flesh out

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2961 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 29 insertions, 3 deletions

diff --git a/dsa-texts/3.2.41-2+deb7u2 b/dsa-texts/3.2.41-2+deb7u2
index 73840327..28d44e62 100644
--- a/dsa-texts/3.2.41-2+deb7u2
+++ b/dsa-texts/3.2.41-2+deb7u2
@@ -1,12 +1,12 @@
 ----------------------------------------------------------------------
-Debian Security Advisory DSA-XXXX-1                security@debian.org
+Debian Security Advisory DSA-2669-1                security@debian.org
 http://www.debian.org/security/                           Dann Frazier
 May 15, 2013                        http://www.debian.org/security/faq
 ----------------------------------------------------------------------
 
 Package        : linux
 Vulnerability  : privilege escalation/denial of service/information leak
-Problem type   : local/remote
+Problem type   : local
 Debian-specific: no
 CVE Id(s)      : CVE-2013-0160 CVE-2013-1796 CVE-2013-1929 CVE-2013-1979
                  CVE-2013-2015 CVE-2013-2094 CVE-2013-3076 CVE-2013-3222
@@ -19,6 +19,11 @@ to a denial of service, information leak or privilege escalation. The Common
 Vulnerabilities and Exposures project identifies the following problems:
 
 CVE-2013-0160
+
+    vladz reported a timing leak with the /dev/ptmx character device. A local
+    user could use this to determine sensitive information such as password
+    length.
+
 CVE-2013-1796
 
     Andrew Honig of Google reported an issue in the KVM subsystem. A user in
@@ -33,6 +38,10 @@ CVE-2013-1929
     of service or elevated privileges.
 
 CVE-2013-1979
+
+    Andy Lutomirski reported an issue in the socket level control message
+    processing subsystem. Local users maybe able to gain eleveated privileges.
+
 CVE-2013-2015
 
     Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local
@@ -40,7 +49,15 @@ CVE-2013-2015
     a denial of service (infinite loop).
 
 CVE-2013-2094
+
+    Tommie Rantala discovered an issue in the perf subsystem. An out-of-bounds
+    access vulnerability allows local users to gain elevated privileges.
+
 CVE-2013-3076
+
+    Mathias Krauss discovered an issue in the userspace interface for hash
+    algorithms. Local users can gain access to sensitive kernel memory.
+    
 CVE-2013-3222
 
     Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM)
@@ -62,6 +79,11 @@ CVE-2013-3225
     support. Local users can gain access to sensitive kernel memory.
     
 CVE-2013-3227
+
+    Mathias Krauss discovered an issue in the Communication CPU to Application
+    CPU Interface (CAIF). Local users can gain access to sensitive kernel
+    memory.
+
 CVE-2013-3228
 
     Mathias Krauss discovered an issue in the IrDA (infrared) subsystem
@@ -90,6 +112,10 @@ CVE-2013-3235
 
 CVE-2013-3301
 
+    Namhyung Kim reported an issue in the tracing subsystem. A privileged
+    local user could cause a denial of service (system crash). This
+    vulnerabililty is not applicable to Debian systems by default.
+
 For the stable distribution (wheezy), this problem has been fixed in version
 3.2.41-2+deb7u1.
 
@@ -97,7 +123,7 @@ The following matrix lists additional source packages that were rebuilt for
 compatibility with or to take advantage of this update:
 
                                              Debian 7.0 (wheezy)
-     user-mode-linux                         XXXX
+     user-mode-linux                         3.2-2um-1+deb7u1
 
 We recommend that you upgrade your linux and user-mode-linux packages.