Several security related problems have been discovered in the Linux
kernel which may lead to a denial of service or even the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems:
Toshihiro Iwamoto discovered a memory leak in the handling of
direct I/O writes that allows local users to cause a denial of
A buffer overflow in NFS readlink handling allows a malicious
remote server to cause a denial of service.
Stephen Smalley discovered a bug in the SELinux ptrace handling
that allows local users with ptrace permissions to change the
tracer SID to the SID of another process.
Pavel Kankovsky discovered an information leak in the getsockopt
system call which can be exploited by a local program to leak
potentially sensitive memory to userspace.
Douglas Gilbert reported a bug in the sg driver that allows local
users to cause a denial of service by performing direct I/O
transfers from the sg driver to memory mapped I/O space.
Mattia Belletti noticed that certain debugging code left in the
process management code could be exploited by a local attacker to
cause a denial of service.
Kostik Belousov discovered a missing LSM file_permission check in
the readv and writev functions which might allow attackers to
bypass intended access restrictions.
Patrick McHardy discovered a bug in the SNMP NAT helper that
allows remote attackers to cause a denial of service.
A race condition in the socket buffer handling allows remote
attackers to cause a denial of service.
Diego Calleja Garcia discovered a buffer overflow in the DVD
handling code that could be exploited by a specially crafted DVD
or USB storage device to execute arbitrary code.
A bug in the serial USB driver has been discovered that could be
exploited by a custom made USB serial adapter to consume arbitrary
amounts of memory.
James McKenzie discovered a denial of service vulnerability in the
NFS driver. When exporting an ext3 file system over NFS, a remote
attacker could exploit this to trigger a file system panic by
sending a specially crafted UDP packet.
Wei Wang discovered a bug in the SCTP implementation that allows
local users to cause a denial of service and possibly gain root
Olof Johansson discovered that the kernel did not disable the HID0
bit on PowerPC 970 processors which could be exploited by a local
attacker to cause a denial of service.
A bug in the Universal Disk Format (UDF) filesystem driver could
be exploited by a local user to cause a denial of service.
David Miller reported a problem with the fix for CVE-2006-3745
that allows local users to crash the system using via an SCTP
socket with a certain SO_LINGER value.
The following matrix explains which kernel version for which
architecture fixes the problem mentioned above:
Alpha architecture 2.6.8-16sarge5
AMD64 architecture 2.6.8-16sarge5
HP Precision architecture 2.6.8-6sarge5
Intel IA-32 architecture 2.6.8-16sarge5
Intel IA-64 architecture 2.6.8-14sarge5
Motorola 680x0 architecture 2.6.8-4sarge5
PowerPC architecture 2.6.8-12sarge5
IBM S/390 2.6.8-5sarge5
Sun Sparc architecture 2.6.8-15sarge5
Due to some internal problems kernel packages for the S/390 are
missing and will be provided later.
For the unstable distribution (sid) these problems have been fixed in
We recommend that you upgrade your kernel package and reboot the
machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
will update the internal database
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge