diff options
author | dann frazier <dannf@debian.org> | 2013-05-15 21:41:07 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2013-05-15 21:41:07 +0000 |
commit | 40bbec6fe3fcd6f9e97765e63a6088a5d86d4e36 (patch) | |
tree | 922e6f9d1e6e5f9bd102e015df3877a2b69eab68 /dsa-texts/3.2.41-2+deb7u2 | |
parent | 1d6268616ce4ed4db483a4828aad70624bd1dd7c (diff) |
flesh out
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2961 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/3.2.41-2+deb7u2')
-rw-r--r-- | dsa-texts/3.2.41-2+deb7u2 | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/dsa-texts/3.2.41-2+deb7u2 b/dsa-texts/3.2.41-2+deb7u2 index 73840327..28d44e62 100644 --- a/dsa-texts/3.2.41-2+deb7u2 +++ b/dsa-texts/3.2.41-2+deb7u2 @@ -1,12 +1,12 @@ ---------------------------------------------------------------------- -Debian Security Advisory DSA-XXXX-1 security@debian.org +Debian Security Advisory DSA-2669-1 security@debian.org http://www.debian.org/security/ Dann Frazier May 15, 2013 http://www.debian.org/security/faq ---------------------------------------------------------------------- Package : linux Vulnerability : privilege escalation/denial of service/information leak -Problem type : local/remote +Problem type : local Debian-specific: no CVE Id(s) : CVE-2013-0160 CVE-2013-1796 CVE-2013-1929 CVE-2013-1979 CVE-2013-2015 CVE-2013-2094 CVE-2013-3076 CVE-2013-3222 @@ -19,6 +19,11 @@ to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0160 + + vladz reported a timing leak with the /dev/ptmx character device. A local + user could use this to determine sensitive information such as password + length. + CVE-2013-1796 Andrew Honig of Google reported an issue in the KVM subsystem. A user in @@ -33,6 +38,10 @@ CVE-2013-1929 of service or elevated privileges. CVE-2013-1979 + + Andy Lutomirski reported an issue in the socket level control message + processing subsystem. Local users maybe able to gain eleveated privileges. + CVE-2013-2015 Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local @@ -40,7 +49,15 @@ CVE-2013-2015 a denial of service (infinite loop). CVE-2013-2094 + + Tommie Rantala discovered an issue in the perf subsystem. An out-of-bounds + access vulnerability allows local users to gain elevated privileges. + CVE-2013-3076 + + Mathias Krauss discovered an issue in the userspace interface for hash + algorithms. Local users can gain access to sensitive kernel memory. + CVE-2013-3222 Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM) @@ -62,6 +79,11 @@ CVE-2013-3225 support. Local users can gain access to sensitive kernel memory. CVE-2013-3227 + + Mathias Krauss discovered an issue in the Communication CPU to Application + CPU Interface (CAIF). Local users can gain access to sensitive kernel + memory. + CVE-2013-3228 Mathias Krauss discovered an issue in the IrDA (infrared) subsystem @@ -90,6 +112,10 @@ CVE-2013-3235 CVE-2013-3301 + Namhyung Kim reported an issue in the tracing subsystem. A privileged + local user could cause a denial of service (system crash). This + vulnerabililty is not applicable to Debian systems by default. + For the stable distribution (wheezy), this problem has been fixed in version 3.2.41-2+deb7u1. @@ -97,7 +123,7 @@ The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 7.0 (wheezy) - user-mode-linux XXXX + user-mode-linux 3.2-2um-1+deb7u1 We recommend that you upgrade your linux and user-mode-linux packages. |