diff options
author | dann frazier <dannf@debian.org> | 2012-01-15 18:42:16 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2012-01-15 18:42:16 +0000 |
commit | 2a437eaa414d5c83545191b7625ce30c660f2a8c (patch) | |
tree | bd41bf8aa4431f51fd757af418fb0cf1bc1c9f6c /dsa-texts/2.6.32-39squeeze1 | |
parent | 2902593a234afc576c2cc02741fa55ea52c6dcb6 (diff) |
add new text
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2598 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.32-39squeeze1')
-rw-r--r-- | dsa-texts/2.6.32-39squeeze1 | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/dsa-texts/2.6.32-39squeeze1 b/dsa-texts/2.6.32-39squeeze1 new file mode 100644 index 00000000..1bde5d3e --- /dev/null +++ b/dsa-texts/2.6.32-39squeeze1 @@ -0,0 +1,97 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ Dann Frazier +January XX, 2012 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service/information leak +Problem type : local/remote +Debian-specific: no +CVE Id(s) : CVE-2011-2183 CVE-2011-2213 CVE-2011-2898 CVE-2011-3353 + CVE-2011-4077 CVE-2011-4110 CVE-2011-4127 CVE-2011-4611 + CVE-2011-4622 CVE-2011-4914 + +Several vulnerabilities have been discovered in the Linux kernel that may lead +to a denial of service or privilege escalation. The Common Vulnerabilities and +Exposures project identifies the following problems: + +CVE-2011-2183 + + Andrea Righi reported an issue in KSM, a memory-saving de-duplication + feature. By exploiting a race with exiting tasks, local users can cause + a kernel oops, resulting in a denial of service. + +CVE-2011-2213 + + Dan Rosenberg discovered an issue in the INET socket monitoring interface. + Local users could cause a denial of service by injecting code and causing + the kernel to execute an infinite loop. + +CVE-2011-2898 + + Eric Dumazet reported an information leak in the raw packet socket + implementation. + +CVE-2011-3353 + + Han-Wen Nienhuys reported a local denial of service issue issue in the FUSE + (Filesystem in Userspace) support in the linux kernel. Local users could + cause a buffer overflow, leading to a kernel oops and resulting in a denial + of service. + +CVE-2011-4077 + + Carlos Maiolino reported an issue in the XFS filesystem. A local user + with the ability to mount a filesystem could corrupt memory resulting + in a denial of service or possibly gain elevated privileges. + +CVE-2011-4110 + + David Howells reported an issue in the kernel's access key retention + system which allow local users to cause a kernel oops leading to a denial + of service. + +CVE-2011-4127 + + Paolo Bonzini of Red Hat reported an issue in the ioctl passthrough + support for SCSI devices. Users with permission to access restricted + portions of a device (e.g. a partition or a logical volume) can obtain + access to the entire device by way of the SG_IO ioctl. This could be + exploited by a local user or privileged VM guest to achieve a privilege + escalation. + +CVE-2011-4611 + + Maynard Johnson reported an issue with the perf support on POWER7 systems + that allows local users to cause a denial of service. + +CVE-2011-4622 + + Jan Kiszka reported an issue in the KVM PIT timer support. Local users + with the permission to use KVM can cause a denial of service by starting + a PIT timer without first setting up the irqchip. + +CVE-2011-4914 + + Ben Hutchings reported various bounds checking issues within the ROSE + protocol support in the kernel. Remote users could possibly use this + to gain access to sensitive memory or cause a denial of service. + +For the stable distribution (squeeze), this problem has been fixed in version +2.6.32-39squeeze1. Updates for issues impacting the oldstable distribution +(lenny) will be available soon. + +The following matrix lists additional source packages that were rebuilt for +compatibility with or to take advantage of this update: + + Debian 6.0 (squeeze) + user-mode-linux 2.6.32-1um-4+39squeeze1 + +We recommend that you upgrade your linux-2.6 and user-mode-linux packages. + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: http://www.debian.org/security/ + +Mailing list: debian-security-announce@lists.debian.org |