diff options
| author | dann frazier <dannf@debian.org> | 2011-09-05 20:06:44 +0000 |
|---|---|---|
| committer | dann frazier <dannf@debian.org> | 2011-09-05 20:06:44 +0000 |
| commit | 54b3f43d1a41788f08db8f267ca48620432e8eb3 (patch) | |
| tree | 521b9987136878922c4726834af02dd13237229a /dsa-texts/2.6.32-35squeeze1 | |
| parent | 50c4556b5fbd49d8be4cce3cd3af39c55df3f6e7 (diff) | |
Add text for remaining issues
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2476 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/2.6.32-35squeeze1')
| -rw-r--r-- | dsa-texts/2.6.32-35squeeze1 | 44 |
1 files changed, 30 insertions, 14 deletions
diff --git a/dsa-texts/2.6.32-35squeeze1 b/dsa-texts/2.6.32-35squeeze1 index b66d5ce51..6796fb83b 100644 --- a/dsa-texts/2.6.32-35squeeze1 +++ b/dsa-texts/2.6.32-35squeeze1 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------- -Debian Security Advisory DSA-2240-1 security@debian.org -http://www.debian.org/security/ dann frazier -May 24, 2011 http://www.debian.org/security/faq +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ Moritz Muehlenhoff, Dann Frazier +September XX, 2011 http://www.debian.org/security/faq ---------------------------------------------------------------------- Package : linux-2.6 @@ -20,11 +20,15 @@ Exposures project identifies the following problems: CVE-2011-1020 - foo + Kees Cook discovered an issue in the /proc filesystem that allows local + users to gain access to sensitive process information after execution + of a setuid binary. CVE-2011-1576 - foo + Ryan Sweat discovered an issue in the VLAN implementation. Local users + may be able to cause a kernel memory leak, resulting in a denial of + service. CVE-2011-2484 @@ -34,14 +38,15 @@ CVE-2011-2484 CVE-2011-2491 - foo + Vasily Averin discovered an issue with the NFS locking implementation. + A malicious NFS server can cause a client to hang indefinitely in + an unlock call. CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialised struct elements in the Bluetooth subsystem could lead to the information through leaked stack memory. - CVE-2011-2495 @@ -56,8 +61,8 @@ CVE-2011-2496 CVE-2011-2497 - Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which - could lead to denial of service or privilege escalation. + Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, + which could lead to denial of service or privilege escalation. CVE-2011-2517 @@ -68,15 +73,22 @@ CVE-2011-2517 CVE-2011-2525 - foo + Ben Pfaff reported an issue in the network scheduling code. A local + user could cause a denial of service (NULL pointer dereference) by + sending a specially crafted netlink message. CVE-2011-2700 - foo + Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the + driver for the Si4713 FM Radio Transmitter driver used by N900 devices. + Local users could exploit this issue to cause a denial of service or + ptotentially gain elevated privileges. CVE-2011-2723 - foo + Brent Meshier reported an issue in the GRO (generic receive offload) + implementation. This can be exploited by remote users to create a + denial of service (system crash) in certain network device configurations. CVE-2011-2905 @@ -106,11 +118,15 @@ CVE-2011-2928 CVE-2011-3188 - foo + Dan Kaminsky reported a weakness of the sequence number generation in + the TCP protocol implementation. This can be used by remote attackers + to inject packets into an active session. CVE-2011-3191 - foo + Darren Lavender reported an issue in the Common Internet File System (CIFS). + A malicious file server could cause memory corruption leading to a denial + of service. This update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768 (Debian: #633738) |