From 0f2076fd16c2ce37e219a7d1a402816a93f1eb53 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Mon, 23 May 2011 01:31:46 +0000 Subject: completed first draft of issue descriptions git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2325 e094ebfe-e918-0410-adfb-c712417f3574 --- dsa-texts/2.6.32-34squeeze1 | 99 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 98 insertions(+), 1 deletion(-) (limited to 'dsa-texts/2.6.32-34squeeze1') diff --git a/dsa-texts/2.6.32-34squeeze1 b/dsa-texts/2.6.32-34squeeze1 index cc3304cb..9f0be9f1 100644 --- a/dsa-texts/2.6.32-34squeeze1 +++ b/dsa-texts/2.6.32-34squeeze1 @@ -126,24 +126,121 @@ CVE-2011-1182 CVE-2011-1476 - Dan Rosenberg reported an issue in the + Dan Rosenberg reported issues in the Open Sound System MIDI interface that + allow local users to cause a denial of service. This issue does not affect + official Debian Linux packages as they no longer provide support for OSS. + However, custom kernels built from Debians linux-source-2.6.32 may have + enabled this configuration and would therefore be vulnerable. + CVE-2011-1477 + + Dan Rosenberg reported issues in the Open Sound System driver for cards + that include a Yamaha FM synthesizer chip. Local users can cause memory + corruption resulting in a denial of service. This issue does not affect + official Debian Linux packages as they no longer provide support for OSS. + However, custom kernels built from Debians linux-source-2.6.32 may have + enabled this configuration and would therefore be vulnerable. + CVE-2011-1478 + + Ryan Sweat reported an issue in the Generic Receive Offload (GRO) support + in the Linux networking subsystem. If an interface has GRO enabled and + is running in permiscuous mode, remote users can cause a denial of + service (NULL pointer dereference) by sending packets on an unknown + VLAN. + CVE-2011-1493 + + Dan Rosenburg reported two issues in the Linux implementation of the Amateur + Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of service + by providing specially crafted facilities fields. + CVE-2011-1494 + + Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided + by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can + obtain elevated privileges by specially crafted ioctl calls. On default + Debian installations this is not exploitable as this interface is only + accessible to root. + CVE-2011-1495 + + Dan Rosenberg reported two issues in the /dev/mpt2ctl interface provided + by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can + obtain elevated privileges and ready arbitrary kernel memory by using + specially crafted ioctl calls. On default Debian installations this + is not exploitable as this interface is only accessible to root. + CVE-2011-1585 + + Jeff Layton reported an issue in the Common Internet File System (CIFS). + Local users can bypass authentication requirements for shares that are + already mounted by another user. + CVE-2011-1593 + + Robert Swiecki reported a signednes issue in the next_pidmap() function, + which can be exploited my local users to cause a denial of service. + CVE-2011-1598 + + Dave Jones reported an issue in the Broadcast Manager Controller Area + Network (CAN/BCM) protocol that may allow local users to cause a NULL + pointer dereference, resulting in a denial of service. + CVE-2011-1745 + + Vasiliy Kulikov reported an issue in the Linux support for AGP devices. + Local users can obtain elevated privileges or cause a denial of service + due to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian + installations, this is exploitable only by users in the video group. + CVE-2011-1746 + + Vasiliy Kulikov reported an issue in the Linux support for AGP devices. + Local users can obtain elevated privileges or cause a denial of service + due to missing bounds checking in the agp_allocate_memory and + agp_create_user_memory. On default Debian installations, this is + exploitable only by users in the video group. + CVE-2011-1748 + + Oliver Kartkopp reported an issue in the Controller Area Network (CAN) + raw socket implementation which permits ocal users to cause a NULL + pointer dereference, resulting in a denial of service. + CVE-2011-1759 + + Dan Rosenberg reported an issue in the support for executing "old ABI" + binaries on ARM processors. Local users can obtain elevated privileges + due to insufficient bounds checking in the semtimedop system call. + CVE-2011-1767 + + Alexecy Dobriyan reported an issue in the GRE over IP implementation. + Remote users can cause a denial of service by sending a packet during + module initialization. + CVE-2011-1770 + + Dan Rosenberg reported an issue in the Datagram Congestion Control Protocol + (DCCP). Remote users can cause a denial of service or potentially obtain + access to sensitive kernel memory. + CVE-2011-1776 + + Timo Warns reported an issue in the Linux implementation for GUID + partitions. Users with physical access can gain access to sensitive + kernel memory by adding a storage device with a specially crafted + corrupted invalid partition table. + CVE-2011-2022 + Vasiliy Kulikov reported an issue in the Linux support for AGP devices. + Local users can obtain elevated privileges or cause a denial of service + due to missing bounds checking in the AGPIOC_UNBIND ioctl. On default + Debian installations, this is exploitable only by users in the video group. + This update also includes fixes a regression introduced by a previous update. See the referenced Debian bug page for details. -- cgit v1.2.3