diff options
author | dann frazier <dannf@debian.org> | 2013-05-15 21:13:01 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2013-05-15 21:13:01 +0000 |
commit | 1d6268616ce4ed4db483a4828aad70624bd1dd7c (patch) | |
tree | a806068ead338f8eef4eac79bcc82c1da75ff020 /dsa-texts/3.2.41-2+deb7u2 | |
parent | 97d8964a07ce76b35d39b265cf1563e9409743e4 (diff) |
rename to reflect version number
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2960 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/3.2.41-2+deb7u2')
-rw-r--r-- | dsa-texts/3.2.41-2+deb7u2 | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/dsa-texts/3.2.41-2+deb7u2 b/dsa-texts/3.2.41-2+deb7u2 new file mode 100644 index 000000000..738403275 --- /dev/null +++ b/dsa-texts/3.2.41-2+deb7u2 @@ -0,0 +1,116 @@ +---------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +http://www.debian.org/security/ Dann Frazier +May 15, 2013 http://www.debian.org/security/faq +---------------------------------------------------------------------- + +Package : linux +Vulnerability : privilege escalation/denial of service/information leak +Problem type : local/remote +Debian-specific: no +CVE Id(s) : CVE-2013-0160 CVE-2013-1796 CVE-2013-1929 CVE-2013-1979 + CVE-2013-2015 CVE-2013-2094 CVE-2013-3076 CVE-2013-3222 + CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 + CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234 + CVE-2013-3235 CVE-2013-3301 + +Several vulnerabilities have been discovered in the Linux kernel that may lead +to a denial of service, information leak or privilege escalation. The Common +Vulnerabilities and Exposures project identifies the following problems: + +CVE-2013-0160 +CVE-2013-1796 + + Andrew Honig of Google reported an issue in the KVM subsystem. A user in + a guest operating system could corrupt kernel memory, resulting in a + denial of service. + +CVE-2013-1929 + + Oded Horovitz and Brad Spengler reported an issue in the device driver for + Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach + untrusted devices can create an overflow condition, resulting in a denial + of service or elevated privileges. + +CVE-2013-1979 +CVE-2013-2015 + + Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local + users with the ability to mount a specially crafted filesystem can cause + a denial of service (infinite loop). + +CVE-2013-2094 +CVE-2013-3076 +CVE-2013-3222 + + Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM) + protocol support. Local users can gain access to sensitive kernel memory. + +CVE-2013-3223 + + Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol + support. Local users can gain access to sensitive kernel memory. + +CVE-2013-3224 + + Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users + can gain access to sensitive kernel memory. + +CVE-2013-3225 + + Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol + support. Local users can gain access to sensitive kernel memory. + +CVE-2013-3227 +CVE-2013-3228 + + Mathias Krauss discovered an issue in the IrDA (infrared) subsystem + support. Local users can gain access to sensitive kernel memory. + +CVE-2013-3229 + + Mathias Krauss discovered an issue in the IUCV support on s390 systems. + Local users can gain access to sensitive kernel memory. + +CVE-2013-3231 + + Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2 + protocol support. Local users can gain access to sensitive kernel memory. + +CVE-2013-3234 + + Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose) + protocol support. Local users can gain access to sensitive kernel memory. + +CVE-2013-3235 + + Mathias Krauss discovered an issue in the Transparent Inter Process + Communication (TIPC) protocol support. Local users can gain access to + sensitive kernel memory. + +CVE-2013-3301 + +For the stable distribution (wheezy), this problem has been fixed in version +3.2.41-2+deb7u1. + +The following matrix lists additional source packages that were rebuilt for +compatibility with or to take advantage of this update: + + Debian 7.0 (wheezy) + user-mode-linux XXXX + +We recommend that you upgrade your linux and user-mode-linux packages. + +Note: Debian carefully tracks all known security issues across every +linux kernel package in all releases under active security support. +However, given the high frequency at which low-severity security +issues are discovered in the kernel and the resource requirements of +doing an update, updates for lower priority issues will normally not +be released for all kernels at the same time. Rather, they will be +released in a staggered or "leap-frog" fashion. + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: http://www.debian.org/security/ + +Mailing list: debian-security-announce@lists.debian.org |