Debian Security Advisory

DSA-1436-1 linux-2.6 -- several vulnerabilities

Date Reported:
20 Dec 2007
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2006-6058, CVE-2007-5966, CVE-2007-6063, CVE-2007-6206.
More information:

Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2006-6058

    LMH reported an issue in the minix filesystem that allows local users with mount privileges to create a DoS (printk flood) by mounting a specially crafted corrupt filesystem.

  • CVE-2007-5966

    Warren Togami discovered an issue in the hrtimer subsystem that allows a local user to cause a DoS (soft lockup) by requesting a timer sleep for a long period of time leading to an integer overflow.

  • CVE-2007-6063

    Venustech AD-LAB discovered a buffer overflow in the isdn ioctl handling, exploitable by a local user.

  • CVE-2007-6206

    Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information.

  • CVE-2007-6417

    Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page may be improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash).

These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch6.

The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update:

  Debian 4.0 (etch)
fai-kernels 1.17+etch.13etch6
user-mode-linux 2.6.18-1um-2etch.13etch6

We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Architecture-independent component:
Intel IA-32:
Intel IA-64:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.