diff options
author | Micah Anderson <micah@debian.org> | 2011-05-23 17:12:06 +0000 |
---|---|---|
committer | Micah Anderson <micah@debian.org> | 2011-05-23 17:12:06 +0000 |
commit | 5d7c71a4865d7d6e14a7b9733d346eef92f3f0c5 (patch) | |
tree | acbc116b5c7993125067ed034a70812c110838f6 | |
parent | 0f2076fd16c2ce37e219a7d1a402816a93f1eb53 (diff) |
a couple fixes
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2326 e094ebfe-e918-0410-adfb-c712417f3574
-rw-r--r-- | dsa-texts/2.6.32-34squeeze1 | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/dsa-texts/2.6.32-34squeeze1 b/dsa-texts/2.6.32-34squeeze1 index 9f0be9f1..b4a4463b 100644 --- a/dsa-texts/2.6.32-34squeeze1 +++ b/dsa-texts/2.6.32-34squeeze1 @@ -128,24 +128,24 @@ CVE-2011-1476 Dan Rosenberg reported issues in the Open Sound System MIDI interface that allow local users to cause a denial of service. This issue does not affect - official Debian Linux packages as they no longer provide support for OSS. - However, custom kernels built from Debians linux-source-2.6.32 may have - enabled this configuration and would therefore be vulnerable. + official Debian Linux image packages as they no longer provide support for + OSS. However, custom kernels built from Debians linux-source-2.6.32 may + have enabled this configuration and would therefore be vulnerable. CVE-2011-1477 - Dan Rosenberg reported issues in the Open Sound System driver for cards - that include a Yamaha FM synthesizer chip. Local users can cause memory + Dan Rosenberg reported issues in the Open Sound System driver for cards that + include a Yamaha FM synthesizer chip. Local users can cause memory corruption resulting in a denial of service. This issue does not affect - official Debian Linux packages as they no longer provide support for OSS. - However, custom kernels built from Debians linux-source-2.6.32 may have - enabled this configuration and would therefore be vulnerable. + official Debian Linux image packages as they no longer provide support for + OSS. However, custom kernels built from Debians linux-source-2.6.32 may + have enabled this configuration and would therefore be vulnerable. CVE-2011-1478 Ryan Sweat reported an issue in the Generic Receive Offload (GRO) support in the Linux networking subsystem. If an interface has GRO enabled and - is running in permiscuous mode, remote users can cause a denial of + is running in promiscuous mode, remote users can cause a denial of service (NULL pointer dereference) by sending packets on an unknown VLAN. @@ -165,11 +165,11 @@ CVE-2011-1494 CVE-2011-1495 - Dan Rosenberg reported two issues in the /dev/mpt2ctl interface provided - by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can - obtain elevated privileges and ready arbitrary kernel memory by using - specially crafted ioctl calls. On default Debian installations this - is not exploitable as this interface is only accessible to root. + Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface + provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users + can obtain elevated privileges and ready arbitrary kernel memory by using + specially crafted ioctl calls. On default Debian installations this is not + exploitable as this interface is only accessible to root. CVE-2011-1585 |