diff options
author | dann frazier <dannf@debian.org> | 2013-02-24 22:44:21 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2013-02-24 22:44:21 +0000 |
commit | 7ac4339f1c5e673d4e452fc50547cb8ac6b42e55 (patch) | |
tree | e21dc9e8751b303ed100a1ad0f752ef4e39b8d41 /dsa-texts/2.6.32-48squeeze1 | |
parent | e2c7b8f21058a516bcdc5a8450338048fde6abee (diff) |
new text
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2818 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.32-48squeeze1')
-rw-r--r-- | dsa-texts/2.6.32-48squeeze1 | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/dsa-texts/2.6.32-48squeeze1 b/dsa-texts/2.6.32-48squeeze1 new file mode 100644 index 00000000..c0800942 --- /dev/null +++ b/dsa-texts/2.6.32-48squeeze1 @@ -0,0 +1,46 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ Dann Frazier +February 25, 2013 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service +Problem type : local +Debian-specific: no +CVE Id(s) : CVE-2013-0231 CVE-2013-0871 + +Several vulnerabilities have been discovered in the Linux kernel that may lead +to a denial of service or privilege escalation. The Common Vulnerabilities and +Exposures project identifies the following problems: + +CVE-2013-0231 + + Jan Beulich provided a fix for an issue in the Xen PCI backend drivers. + Users of guests on a system using passed-through PCI devices can create + a denial of service of the host system due to the use of non-ratelimited + kernel log messages. + +CVE-2013-0871 + + Suleiman Souhlal and Salman Qazi of Google, with help from Aaron Durbin + and Michael Davidson of Google, discovered an issue in the + ptrace subsystem. Due to a race condition with PTRACE_SETREGS, local users + can cause kernel stack corruption and execution of arbitrary code. + +For the stable distribution (squeeze), this problem has been fixed in version +2.6.32-48squeeze1. + +The following matrix lists additional source packages that were rebuilt for +compatibility with or to take advantage of this update: + + Debian 6.0 (squeeze) + user-mode-linux 2.6.32-1um-4+48squeeze1 + +We recommend that you upgrade your linux-2.6 and user-mode-linux packages. + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: http://www.debian.org/security/ + +Mailing list: debian-security-announce@lists.debian.org |