blob: e6b62ddf138ccb922d0abe55bfee65fc000c9020 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
----------------------------------------------------------------------
Debian Security Advisory DSA-2906-1 security@debian.org
http://www.debian.org/security/ Dann Frazier
April 15, 2014 http://www.debian.org/security/faq
----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893
CVE-2013-4162 CVE-2013-4299 CVE-2013-4345 CVE-2013-4511
CVE-2013-4512 CVE-2013-4587 CVE-2013-4588 CVE-2013-6367
CVE-2013-6380 CVE-2013-6381 CVE-2013-6382 CVE-2013-6383
CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339
CVE-2014-0101 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446
CVE-2014-1874 CVE-2014-2039 CVE-2014-2523 CVE-2103-2929
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service, information leak or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2013-0343
George Kargiotakis reported an issue in the temporary address handling
of the IPv6 privacy extensions. Users on the same LAN can cause a denial
of service or obtain access to sensitive information by sending router
advertisement messages that cause the temporary address generation to be
disabled.
CVE-2013-2147
Dan Carpenter reported issues in the cpqarray driver for Compaq
Smart2 Controllers and the cciss driver for HP Smart Array controllers
allowing users to gain access to sensitive kernel memory.
CVE-2013-2889
CVE-2013-2893
CVE-2013-2929
CVE-2013-4162
CVE-2013-4299
CVE-2013-4345
CVE-2013-4511
CVE-2013-4512
CVE-2013-4587
CVE-2013-4588
CVE-2013-6367
CVE-2013-6380
CVE-2013-6381
CVE-2013-6382
CVE-2013-6383
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7339
CVE-2014-0101
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
CVE-2014-1874
CVE-2014-2039
CVE-2014-2523
For the oldstable distribution (squeeze), this problem has been fixed in
version 2.6.32-48squeeze5.
The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:
Debian 6.0 (squeeze)
user-mode-linux 2.6.32-1um-4+48squeeze5
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
|
