cf3b76958211bfb3bdf
      Size/MD5 checksum:  9037182 56824fbbc825d14d2fec62b2562f44ce
      Size/MD5 checksum: 15636546 85bc62cca019e5d5c07374fe4ea05df8
      Size/MD5 checksum: 15608670 233369e78b74fdca2143c971995440f5

  Little endian MIPS architecture:
      Size/MD5 checksum:  3346628 a208480b2fa7bdd13559b4078d03cac9
      Size/MD5 checksum:    50648 20d1bf2c345a889720562597f9300152
      Size/MD5 checksum:    50712 31666ed837cac8aec136528616a7407f
      Size/MD5 checksum:   146012 ec774ccba8d1783239b0f12cee90abe3
      Size/MD5 checksum:   152252 99657c9b655c5f1bded07e4a5394d132
      Size/MD5 checksum:   152340 0c0778fa59bda664f8cb4f0f1ba8f90b
      Size/MD5 checksum:   174444 8927ed0b8d880d99fcc79c64ecc44c54
      Size/MD5 checksum:   179284 8b01ba01c4d2e0e4a1dbfd4acd5354ea
      Size/MD5 checksum:   179144 368da689abd47ca70aced24efec5b040
      Size/MD5 checksum:  6025698 a355ec38f440f7e08d0f22ce6184bcf8
      Size/MD5 checksum:  5937952 2de36f1fdeb55373eb50fb77efe7f938
      Size/MD5 checksum:  5921402 006d6d3d34f2db5b21500cdc8914dc08
      Size/MD5 checksum:  9857018 4246c3b15aae0df84b669381a8f1383e
      Size/MD5 checksum: 15052960 317130eff4221493bf31349bb99d0eab
      Size/MD5 checksum: 15019204 a5c6e183ff53d3c8fd169f0d2bc17ebc

  PowerPC architecture:
      Size/MD5 checksum:  3388916 6d6415c4241ea26786fd3a72899e266f
      Size/MD5 checksum:    50652 f19e0ad61b5e91f685e920a58248c8e9
      Size/MD5 checksum:    50698 111c11da4f26a93122b76b6eac5b92c8
      Size/MD5 checksum:   248366 7bafbd435e00ad6b647b347d84e1e0c1
      Size/MD5 checksum:   225218 90e19db35ef618a7e3f476576de60d95
      Size/MD5 checksum:   248400 3dd8373a35220a27423c3f4eadd32358
      Size/MD5 checksum:   248712 8a0281e9b856372f4d01c8a0f4b02d72
      Size/MD5 checksum:   242934 92f3fda2938f60fdf6f957f0659712ab
      Size/MD5 checksum:  3411216 b9070329bf0a6045896db2fc15f66f0a
      Size/MD5 checksum:   248448 e108e05b4fe2239d4e95fb6598405fd6
      Size/MD5 checksum:   249006 3908dfaf4f518192bd550ca5ac45476f
      Size/MD5 checksum: 16623606 b76fa67819092073c6bfc51904163278
      Size/MD5 checksum: 15149270 502237df8e0f90e7ab95b28cbe7a5f8f
      Size/MD5 checksum: 16960668 69f13fe8bde671497363849f76636eda
      Size/MD5 checksum: 18291108 9cc68d73b1bcf401176d1f93bd1dfeb1
      Size/MD5 checksum: 16395670 fbab6e355aba9c29f63603d097855c5e
      Size/MD5 checksum: 17006732 cca0573ca442e02ad6f153fcc059f734
      Size/MD5 checksum: 18340518 3940b166f8b0464baa118c8557922edb

  IBM S/390 architecture:
      Size/MD5 checksum:  2939624 fada85c4d5ec9cbdee803116fde561b1
      Size/MD5 checksum:    50642 9478b247c93b2ba8b405f93b525307ae
      Size/MD5 checksum:    50664 d694fdeff900e5b1ba575ad15bbd5310
      Size/MD5 checksum:   139294 02bcbe57d1b62129243c8cb4b7bb8d2d
      Size/MD5 checksum:   139538 69993d0e2867ed4efa5bb0e442d3d014
      Size/MD5 checksum:  2962698 36d89e72ac15117d15a3488878d205a4
      Size/MD5 checksum:   140274 5b8bacca256347a7ce02783651110e35
      Size/MD5 checksum:  5398576 b1054f70f0472fd020241b6af904438d
      Size/MD5 checksum:  1435060 daf41750946017171aad603b9218d0c4
      Size/MD5 checksum:  5613112 68d67210c4c6aa0ea54b1754df137d8e
      Size/MD5 checksum:  5659570 c6a2db3553a427cecf69d9f1258e9444

  Sun Sparc architecture:
      Size/MD5 checksum:  3164578 902a8ff3089225278575251ba13f1f98
      Size/MD5 checksum:    50640 455bd9863c6f183ee28d15e7ba9ddc38
      Size/MD5 checksum:    50674 8416d5c20659923183729457854e139f
      Size/MD5 checksum:   161886 f58a554b0de7e05c4727bff1e236a069
      Size/MD5 checksum:   191010 bad7bf07af89b1ba54ff559f99cf3d1b
      Size/MD5 checksum:   191776 f059b7c75ea312f69758d02e6da4cd4f
      Size/MD5 checksum:  3186936 2a865cc6aed95cdc0ed3ebb20ec0a6d0
      Size/MD5 checksum:   192172 197b2cd91975cbda876bc0ac18244870
      Size/MD5 checksum:  6406184 e0ce977a5c79906c4996f069672e272b
      Size/MD5 checksum: 10351700 69bc68d296d9134f6df792fb745c9810
      Size/MD5 checksum: 10610496 b40bc9a07de220a54a1489b22d1d60f4
      Size/MD5 checksum: 10656362 91c6c66c24c7d5ca45c0e6eb5dcdcbba

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb etch/updates main
For dpkg-ftp: dists/etch/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.