Debians sikkerhedsbulletin
DSA-1927-1 linux-2.6 -- rettighedsforøgelse/lammelsesangreb/lækage af følsom hukommelse
- Rapporteret den:
- 5. nov 2009
- Berørte pakker:
- linux-2.6
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2009-3228, CVE-2009-3238, CVE-2009-3547, CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3638.
- Yderligere oplysninger:
-
Bemærk: Debian 5.0.4, den næste punktopdatering af Debian
lenny
vil indeholde en ny standardværdi for mmap_min_addr tunable. Ændringen vil give en ekstra sikkerhedsforanstaltning mod en form for sikkerhedssårbarheder kendt somNULL pointer-dereference
-sårbarheder, men den skal overtrumfes når visse applikationer anvendes. Yderligere oplysninger om denne ændring, herunder vejledning i at foretage ændringen lokalt forud for 5.0.4 (anbefalet), findes på: http://wiki.debian.org/mmap_min_addr.Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til lammelsesangreb (denial of service), lækage af følsom hukommelse eller rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har registreret følgende problemer:
- CVE-2009-3228
Eric Dumazet rapporterede om en situation med uinitialiseret kernehukommelse i netværkspakkescheduleren. Lokale brugere kunne måske udnytte problemet til at læse indholdet af følsom kernehukommelse.
- CVE-2009-3238
Linus Torvalds leverede en ændring til funktionen get_random_int() for at forøge dens tilfældighedsgenerering.
- CVE-2009-3547
Earl Chew opdagede et NULL-pointerdereferenceproblem i funktionen pipe_rdwr_open, hvilket kunne anvendes af lokale brugere til at opnå forøgede rettigheder.
- CVE-2009-3612
Jiri Pirko opdagede en slåfejl i initialiseringen af en struktur i netlink-undersystemet, hvilket måske kunne gøre det muligt for lokale brugere at få adgang til følsom kernehukommelse.
- CVE-2009-3620
Ben Hutchings opdagede et problem i DRM-manageren til ATI Rage 128-grafikkort. Lokale brugere kunne måske udnytte sårbarheden til at forårsage et lammelsesangreb (NULL-pointerdereference).
- CVE-2009-3621
Tomoki Sekiyama opdagede en deadlock-tilstand i implementeringen af UNIX-domainsocket. Lokale brugere kunne udnytte sårbarheden til at forårsage et lammelsesangreb (hængende system).
- CVE-2009-3638
David Wagner rapporterede om et overløb i KVM-undersystemet på i386-systemer. Problemet var udnytbart af lokale brugere med adgang til enhedsfilen /dev/kvm.
I den stabile distribution (lenny), er dette problem rettet i version 2.6.26-19lenny2.
I den gamle stabile distribution (etch), vil disse problemer, hvor relevant, blive rettet i opdateringer til linux-2.6 og linux-2.6.24.
Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.
Bemærk: Debian holder omhyggeligt rede på alle kendte sikkerhedsproblemer i alle linux-kernepakker i alle udgivelser med aktiv sikkerhedsunderstøttelse. Men med den store mængde sikkerhedsproblemer af lav prioritet, der opdages i kernen og ressourcekravene til at foretage en opdatering taget i betragtning, vil opdateringer til problemer af lavere sikkerhedsprioritet typisk ikke blive udgivet til alle kerner på samme tid. I stedet bliver de opsamlet og udgivet i større klumper.
Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget af hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:
Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+19lenny2 - CVE-2009-3228
- Rettet i:
-
Debian GNU/Linux 5.0 (lenny)
- Kildekode:
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-19lenny2.dsc
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-19lenny2.diff.gz
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-19lenny2.diff.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-19lenny2_all.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-19lenny2_all.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-19lenny2_all.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-19lenny2_all.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-19lenny2_all.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-19lenny2_all.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-19lenny2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-19lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-19lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-19lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-19lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-19lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-19lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-19lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-19lenny2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_amd64.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-19lenny2_armel.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-19lenny2_armel.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-19lenny2_armel.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_armel.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_armel.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-19lenny2_armel.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_armel.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-19lenny2_armel.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-19lenny2_armel.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-19lenny2_armel.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-19lenny2_armel.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-19lenny2_armel.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-19lenny2_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-19lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-19lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-19lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-19lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-19lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-19lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-19lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-19lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-19lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-19lenny2_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-19lenny2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-19lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-19lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-19lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-19lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-19lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-19lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-19lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-19lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-19lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_ia64.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-19lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_powerpc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.