diff options
author | dann frazier <dannf@debian.org> | 2014-04-16 06:10:42 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2014-04-16 06:10:42 +0000 |
commit | 0664a5cef0097cdfe44fbeddb3324e5bd4e77aae (patch) | |
tree | fd474f51e2f5b5c9fba348e884fdbd5b5042b2d1 /dsa-texts/2.6.32-48squeeze5 | |
parent | fe709455e177c028e087912da45a2b08975dc28d (diff) |
add new WIP text
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3310 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.32-48squeeze5')
-rw-r--r-- | dsa-texts/2.6.32-48squeeze5 | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/dsa-texts/2.6.32-48squeeze5 b/dsa-texts/2.6.32-48squeeze5 new file mode 100644 index 00000000..e6b62ddf --- /dev/null +++ b/dsa-texts/2.6.32-48squeeze5 @@ -0,0 +1,87 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-2906-1 security@debian.org +http://www.debian.org/security/ Dann Frazier +April 15, 2014 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service/information leak +Problem type : local/remote +Debian-specific: no +CVE Id(s) : CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893 + CVE-2013-4162 CVE-2013-4299 CVE-2013-4345 CVE-2013-4511 + CVE-2013-4512 CVE-2013-4587 CVE-2013-4588 CVE-2013-6367 + CVE-2013-6380 CVE-2013-6381 CVE-2013-6382 CVE-2013-6383 + CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339 + CVE-2014-0101 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 + CVE-2014-1874 CVE-2014-2039 CVE-2014-2523 CVE-2103-2929 + +Several vulnerabilities have been discovered in the Linux kernel that may lead +to a denial of service, information leak or privilege escalation. The Common +Vulnerabilities and Exposures project identifies the following problems: + +CVE-2013-0343 + + George Kargiotakis reported an issue in the temporary address handling + of the IPv6 privacy extensions. Users on the same LAN can cause a denial + of service or obtain access to sensitive information by sending router + advertisement messages that cause the temporary address generation to be + disabled. + +CVE-2013-2147 + + Dan Carpenter reported issues in the cpqarray driver for Compaq + Smart2 Controllers and the cciss driver for HP Smart Array controllers + allowing users to gain access to sensitive kernel memory. + +CVE-2013-2889 +CVE-2013-2893 +CVE-2013-2929 +CVE-2013-4162 +CVE-2013-4299 +CVE-2013-4345 +CVE-2013-4511 +CVE-2013-4512 +CVE-2013-4587 +CVE-2013-4588 +CVE-2013-6367 +CVE-2013-6380 +CVE-2013-6381 +CVE-2013-6382 +CVE-2013-6383 +CVE-2013-7263 +CVE-2013-7264 +CVE-2013-7265 +CVE-2013-7339 +CVE-2014-0101 +CVE-2014-1444 +CVE-2014-1445 +CVE-2014-1446 +CVE-2014-1874 +CVE-2014-2039 +CVE-2014-2523 + +For the oldstable distribution (squeeze), this problem has been fixed in +version 2.6.32-48squeeze5. + +The following matrix lists additional source packages that were rebuilt for +compatibility with or to take advantage of this update: + + Debian 6.0 (squeeze) + user-mode-linux 2.6.32-1um-4+48squeeze5 + +We recommend that you upgrade your linux-2.6 and user-mode-linux packages. + +Note: Debian carefully tracks all known security issues across every +linux kernel package in all releases under active security support. +However, given the high frequency at which low-severity security +issues are discovered in the kernel and the resource requirements of +doing an update, updates for lower priority issues will normally not +be released for all kernels at the same time. Rather, they will be +released in a staggered or "leap-frog" fashion. + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: http://www.debian.org/security/ + +Mailing list: debian-security-announce@lists.debian.org |