diff options
| author | dann frazier <dannf@debian.org> | 2014-04-24 23:38:25 +0000 |
|---|---|---|
| committer | dann frazier <dannf@debian.org> | 2014-04-24 23:38:25 +0000 |
| commit | c56e76cbe9e44a440d0029327e94a59ce79c83a2 (patch) | |
| tree | 6c88b95c05548ff6e2429b5d071e961ae4b60542 /dsa-texts/2.6.32-48squeeze5 | |
| parent | 80e862b2e2d9fdc09bdfbe8d6dfc643ba64305c7 (diff) | |
text updates
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3324 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.32-48squeeze5')
| -rw-r--r-- | dsa-texts/2.6.32-48squeeze5 | 54 |
1 files changed, 44 insertions, 10 deletions
diff --git a/dsa-texts/2.6.32-48squeeze5 b/dsa-texts/2.6.32-48squeeze5 index d3ba6f70..f95700bf 100644 --- a/dsa-texts/2.6.32-48squeeze5 +++ b/dsa-texts/2.6.32-48squeeze5 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------- Debian Security Advisory DSA-2906-1 security@debian.org http://www.debian.org/security/ Dann Frazier -April 15, 2014 http://www.debian.org/security/faq +April 24, 2014 http://www.debian.org/security/faq ---------------------------------------------------------------------- Package : linux-2.6 @@ -25,7 +25,7 @@ CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router - advertisement messages that cause the temporary address generation to be + advertisement messages that cause temporary address generation to be disabled. CVE-2013-2147 @@ -36,20 +36,20 @@ CVE-2013-2147 CVE-2013-2889 - Kees Cook discovered that missing input sanitising in the HID - driver for Zeroplus game pads could lead to local denial of service. + Kees Cook discovered missing input sanitization in the HID driver for + Zeroplus game pads that could lead to a local denial of service. CVE-2013-2893 - Kees Cook discovered that missing input sanitising in the HID - driver for various Logitech force feedback devices could lead to local - denial of service. + Kees Cook discovered that missing input sanitization in the HID driver + for various Logitech force feedback devices could lead to a local denial + of service. CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of - the ptrace subsytsem could lead to information disclosure. - 'fs.suid_dumpable' needs to be set to 2. + the ptrace subsytsem could lead to information disclosure. Only systems + with the fs.suid_dumpable sysctl set to '2' are vulnerable. CVE-2013-4162 @@ -58,7 +58,8 @@ CVE-2013-4162 CVE-2013-4299 - A bug in the device mapper can lead to information disclosure. + Fujitsu reported an issue in the device-mapper subsystem. Local users + could gain access to sensitive kernel memory. CVE-2013-4345 @@ -127,13 +128,46 @@ CVE-2013-7339 A local user could cause a denial of service condition. CVE-2014-0101 + + Nokia Siemens Networks reported an issue in the SCTP network protocol + subsystem. Remote users could cause a denial of service (NULL pointer + dereference). + CVE-2014-1444 + + Salva Peiro reported an issue in the FarSync WAN driver. Local users + with the CAP_NET_ADMIN capability could contain access to sensitive kernel + memory. + CVE-2014-1445 + + Salva Peiro reported an issue in the wanXL serial card driver. Local users + could contain access to sensitive kernel memory. + CVE-2014-1446 + + Salva Peiro reported an issue in the YAM radio modem driver. Local users + with the CAP_NET_ADMIN capability could contain access to sensitive kernel + memory. + CVE-2014-1874 + + Matthew Thode reported an issue in the SELinux subsystem. A local user + with CAP_MAC_ADMIN privileges could cause a denial of service by setting + an empty security context on a file. + CVE-2014-2039 + + Martin Schwidefsky reported an issue on s390 platforms. A local user + could cause a denial of service (kernel oops) by executing an application + with a linkage stack instruction. + CVE-2014-2523 + Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp + module. Remote users could cause a denial of service (system crash) + or potentially gain elevated privileges. + For the oldstable distribution (squeeze), this problem has been fixed in version 2.6.32-48squeeze5. |