CVE-2006-6060 CVE-2006-6106 CVE-2006-6535 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. This update also fixes a regression in the smbfs subsystem which was introduced in DSA-1233 which caused symlinks to be interpreted as regular files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-4811 David Gibson reported an issue in the hugepage code which could permit a local DoS (system crash) on appropriately configured systems. CVE-2006-4814 Doug Chapman discovered a potential local DoS (deadlock) in the mincore function caused by improper lock handling. CVE-2006-4623 Ang Way Chuang reported a remote DoS (crash) in the dvb driver which can be triggered by a ULE package with an SNDU length of 0. CVE-2006-5753 Eric Sandeen provided a fix for a local memory corruption vulnerability resulting from a misinterpretation of return values when operating on inodes which have been marked bad. CVE-2006-5754 Darrick Wong discovered a local DoS (crash) vulnerability resulting from the incorrect initialization of nr_pages in aio_setup_ring(). CVE-2006-5757 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted iso9660 filesystem. CVE-2006-6053 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext3 filesystem. CVE-2006-6056 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted hfs filesystem on systems with SELinux hooks enabled (Debian does not enable SELinux by default). CVE-2006-6060 LMH reported a potential local DoS (infinite loop) which could be exploited by a malicious user with the privileges to mount and read a corrupted NTFS filesystem. CVE-2006-6106 Marcel Holtman discovered multiple buffer overflows in the Bluetooth subsystem which can be used to trigger a remote DoS (crash) and potentially execute arbitrary code. CVE-2006-6535 Kostantin Khorenko discovered an invalid error path in dev_queue_xmit() which could be exploited by a local user to cause data corruption. CVE-2007-0958 Santosh Eraniose reported a vulnerability that allows local users to read otherwise unreadable files by triggering a core dump while using PT_INTERP. This is related to CVE-2004-1073. CVE-2007-1357 Jean Delvare reported a vulnerability in the appletalk subsystem. Systems with the appletalk module loaded can be triggered to crash by other systems on the local network via a malformed frame. CVE-2007-1592 Masayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops). The following matrix explains which kernel version for which architecture fix the problems mentioned above: Debian 3.1 (sarge) Source 2.6.8-16sarge7 Alpha architecture 2.6.8-16sarge7 AMD64 architecture 2.6.8-16sarge7 HP Precision architecture2.6.8-6sarge7 Intel IA-32 architecture2.6.8-16sarge7 Intel IA-64 architecture2.6.8-14sarge7 Motorola 680x0 architecture2.6.8-4sarge7 PowerPC architecture2.6.8-12sarge7 IBM S/390 architecture2.6.8-5sarge7 Sun Sparc architecture2.6.8-15sarge7 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.
CVE-2006-6060 CVE-2006-6106 CVE-2006-6535 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
This update also fixes a regression in the smbfs subsystem which was introduced in DSA-1233 which caused symlinks to be interpreted as regular files.
The Common Vulnerabilities and Exposures project identifies the following problems:
David Gibson reported an issue in the hugepage code which could permit a local DoS (system crash) on appropriately configured systems.
Doug Chapman discovered a potential local DoS (deadlock) in the mincore function caused by improper lock handling.
Ang Way Chuang reported a remote DoS (crash) in the dvb driver which can be triggered by a ULE package with an SNDU length of 0.
Eric Sandeen provided a fix for a local memory corruption vulnerability resulting from a misinterpretation of return values when operating on inodes which have been marked bad.
Darrick Wong discovered a local DoS (crash) vulnerability resulting from
the incorrect initialization of nr_pages
in aio_setup_ring().
LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted iso9660 filesystem.
LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext3 filesystem.
LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted hfs filesystem on systems with SELinux hooks enabled (Debian does not enable SELinux by default).
LMH reported a potential local DoS (infinite loop) which could be exploited by a malicious user with the privileges to mount and read a corrupted NTFS filesystem.
Marcel Holtman discovered multiple buffer overflows in the Bluetooth subsystem which can be used to trigger a remote DoS (crash) and potentially execute arbitrary code.
Kostantin Khorenko discovered an invalid error path in dev_queue_xmit() which could be exploited by a local user to cause data corruption.
Santosh Eraniose reported a vulnerability that allows local users to read otherwise unreadable files by triggering a core dump while using PT_INTERP. This is related to CVE-2004-1073.
Jean Delvare reported a vulnerability in the appletalk subsystem. Systems with the appletalk module loaded can be triggered to crash by other systems on the local network via a malformed frame.
Masayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops).
The following matrix explains which kernel version for which architecture fix the problems mentioned above:
Debian 3.1 (sarge) | |
---|---|
Source | 2.6.8-16sarge7 |
Alpha architecture | 2.6.8-16sarge7 |
AMD64 architecture | 2.6.8-16sarge7 |
HP Precision architecture | 2.6.8-6sarge7 |
Intel IA-32 architecture | 2.6.8-16sarge7 |
Intel IA-64 architecture | 2.6.8-14sarge7 |
Motorola 680x0 architecture | 2.6.8-4sarge7 |
PowerPC architecture | 2.6.8-12sarge7 |
IBM S/390 architecture | 2.6.8-5sarge7 |
Sun Sparc architecture | 2.6.8-15sarge7 |
We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.
MD5 checksums of the listed files are available in the original advisory.