rename to reflect updated version

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2950 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 245 insertions, 0 deletions

diff --git a/dsa-texts/2.6.32-48squeeze3 b/dsa-texts/2.6.32-48squeeze3
new file mode 100644
index 00000000..8308ebdd
--- /dev/null
+++ b/dsa-texts/2.6.32-48squeeze3
@@ -0,0 +1,245 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security@debian.org
+http://www.debian.org/security/                           Dann Frazier
+May 14, 2013                        http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : privilege escalation/denial of service
+Problem type   : local
+Debian-specific: no
+CVE Id(s)      : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-4508
+                 CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542
+                 CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6548
+                 CVE-2012-6549 CVE-2013-0349 CVE-2013-0914 CVE-2013-1767
+                 CVE-2013-1773 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796
+                 CVE-2013-1798 CVE-2013-1826 CVE-2013-1860 CVE-2013-1928
+                 CVE-2013-1929 CVE-2013-2015 CVE-2013-2634 CVE-2013-3222
+                 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3228
+                 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234 CVE-2013-3235
+
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a denial of service or privilege escalation. The Common Vulnerabilities and
+Exposures project identifies the following problems:
+
+CVE-2012-2121
+
+    Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU
+    mapping of memory slots used in KVM device assignment. Local users with
+    the ability to assign devices could cause a denial of service due to a
+    memory page leak.
+
+CVE-2012-3552
+
+    Hafid Lin reported an issue in the IP network subsystem. A remote user
+    can cause a denial of service (system crash) on servers running
+    applications that set options on sockets which are actively being
+    processed.
+
+CVE-2012-4461
+
+    Jon Howell reported a denial of service issue in the KVM subsystem.
+    On systems that do not support the XSAVE feature, local users with
+    access to the /dev/kvm interface can cause a system crash.
+
+CVE-2012-4508
+CVE-2012-6537
+
+    Mathias Krause discovered information leak issues in the Transformation
+    user configuration interface. Local users with the CAP_NET_ADMIN capability
+    can gain access to sensitive kernel memory.
+
+CVE-2012-6539
+
+    Mathias Krause discovered an issue in the networking subsystem. Local
+    users on 64-bit systems can gain access to sensitive kernel memory.
+
+CVE-2012-6540
+
+    Mathias Krause discovered an issue in the Linux virtual server subsystem.
+    Local users can gain access to sensitive kernel memory. Note: this issue
+    does not affect Debian provided kernels, but may affect custom kernels
+    built from Debian's linux-source-2.6.32 package.
+
+CVE-2012-6542
+
+    Mathias Krause discovered an issue in the LLC protocol support code.
+    Local users can gain access to sensitive kernel memory.
+
+CVE-2012-6544
+
+    Mathias Krause discovered issues in the Bluetooth subsystem.
+    Local users can gain access to sensitive kernel memory.
+
+CVE-2012-6545
+
+    Mathias Krause discovered issues in the Bluetooth RFCOMM protocol
+    support. Local users can gain access to sensitive kernel memory.
+
+CVE-2012-6546
+
+    Mathias Krause discovered issues in the ATM networking support. Local
+    users can gain access to sensitive kernel memory.
+
+CVE-2012-6548
+
+    Mathias Krause discovered an issue in the UDF file system support.
+    Local users can obtain access to sensitive kernel memory.
+
+CVE-2012-6549
+
+    Mathias Krause discovered an issue in the isofs file system support.
+    Local users can obtain access to sensitive kernel memory.
+
+CVE-2013-0349
+
+    Anderson Lizardo discovered an issue in the Bluetooth Human Interface
+    Device Protocol (HIDP) stack. Local users can obtain access to sensitive
+    kernel memory.
+
+CVE-2013-0914
+
+    Emese Revfy discovered an issue in the signal implementation. Local
+    users maybe able to bypass the address space layout randomization (ASLR)
+    facility due to a leaking of information to child processes.
+
+CVE-2013-1767
+
+    Greg Thelen reported an issue in the tmpfs virtual memory filesystem.
+    Local users with sufficient privilege to mount filesystems can cause
+    a denial of service or possibly elevated privileges due to a use-after-
+    free defect.
+
+CVE-2013-1773
+
+    Alan Stern provided a fix for a defect in the UTF8->UTF16 string conversion
+    facility used by the VFAT filesystem. A local user could cause a buffer
+    overflow condition, resulting in a denial of service or potentially
+    elevated privileges.
+
+CVE-2013-1774
+
+    Wolfgang Frisch provided a fix for a NULL-pointer dereference defect
+    in the driver for some serial USB devices from Inside Out Networks.
+    Local users with permission to access these devices can create a denial
+    of service (kernel oops) by causing the device to be removed while it is
+    in use.
+
+CVE-2013-1792
+
+    Mateusz Guzik of Red Hat EMEA GSS SEG Team discovered a race condition
+    in the access key retention support in the kernel. A local user could
+    cause a denial of service (NULL pointer dereference).
+
+CVE-2013-1796
+
+    Andrew Honig of Google reported an issue in the KVM subsystem. A user in
+    a guest operating system could corrupt kernel memory, resulting in a
+    denial of service.
+
+CVE-2013-1798
+
+    Andrew Honig of Google reported an issue in the KVM subsystem. A user in
+    a guest operating system could cause a denial of service due to a use-
+    after-free defect.
+    
+CVE-2013-1826
+
+    Mathias Krause discovered an issue in the Transformation (XFRM) user
+    configuration interface of the networking stack. A user with the
+    CAP_NET_ADMIN capability maybe able to gain elevated privileges.
+    
+CVE-2013-1860
+
+    Oliver Neukum discovered an issue in the USB CDC WCM Device Management
+    driver. Local users with the ability to attach devices can cause a
+    denial of service (kernel crash) or potentially gain elevated privileges.
+
+CVE-2013-1928
+
+    Kees Cook provided a fix for an information leak in the
+    VIDEO_SET_SPU_PALETTE ioctl for 32-bit applications running on a 64-bit
+    kernel. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-1929
+
+    Oded Horovitz and Brad Spengler reported an issue in the device driver for
+    Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach
+    untrusted devices can create an overflow condition, resulting in a denial
+    of service or elevated privileges.
+
+CVE-2013-2015
+
+    Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local
+    users with the ability to mount a specially crafted filesystem can cause
+    a denial of service (infinite loop).
+
+CVE-2013-2634
+
+    Mathias Krause discovered a few issues in the Data Center Bridging (DCB)
+    netlink interface. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3222
+
+    Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM)
+    protocol support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3223
+
+    Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol
+    support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3224
+
+    Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users
+    can gain access to sensitive kernel memory.
+
+CVE-2013-3225
+
+    Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol
+    support. Local users can gain access to sensitive kernel memory.
+    
+CVE-2013-3228
+
+    Mathias Krauss discovered an issue in the IrDA (infrared) subsystem
+    support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3229
+
+    Mathias Krauss discovered an issue in the IUCV support on s390 systems.
+    Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3231
+
+    Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2
+    protocol support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3234
+
+    Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose)
+    protocol support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3235
+
+    Mathias Krauss discovered an issue in the Transparent Inter Process
+    Communication (TIPC) protocol support. Local users can gain access to
+    sensitive kernel memory.
+
+For the stable distribution (squeeze), this problem has been fixed in version
+2.6.32-48squeeze3.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+                                             Debian 6.0 (squeeze)
+     user-mode-linux                         2.6.32-1um-4+48squeeze3
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
+
+Thanks to Micah Anderson for proof reading this text.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: http://www.debian.org/security/
+
+Mailing list: debian-security-announce@lists.debian.org