Privacy and Legal Notice

DOE-CIRC TECHNICAL BULLETIN

T-259: Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability

[CVE-2009-2847]

October 27, 2009 13:00 GMT
PROBLEM: The Linux kernel is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
PLATFORM: Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5
ABSTRACT: The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function.
LINKS:  
  DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-259.shtml
  OTHER LINKS: Security Focus
http://www.securityfocus.com/bid/35929/info
  CVE: CVE-2009-2847
IMPACT ASSESSMENT: This risk is medium. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. 
[***** Start CVE-2009-2847 *****]
Discussion:
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function.

Exploit code is available here:
http://downloads.securityfocus.com/vulnerabilities/exploits/35929.c

Solution:
Updates are available, please see below for more information:

Ubuntu Ubuntu Linux 8.10 powerpc

    * Ubuntu linux-doc-2.6.27_2.6.27-15.43_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.27_2 .6.27-15.43_all.deb

    * Ubuntu linux-headers-2.6.27-15_2.6.27-15.43_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6. 27-15_2.6.27-15.43_all.deb

    * Ubuntu linux-source-2.6.27_2.6.27-15.43_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.2 7_2.6.27-15.43_all.deb


Ubuntu Ubuntu Linux 9.04 sparc

    * Ubuntu linux-doc-2.6.28_2.6.28-16.55_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.28_2 .6.28-16.55_all.deb

    * Ubuntu linux-headers-2.6.28-16_2.6.28-16.55_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6. 28-16_2.6.28-16.55_all.deb

    * Ubuntu linux-source-2.6.28_2.6.28-16.55_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.2 8_2.6.28-16.55_all.deb


Ubuntu Ubuntu Linux 8.10 sparc

    * Ubuntu linux-doc-2.6.27_2.6.27-15.43_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.27_2 .6.27-15.43_all.deb

    * Ubuntu linux-headers-2.6.27-15_2.6.27-15.43_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6. 27-15_2.6.27-15.43_all.deb

    * Ubuntu linux-source-2.6.27_2.6.27-15.43_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.2 7_2.6.27-15.43_all.deb


Ubuntu Ubuntu Linux 9.04 lpia

    * Ubuntu block-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.28-16-lpia -di_2.6.28-16.55_lpia.udeb

    * Ubuntu crypto-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.28-16-lpi a-di_2.6.28-16.55_lpia.udeb

    * Ubuntu fat-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.28-16-lpia-d i_2.6.28-16.55_lpia.udeb

    * Ubuntu fb-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/fb-modules-2.6.28-16-lpia-di _2.6.28-16.55_lpia.udeb

    * Ubuntu firewire-core-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.28 -16-lpia-di_2.6.28-16.55_lpia.udeb

    * Ubuntu floppy-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.28-16-lpi a-di_2.6.28-16.55_lpia.udeb

    * Ubuntu fs-core-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.28-16-lp ia-di_2.6.28-16.55_lpia.udeb

    * Ubuntu fs-secondary-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.28- 16-lpia-di_2.6.28-16.55_lpia.udeb

    * Ubuntu input-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.28-16-lpia -di_2.6.28-16.55_lpia.udeb

    * Ubuntu irda-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.28-16-lpia- di_2.6.28-16.55_lpia.udeb

    * Ubuntu kernel-image-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.28-16-lpia- di_2.6.28-16.55_lpia.udeb

    * Ubuntu linux-doc-2.6.28_2.6.28-16.55_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.28_2 .6.28-16.55_all.deb

    * Ubuntu linux-headers-2.6.28-16-lpia_2.6.28-16.55_lpia.deb
      http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.28-16-lpia _2.6.28-16.55_lpia.deb

    * Ubuntu linux-headers-2.6.28-16_2.6.28-16.55_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6. 28-16_2.6.28-16.55_all.deb

    * Ubuntu linux-image-2.6.28-16-lpia_2.6.28-16.55_lpia.deb
      http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.28-16-lpia_2 .6.28-16.55_lpia.deb

    * Ubuntu linux-libc-dev_2.6.28-16.55_lpia.deb
      http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.28-16.55_ lpia.deb

    * Ubuntu linux-source-2.6.28_2.6.28-16.55_all.deb
      http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.2 8_2.6.28-16.55_all.deb

    * Ubuntu md-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.28-16-lpia-di _2.6.28-16.55_lpia.udeb

    * Ubuntu message-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.28-16-lp ia-di_2.6.28-16.55_lpia.udeb

    * Ubuntu mouse-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.28-16-lpia -di_2.6.28-16.55_lpia.udeb

    * Ubuntu nfs-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.28-16-lpia-d i_2.6.28-16.55_lpia.udeb

    * Ubuntu nic-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.28-16-lpia-d i_2.6.28-16.55_lpia.udeb

    * Ubuntu nic-pcmcia-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.28-16 -lpia-di_2.6.28-16.55_lpia.udeb

    * Ubuntu nic-shared-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.28-16 -lpia-di_2.6.28-16.55_lpia.udeb

    * Ubuntu nic-usb-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.28-16-lp ia-di_2.6.28-16.55_lpia.udeb

    * Ubuntu parport-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.28-16-lp ia-di_2.6.28-16.55_lpia.udeb

    * Ubuntu pata-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.28-16-lpia- di_2.6.28-16.55_lpia.udeb

    * Ubuntu pcmcia-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.28-16-lpi a-di_2.6.28-16.55_lpia.udeb

    * Ubuntu pcmcia-storage-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.2 8-16-lpia-di_2.6.28-16.55_lpia.udeb

    * Ubuntu plip-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.28-16-lpia- di_2.6.28-16.55_lpia.udeb

    * Ubuntu ppp-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.28-16-lpia-d i_2.6.28-16.55_lpia.udeb

    * Ubuntu sata-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.28-16-lpia- di_2.6.28-16.55_lpia.udeb

    * Ubuntu scsi-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.28-16-lpia- di_2.6.28-16.55_lpia.udeb

    * Ubuntu serial-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.28-16-lpi a-di_2.6.28-16.55_lpia.udeb

    * Ubuntu storage-core-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.28- 16-lpia-di_2.6.28-16.55_lpia.udeb

    * Ubuntu usb-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.28-16-lpia-d i_2.6.28-16.55_lpia.udeb

    * Ubuntu virtio-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb
      http://ports.ubuntu.com/pool/main/l/linux/virtio-modules-2.6.28-16-lpi a-di_2.6.28-16.55_lpia.udeb


Debian Linux 4.0 mips

    * Debian linux-doc-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6 .18_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-24etch4_mips.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-all-mips_2.6.18.dfsg.1-24etch4_mips.deb

    * Debian linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_mips.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-all_2.6.18.dfsg.1-24etch4_mips.deb

    * Debian linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mips.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mips.deb

    * Debian linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch4_mips.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch4_mips.deb

    * Debian linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch4_mips.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch4_mips.deb

    * Debian linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mips.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mips.deb

    * Debian linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mips.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mips.deb

    * Debian linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_mips.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6_2.6.18.dfsg.1-24etch4_mips.deb

    * Debian linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mips.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-qemu_2.6.18.dfsg.1-24etch4_mips.deb

    * Debian linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch4_mips.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch4_mips.deb

    * Debian linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch4_mips.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch4_mips.deb

    * Debian linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mips.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mips.deb

    * Debian linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mips.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mips.deb

    * Debian linux-manual-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual- 2.6.18_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-d ebian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-source-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source- 2.6.18_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-support-2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support -2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-tree-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2. 6.18_2.6.18.dfsg.1-24etch4_all.deb


Debian Linux 4.0 arm

    * Debian linux-doc-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6 .18_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-24etch4_arm.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-all-arm_2.6.18.dfsg.1-24etch4_arm.deb

    * Debian linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_arm.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-all_2.6.18.dfsg.1-24etch4_arm.deb

    * Debian linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch4_arm.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-footbridge_2.6.18.dfsg.1-24etch4_arm.deb

    * Debian linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch4_arm.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-iop32x_2.6.18.dfsg.1-24etch4_arm.deb

    * Debian linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch4_arm.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch4_arm.deb

    * Debian linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-24etch4_arm.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-rpc_2.6.18.dfsg.1-24etch4_arm.deb

    * Debian linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch4_arm.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch4_arm.deb

    * Debian linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_arm.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6_2.6.18.dfsg.1-24etch4_arm.deb

    * Debian linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch4_arm.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-footbridge_2.6.18.dfsg.1-24etch4_arm.deb

    * Debian linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch4_arm.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-iop32x_2.6.18.dfsg.1-24etch4_arm.deb

    * Debian linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch4_arm.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-ixp4xx_2.6.18.dfsg.1-24etch4_arm.deb

    * Debian linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-24etch4_arm.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-rpc_2.6.18.dfsg.1-24etch4_arm.deb

    * Debian linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch4_arm.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-s3c2410_2.6.18.dfsg.1-24etch4_arm.deb

    * Debian linux-manual-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual- 2.6.18_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-d ebian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-source-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source- 2.6.18_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-support-2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support -2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-tree-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2. 6.18_2.6.18.dfsg.1-24etch4_all.deb


Debian Linux 4.0 m68k

    * Debian linux-doc-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6 .18_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-manual-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual- 2.6.18_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-d ebian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-source-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source- 2.6.18_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-support-2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support -2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb

    * Debian linux-tree-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
      http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2. 6.18_2.6.18.dfsg.1-24etch4_all.deb

[***** End CVE-2009-2847 *****]
DOE-CIRC services are available to DOE, DOE Contractors, and the NIH. DOE-CIRC can be contacted at: 
    Voice:          866-941-2472
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov
UCRL-MI-119788