diff options
| author | dann frazier <dannf@debian.org> | 2014-05-14 15:49:09 +0000 |
|---|---|---|
| committer | dann frazier <dannf@debian.org> | 2014-05-14 15:49:09 +0000 |
| commit | 51e70c657abfcc2cf8f219ffa4ed96b191c451f0 (patch) | |
| tree | e7444b10b20f5166a187c39e4caee6aaed4254e9 /dsa-texts/2.6.32-48squeeze6 | |
| parent | 28a2f44f8cb8d823a40ae78bdf3ed2e635e2b858 (diff) | |
new dsa text
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3350 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.32-48squeeze6')
| -rw-r--r-- | dsa-texts/2.6.32-48squeeze6 | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/dsa-texts/2.6.32-48squeeze6 b/dsa-texts/2.6.32-48squeeze6 new file mode 100644 index 00000000..84801e0d --- /dev/null +++ b/dsa-texts/2.6.32-48squeeze6 @@ -0,0 +1,51 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-2928-1 security@debian.org +http://www.debian.org/security/ Dann Frazier +May 14, 2014 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux-2.6 +Vulnerability : privilege escalation/denial of service/information leak +Problem type : local +Debian-specific: no +CVE Id(s) : CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 + +Several vulnerabilities have been discovered in the Linux kernel that may lead +to a denial of service, information leak or privilege escalation. The Common +Vulnerabilities and Exposures project identifies the following problems: + +CVE-2014-0196 + + Jiri Slaby discovered a race condition in the pty layer, which could lead + to a denial of service or privilege escalation. + +CVE-2014-1737 CVE-2014-1738 + + Matthew Daley discovered an information leak and missing input + sanitising in the FDRAWCMD ioctl of the floppy driver. This could result + in a privilege escalation. + +For the oldstable distribution (squeeze), this problem has been fixed in +version 2.6.32-48squeeze6. + +The following matrix lists additional source packages that were rebuilt for +compatibility with or to take advantage of this update: + + Debian 6.0 (squeeze) + user-mode-linux 2.6.32-1um-4+48squeeze6 + +We recommend that you upgrade your linux-2.6 and user-mode-linux packages. + +Note: Debian carefully tracks all known security issues across every +linux kernel package in all releases under active security support. +However, given the high frequency at which low-severity security +issues are discovered in the kernel and the resource requirements of +doing an update, updates for lower priority issues will normally not +be released for all kernels at the same time. Rather, they will be +released in a staggered or "leap-frog" fashion. + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: http://www.debian.org/security/ + +Mailing list: debian-security-announce@lists.debian.org |