diff options
| author | dann frazier <dannf@debian.org> | 2014-04-25 00:12:39 +0000 |
|---|---|---|
| committer | dann frazier <dannf@debian.org> | 2014-04-25 00:12:39 +0000 |
| commit | 330ceb2568f29ec4ec275efd2609d7acbf2dbba5 (patch) | |
| tree | 631720e6b4050516b0396b76a15296e6964b6e30 /dsa-texts/2.6.32-48squeeze5 | |
| parent | 85f41ff3d922a83a8827272ebe2fa115d1bdc929 (diff) | |
clean up some working; released
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3326 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.32-48squeeze5')
| -rw-r--r-- | dsa-texts/2.6.32-48squeeze5 | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/dsa-texts/2.6.32-48squeeze5 b/dsa-texts/2.6.32-48squeeze5 index 713f0057..4b5e49a1 100644 --- a/dsa-texts/2.6.32-48squeeze5 +++ b/dsa-texts/2.6.32-48squeeze5 @@ -49,7 +49,8 @@ CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems - with the fs.suid_dumpable sysctl set to '2' are vulnerable. + with the fs.suid_dumpable sysctl set to a non-default value of '2' are + vulnerable. CVE-2013-4162 @@ -70,8 +71,9 @@ CVE-2013-4512 Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method - for the /proc/exitcode file. Local users with sufficient privilege - to write to this file could gain elevated privileges. + for the /proc/exitcode file. Local users with sufficient privileges + allowing them to write to this file could gain further elevated + privileges. CVE-2013-4587 @@ -110,9 +112,7 @@ CVE-2013-6383 from various vendors. A local user could gain elevated privileges due to a missing privilege level check in the aac_compat_ioctl function. -CVE-2013-7263 -CVE-2013-7264 -CVE-2013-7265 +CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 mpb reported an information leak in the recvfrom, recvmmsg and recvmsg system calls. A local user could obtain access to sensitive kernel memory. @@ -131,18 +131,18 @@ CVE-2014-0101 CVE-2014-1444 Salva Peiro reported an issue in the FarSync WAN driver. Local users - with the CAP_NET_ADMIN capability could contain access to sensitive kernel + with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory. CVE-2014-1445 - Salva Peiro reported an issue in the wanXL serial card driver. Local users - could contain access to sensitive kernel memory. + Salva Peiro reported an issue in the wanXL serial card driver. Local + users could gain access to sensitive kernel memory. CVE-2014-1446 Salva Peiro reported an issue in the YAM radio modem driver. Local users - with the CAP_NET_ADMIN capability could contain access to sensitive kernel + with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory. CVE-2014-1874 @@ -153,7 +153,7 @@ CVE-2014-1874 CVE-2014-2039 - Martin Schwidefsky reported an issue on s390 platforms. A local user + Martin Schwidefsky reported an issue on s390 systems. A local user could cause a denial of service (kernel oops) by executing an application with a linkage stack instruction. |