diff options
| author | dann frazier <dannf@debian.org> | 2014-04-24 05:28:58 +0000 |
|---|---|---|
| committer | dann frazier <dannf@debian.org> | 2014-04-24 05:28:58 +0000 |
| commit | dfd460972484915cc558f0b2a912a68952be89eb (patch) | |
| tree | 2dee1082d212dc9d946fa52f36d812b53850a13a /dsa-texts/2.6.32-48squeeze5 | |
| parent | 807d6aec093ca5d312a39814ac6613214df42c68 (diff) | |
Add some text; note a couple issues that should probably not be advertised
as fixed (one was rejected, the other fix appears to be partial)
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3322 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.32-48squeeze5')
| -rw-r--r-- | dsa-texts/2.6.32-48squeeze5 | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/dsa-texts/2.6.32-48squeeze5 b/dsa-texts/2.6.32-48squeeze5 index 84294c63..0a9c5ae0 100644 --- a/dsa-texts/2.6.32-48squeeze5 +++ b/dsa-texts/2.6.32-48squeeze5 @@ -66,18 +66,70 @@ CVE-2013-4345 which could lead to the use of less entropy than expected. CVE-2013-4511 + + XXX PATCH IS MISSING CODE CHANGES TO au1[1,2]00fb.c - not sure this is + fixed. + CVE-2013-4512 + + Nico Golde and Fabian Yamaguchi reported an issue in the user mode + linux port. A buffer overflow condition exists in the write method + for the /proc/exitcode file. Local users with sufficient privilege + to write to this file could gain elevated privileges. + CVE-2013-4587 + + Andrew Honig of Google reported an issue in the KVM virtualization + subsystem. A local user could gain elevated privileges by passing + a large vcpu_id parameter. + CVE-2013-4588 + + XXX THIS WAS REJECTED. + CVE-2013-6367 + + Andrew Honig of Google reported an issue in the KVM virtualization + subsystem. A divide-by-zero condition could allow a guest user to + cause a denial of service on the host (crash). + CVE-2013-6380 + + Mahesh Rajashekhara reported an issue in the aacraid driver for storage + products from various vendors. Local users with CAP_SYS_ADMIN privileges + could gain further elevated privileges. + CVE-2013-6381 + + Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet + device support for s390 systems. Local users could cause a denial of + service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL + ioctl. + CVE-2013-6382 + + Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. + Local users with CAP_SYS_ADMIN privileges could gain further elevated + privileges. + CVE-2013-6383 + + Dan Carpenter reported an issue in the aacraid driver for storage devices + from various vendors. A local user could gain elevated privileges due to + a missing privilege level check in the aac_compat_ioctl function. + CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 + + mpb reported an information leak in the recvfrom, recvmmsg and recvmsg + system calls. A local user could obtain access to sensitive kernel memory. + CVE-2013-7339 + + Sasha Levin reported an issue in the RDS network protocol over Infiniband. + A local user could cause a denial of service condition. + CVE-2014-0101 CVE-2014-1444 CVE-2014-1445 |