diff options
| author | dann frazier <dannf@debian.org> | 2012-03-26 04:05:05 +0000 |
|---|---|---|
| committer | dann frazier <dannf@debian.org> | 2012-03-26 04:05:05 +0000 |
| commit | 08f6e945e7080828b56a2bd16690cbe7bc3be403 (patch) | |
| tree | 16497962ee03265d93e996ce5383088ffdb948de /dsa-texts/2.6.32-41squeeze2 | |
| parent | b678d77eae14318b25f0ada207385fad6afcc064 (diff) | |
new text
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2653 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.32-41squeeze2')
| -rw-r--r-- | dsa-texts/2.6.32-41squeeze2 | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/dsa-texts/2.6.32-41squeeze2 b/dsa-texts/2.6.32-41squeeze2 new file mode 100644 index 00000000..08d32413 --- /dev/null +++ b/dsa-texts/2.6.32-41squeeze2 @@ -0,0 +1,69 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ Dann Frazier +March XX, 2012 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service/information leak +Problem type : local/remote +Debian-specific: no +CVE Id(s) : CVE-2009-4307 CVE-2011-1833 CVE-2011-4127 CVE-2011-4347 + CVE-2012-0045 CVE-2012-1090 CVE-2012-1097 + +Several vulnerabilities have been discovered in the Linux kernel that may lead +to a denial of service or privilege escalation. The Common Vulnerabilities and +Exposures project identifies the following problems: + +CVE-2009-4307 + + Nageswara R Sastry reported an issue in the ext4 filesystem. Local users + with the privileges to mount a filesystem can cause a denial of service + (BUG) by providing a s_log_groups_per_flex value greater than 31. + +CVE-2011-1833 + + Vasiliy Kulikov of Openwall and Dan Rosenberg discovered an information + leak in the eCryptfs filesystem. Local users were able to mount arbitrary + directories. + +CVE-2011-4347 + + Sasha Levin reported an issue in the device assignment functionality + in KVM. Local users with permission to access /dev/kvm could assign + unused pci devices to a guest and cause a denial of service (crash). + +CVE-2012-0045 + + Stephan Barwolf reported an issue in KVM. Local users in a 32-bit + guest running on a 64-bit system can crash the guest with a syscall + instruction. + +CVE-2012-1090 + + CAI Qian reported an issue in the CIFS filesystem. A reference count + leak can occur during the lookup of special files, resulting in a + denial of service (oops) on umount. + +CVE-2012-1097 + + H. Peter Anvin reported an issue in the regset infrastructure. Local + users can cause a denial of service (NULL pointer dereference) by + triggering the write methods of readonly regsets. + +For the stable distribution (squeeze), this problem has been fixed in version +2.6.32-41squeeze2. + +The following matrix lists additional source packages that were rebuilt for +compatibility with or to take advantage of this update: + + Debian 6.0 (squeeze) + user-mode-linux 2.6.32-1um-4+41squeeze2 + +We recommend that you upgrade your linux-2.6 and user-mode-linux packages. + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: http://www.debian.org/security/ + +Mailing list: debian-security-announce@lists.debian.org |