diff options
| author | dann frazier <dannf@debian.org> | 2013-05-14 15:43:19 +0000 |
|---|---|---|
| committer | dann frazier <dannf@debian.org> | 2013-05-14 15:43:19 +0000 |
| commit | e194610f574438949193fe363dcae823b9a0fcb8 (patch) | |
| tree | 2b841dd130600cc1dee815394848d9cbfb57ba1a /dsa-texts/2.6.32-48squeeze3 | |
| parent | df6781129f66cba4e9e8aec3fa3a24481a780213 (diff) | |
various updates
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2951 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.32-48squeeze3')
| -rw-r--r-- | dsa-texts/2.6.32-48squeeze3 | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/dsa-texts/2.6.32-48squeeze3 b/dsa-texts/2.6.32-48squeeze3 index 8308ebdd..ded0c364 100644 --- a/dsa-texts/2.6.32-48squeeze3 +++ b/dsa-texts/2.6.32-48squeeze3 @@ -1,12 +1,12 @@ ---------------------------------------------------------------------- -Debian Security Advisory DSA-XXXX-1 security@debian.org +Debian Security Advisory DSA-2668-1 security@debian.org http://www.debian.org/security/ Dann Frazier May 14, 2013 http://www.debian.org/security/faq ---------------------------------------------------------------------- Package : linux-2.6 -Vulnerability : privilege escalation/denial of service -Problem type : local +Vulnerability : privilege escalation/denial of service/information leak +Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-4508 CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542 @@ -31,7 +31,7 @@ CVE-2012-2121 CVE-2012-3552 - Hafid Lin reported an issue in the IP network subsystem. A remote user + Hafid Lin reported an issue in the IP networking subsystem. A remote user can cause a denial of service (system crash) on servers running applications that set options on sockets which are actively being processed. @@ -43,6 +43,10 @@ CVE-2012-4461 access to the /dev/kvm interface can cause a system crash. CVE-2012-4508 + + Dmitry Monakhov and Theodore Ts'o reported a race condition in the ext4 + filesystem. Local users could gain access to sensitive kernel memory. + CVE-2012-6537 Mathias Krause discovered information leak issues in the Transformation @@ -225,8 +229,8 @@ CVE-2013-3235 Communication (TIPC) protocol support. Local users can gain access to sensitive kernel memory. -For the stable distribution (squeeze), this problem has been fixed in version -2.6.32-48squeeze3. +For the oldstable distribution (squeeze), this problem has been fixed in +version 2.6.32-48squeeze3. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: @@ -238,6 +242,14 @@ We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Thanks to Micah Anderson for proof reading this text. +Note: Debian carefully tracks all known security issues across every +linux kernel package in all releases under active security support. +However, given the high frequency at which low-severity security +issues are discovered in the kernel and the resource requirements of +doing an update, updates for lower priority issues will normally not +be released for all kernels at the same time. Rather, they will be +released in a staggered or "leap-frog" fashion. + Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ |