add new WIP text

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3310 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 87 insertions, 0 deletions

diff --git a/dsa-texts/2.6.32-48squeeze5 b/dsa-texts/2.6.32-48squeeze5
new file mode 100644
index 00000000..e6b62ddf
--- /dev/null
+++ b/dsa-texts/2.6.32-48squeeze5
@@ -0,0 +1,87 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-2906-1                security@debian.org
+http://www.debian.org/security/                           Dann Frazier
+April 15, 2014                      http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : privilege escalation/denial of service/information leak
+Problem type   : local/remote
+Debian-specific: no
+CVE Id(s)      : CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893
+                 CVE-2013-4162 CVE-2013-4299 CVE-2013-4345 CVE-2013-4511
+                 CVE-2013-4512 CVE-2013-4587 CVE-2013-4588 CVE-2013-6367
+                 CVE-2013-6380 CVE-2013-6381 CVE-2013-6382 CVE-2013-6383
+                 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339
+                 CVE-2014-0101 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446
+                 CVE-2014-1874 CVE-2014-2039 CVE-2014-2523 CVE-2103-2929
+
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a denial of service, information leak or privilege escalation. The Common
+Vulnerabilities and Exposures project identifies the following problems:
+
+CVE-2013-0343
+
+    George Kargiotakis reported an issue in the temporary address handling
+    of the IPv6 privacy extensions. Users on the same LAN can cause a denial
+    of service or obtain access to sensitive information by sending router
+    advertisement messages that cause the temporary address generation to be
+    disabled.
+
+CVE-2013-2147
+
+    Dan Carpenter reported issues in the cpqarray driver for Compaq
+    Smart2 Controllers and the cciss driver for HP Smart Array controllers
+    allowing users to gain access to sensitive kernel memory.
+
+CVE-2013-2889
+CVE-2013-2893
+CVE-2013-2929
+CVE-2013-4162
+CVE-2013-4299
+CVE-2013-4345
+CVE-2013-4511
+CVE-2013-4512
+CVE-2013-4587
+CVE-2013-4588
+CVE-2013-6367
+CVE-2013-6380
+CVE-2013-6381
+CVE-2013-6382
+CVE-2013-6383
+CVE-2013-7263
+CVE-2013-7264
+CVE-2013-7265
+CVE-2013-7339
+CVE-2014-0101
+CVE-2014-1444
+CVE-2014-1445
+CVE-2014-1446
+CVE-2014-1874
+CVE-2014-2039
+CVE-2014-2523
+
+For the oldstable distribution (squeeze), this problem has been fixed in
+version 2.6.32-48squeeze5.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+                                             Debian 6.0 (squeeze)
+     user-mode-linux                         2.6.32-1um-4+48squeeze5
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
+
+Note: Debian carefully tracks all known security issues across every
+linux kernel package in all releases under active security support.
+However, given the high frequency at which low-severity security
+issues are discovered in the kernel and the resource requirements of
+doing an update, updates for lower priority issues will normally not
+be released for all kernels at the same time. Rather, they will be
+released in a staggered or "leap-frog" fashion.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: http://www.debian.org/security/
+
+Mailing list: debian-security-announce@lists.debian.org