add new text

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2598 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 97 insertions, 0 deletions

diff --git a/dsa-texts/2.6.32-39squeeze1 b/dsa-texts/2.6.32-39squeeze1
new file mode 100644
index 00000000..1bde5d3e
--- /dev/null
+++ b/dsa-texts/2.6.32-39squeeze1
@@ -0,0 +1,97 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security@debian.org
+http://www.debian.org/security/                           Dann Frazier
+January XX, 2012                    http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : privilege escalation/denial of service/information leak
+Problem type   : local/remote
+Debian-specific: no
+CVE Id(s)      : CVE-2011-2183 CVE-2011-2213 CVE-2011-2898 CVE-2011-3353
+                 CVE-2011-4077 CVE-2011-4110 CVE-2011-4127 CVE-2011-4611
+                 CVE-2011-4622 CVE-2011-4914
+
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a denial of service or privilege escalation. The Common Vulnerabilities and
+Exposures project identifies the following problems:
+
+CVE-2011-2183
+
+    Andrea Righi reported an issue in KSM, a memory-saving de-duplication
+    feature. By exploiting a race with exiting tasks, local users can cause
+    a kernel oops, resulting in a denial of service.
+                 
+CVE-2011-2213
+
+    Dan Rosenberg discovered an issue in the INET socket monitoring interface.
+    Local users could cause a denial of service by injecting code and causing
+    the kernel to execute an infinite loop.
+
+CVE-2011-2898
+
+    Eric Dumazet reported an information leak in the raw packet socket
+    implementation.
+
+CVE-2011-3353
+
+    Han-Wen Nienhuys reported a local denial of service issue issue in the FUSE
+    (Filesystem in Userspace) support in the linux kernel. Local users could
+    cause a buffer overflow, leading to a kernel oops and resulting in a denial
+    of service.
+
+CVE-2011-4077
+
+    Carlos Maiolino reported an issue in the XFS filesystem. A local user
+    with the ability to mount a filesystem could corrupt memory resulting
+    in a denial of service or possibly gain elevated privileges.
+
+CVE-2011-4110
+
+    David Howells reported an issue in the kernel's access key retention
+    system which allow local users to cause a kernel oops leading to a denial
+    of service.
+
+CVE-2011-4127
+
+    Paolo Bonzini of Red Hat reported an issue in the ioctl passthrough
+    support for SCSI devices. Users with permission to access restricted
+    portions of a device (e.g. a partition or a logical volume) can obtain
+    access to the entire device by way of the SG_IO ioctl. This could be
+    exploited by a local user or privileged VM guest to achieve a privilege
+    escalation.
+
+CVE-2011-4611
+
+    Maynard Johnson reported an issue with the perf support on POWER7 systems
+    that allows local users to cause a denial of service.
+
+CVE-2011-4622
+
+    Jan Kiszka reported an issue in the KVM PIT timer support. Local users
+    with the permission to use KVM can cause a denial of service by starting
+    a PIT timer without first setting up the irqchip.
+
+CVE-2011-4914
+
+    Ben Hutchings reported various bounds checking issues within the ROSE
+    protocol support in the kernel. Remote users could possibly use this
+    to gain access to sensitive memory or cause a denial of service.
+
+For the stable distribution (squeeze), this problem has been fixed in version
+2.6.32-39squeeze1. Updates for issues impacting the oldstable distribution
+(lenny) will be available soon.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+                                             Debian 6.0 (squeeze)
+     user-mode-linux                         2.6.32-1um-4+39squeeze1
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: http://www.debian.org/security/
+
+Mailing list: debian-security-announce@lists.debian.org