Hast du die schon eingespielt? Komischer Weise wird mir das Update nicht mehr angeboten, aber /cat/proc/version zeigt noch die alte Kernel-Version an! Oder hast du die Pakete schon eingespielt, aber die Server noch nicht rebootet (was man ja besser auch mal Nachts machen sollte)?
Am Sonntag, den 30.01.2011, 00:42 -0600 schrieb dann frazier: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2153-1 [email protected] > http://www.debian.org/security/ dann frazier > January 30, 2011 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : linux-2.6 > Vulnerability : privilege escalation/denial of service/information leak > Problem type : local/remote > Debian-specific: no > CVE Id(s) : CVE-2010-0435 CVE-2010-3699 CVE-2010-4158 CVE-2010-4162 > CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248 > CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346 > CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565 > CVE-2010-4649 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521 > > Several vulnerabilities have been discovered in the Linux kernel that may lead > to a privilege escalation, denial of service or information leak. The Common > Vulnerabilities and Exposures project identifies the following problems: > > CVE-2010-0435 > > Gleb Napatov reported an issue in the KVM subsystem that allows virtual > machines to cause a denial of service of the host machine by executing mov > to/from DR instructions. > > CVE-2010-3699 > > Keir Fraser provided a fix for an issue in the Xen subsystem. A guest can > cause a denial of service on the host by retaining a leaked reference to a > device. This can result in a zombie domain, xenwatch process hangs, and xm > command failures. > > CVE-2010-4158 > > Dan Rosenberg discovered an issue in the socket filters subsystem, > allowing > local unprivileged users to obtain the contents of sensitive kernel > memory. > > CVE-2010-4162 > > Dan Rosenberg discovered an overflow issue in the block I/O subsystem that > allows local users to map large numbers of pages, resulting in a denial of > service due to invocation of the out of memory killer. > > CVE-2010-4163 > > Dan Rosenberg discovered an issue in the block I/O subsystem. Due to > improper validation of iov segments, local users can trigger a kernel > panic > resulting in a denial of service. > > CVE-2010-4242 > > Alan Cox reported an issue in the Bluetooth subsystem. Local users with > sufficient permission to access HCI UART devices can cause a denial of > service (NULL pointer dereference) due to a missing check for an existing > tty write operation. > > CVE-2010-4243 > > Brad Spengler reported a denial-of-service issue in the kernel memory > accounting system. By passing large argv/envp values to exec, local users > can cause the out of memory killer to kill processes owned by other users. > > CVE-2010-4248 > > Oleg Nesterov reported an issue in the POSIX CPU timers subsystem. Local > users can cause a denial of service (Oops) due to incorrect assumptions > about thread group leader behavior. > > CVE-2010-4249 > > Vegard Nossum reported an issue with the UNIX socket garbage collector. > Local users can consume all of LOWMEM and decrease system performance by > overloading the system with inflight sockets. > > CVE-2010-4258 > > Nelson Elhage reported an issue in Linux oops handling. Local users may be > able to obtain elevated privileges if they are able to trigger an oops > with > a process' fs set to KERNEL_DS. > > CVE-2010-4342 > > Nelson Elhage reported an issue in the econet protocol. Remote attackers > can > cause a denial of service by sending an Acorn Universal Networking packet > over UDP. > > CVE-2010-4346 > > Tavis Ormandy discovered an issue in the install_special_mapping routine > which allows local users to bypass the mmap_min_addr security restriction. > Combined with an otherwise low severity local denial of service > vulnerability (NULL pointer dereference), a local user could obtain > elevated > privileges. > > CVE-2010-4526 > > Eugene Teo reported a race condition in the Linux SCTP implementation. > Remote users can cause a denial of service (kernel memory corruption) by > transmitting an ICMP unreachable message to a locked socket. > > CVE-2010-4527 > > Dan Rosenberg reported two issues in the OSS soundcard driver. Local users > with access to the device (members of group 'audio' on default Debian > installations) may contain access to sensitive kernel memory or cause a > buffer overflow, potentially leading to an escalation of privileges. > > CVE-2010-4529 > > Dan Rosenberg reported an issue in the Linux kernel IrDA socket > implementation on non-x86 architectures. Local users may be able to gain > access to sensitive kernel memory via a specially crafted > IRLMP_ENUMDEVICES > getsockopt call. > > CVE-2010-4565 > > Dan Rosenberg reported an issue in the Linux CAN protocol implementation. > Local users can obtain the address of a kernel heap object which might > help > facilitate system exploitation. > > CVE-2010-4649 > > Dan Carpenter reported an issue in the uverb handling of the InfiniBand > subsystem. A potential buffer overflow may allow local users to cause a > denial of service (memory corruption) by passing in a large cmd.ne value. > > CVE-2010-4656 > > Kees Cook reported an issue in the driver for I/O-Warrior USB devices. > Local users with access to these devices maybe able to overrun kernel > buffers, resulting in a denial of service or privilege escalation. > > CVE-2010-4668 > > Dan Rosenberg reported an issue in the block subsystem. A local user can > cause a denial of service (kernel panic) by submitting certain 0-length > I/O > requests. > > CVE-2011-0521 > > Dan Carpenter reported an issue in the DVB driver for AV7110 cards. Local > users can pass a negative info->num value, corrupting kernel memory and > causing a denial of service. > > For the stable distribution (lenny), this problem has been fixed in > version 2.6.26-26lenny2. > > The following matrix lists additional source packages that were rebuilt for > compatibility with or to take advantage of this update: > > Debian 5.0 (lenny) > user-mode-linux 2.6.26-1um-2+26lenny2 > > We recommend that you upgrade your linux-2.6 and user-mode-linux packages. > > Note that these updates will not become active until after your system is > rebooted. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iQIcBAEBCAAGBQJNRQQVAAoJEBv4PF5U/IZAH/4P/RxhngAjXnE7T6V2ReVQ7U0U > qh0NKKHfEUIRmK6v4t3LkKiVTDswArOUtt3JUThs9J/TgLJjQyAIjOAQWk7Hgy6G > 5BNyCkndO5X2Cfl1Q69NhPljpjPD5emyqytw39Q0MyTWQf91DpXz+sgmozij52nk > cR1pl7UcCzUozr5DVgNTOtuRjbgavSiuEXwpfDF9rX7+I+zkLyfs70uH3FcNvK0k > fcl6rFTG25pGGHyEC9uW5VfZ/EKJn1QFlxabwACvxL/sODQtGg7obWFvxYKUSuBh > 7yRfsxOaZeKPco7SLG0aI4JAk7rpRgAkbpPq2/su/LtOXsP67xuus0X1O4scp+eW > PojK7ESyE89GCoVCHEVqh1HjQW3OeBea0j9oLWHe4K0enswcpc2b3MzvOXf0lU53 > hx1QTzMGHcH19a/LDDZ5AtdP2mkxSChOFAvQMBJW0fAu4Dd/w7VxwK2znMg3UnR+ > uRsLlYk75jlKjlZ2Ol1E/KHmW2RP/Msn9HgWxywvMPaFoOcwZhDPUKl+H5uEhux6 > prHCrL70Uo/MwSp6N3u2qH2Rtkk8OK1OdefdMp+/Tn7AHu4FlbqMKI41OFOtLxME > wkXSy//QGPm/pLNOsd4Jp8AtC/2UeHNv1m46GgiCGGvc7fngKIpBgQLst1pgWsjZ > MC+/ZgUkQGUrY/0pi/dN > =wlsd > -----END PGP SIGNATURE----- > > -- Kai Moritz Entwicklung Telefon: 0234/7090883 Mobil: 0176/20504747 E-Mail: [email protected] --------------------------------------------------------- coolibri Büro in Bochum: Telefon: 0234/93737-0 Fax: 0234/93737-99 E-Mail: [email protected] coolibri - Deutschlands meistgelesene Stadtillustrierte, 279.000 Leser pro Ausgabe (AWA 2009) www.coolibri.de - Freizeitverführer Metropole West coolibri, Sponsorpartner von RUHR.2010 Roland Scherer Verlags- und Werbeservice GmbH Ehrenfeldstr. 34 44789 Bochum --------------------------------------------------------- Sitz der Gesellschaft: Bochum Registergericht: Amtsgericht Bochum HRB 3259 Geschäftsführer: Roland Scherer -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/1296394213.8789.1.camel@macbook
