Security Update: Debian Linux Kernel Local / Remote Vulnerabilities

Debian project today released a pair of security updates to plug at least ten security holes in its core called Linux kernel. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. This update has been rated as having important security impact.

For the stable distribution (etch), these problems have been fixed in version 2.6.24-6~etchnhalf.7. This is not just Debian specific bug. Other distros will also provide updates.

Problem Description

CVE-2008-3528

    Eugene Teo reported a local DoS issue in the ext2 and ext3
    filesystems.  Local users who have been granted the privileges
    necessary to mount a filesystem would be able to craft a corrupted
    filesystem that causes the kernel to output error messages in an
    infinite loop.

CVE-2008-4554

    Milos Szeredi reported that the usage of splice() on files opened
    with O_APPEND allows users to write to the file at arbitrary
    offsets, enabling a bypass of possible assumed semantics of the
    O_APPEND flag.

CVE-2008-4576

    Vlad Yasevich reported an issue in the SCTP subsystem that may
    allow remote users to cause a local DoS by triggering a kernel
    oops.

CVE-2008-4618

    Wei Yongjun reported an issue in the SCTP subsystem that may allow
    remote users to cause a local DoS by triggering a kernel panic.

CVE-2008-4933

    Eric Sesterhenn reported a local DoS issue in the hfsplus
    filesystem.  Local users who have been granted the privileges
    necessary to mount a filesystem would be able to craft a corrupted
    filesystem that causes the kernel to overrun a buffer, resulting
    in a system oops or memory corruption.

CVE-2008-4934

    Eric Sesterhenn reported a local DoS issue in the hfsplus
    filesystem.  Local users who have been granted the privileges
    necessary to mount a filesystem would be able to craft a corrupted
    filesystem that results in a kernel oops due to an unchecked
    return value.

CVE-2008-5025

    Eric Sesterhenn reported a local DoS issue in the hfs filesystem.
    Local users who have been granted the privileges necessary to
    mount a filesystem would be able to craft a filesystem with a
    corrupted catalog name length, resulting in a system oops or
    memory corruption.

CVE-2008-5029

    Andrea Bittau reported a DoS issue in the unix socket subsystem
    that allows a local user to cause memory corruption, resulting in
    a kernel panic.

CVE-2008-5134

    Johannes Berg reported a remote DoS issue in the libertas wireless
    driver, which can be triggered by a specially crafted beacon/probe
    response.

CVE-2008-5182

    Al Viro reported race conditions in the inotify subsystem that may
    allow local users to acquire elevated privileges.

CVE-2008-5300

    Dann Frazier reported a DoS condition that allows local users to
    cause the out of memory handler to kill off privileged processes
    or trigger soft lockups due to a starvation issue in the unix
    socket subsystem.

How do I fix this problem?

Simply upgrade your kernel by typing the following commands:
# apt-get update
# apt-get upgrade

Reboot the system:
# reboot


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum