[kernel-sec-discuss] r2500 - dsa-texts
Micah Anderson
micah at alioth.debian.org
Tue Sep 20 15:06:46 UTC 2011
Author: micah
Date: 2011-09-20 15:06:45 +0000 (Tue, 20 Sep 2011)
New Revision: 2500
Modified:
dsa-texts/2.6.26-26lenny4
Log:
update dsa text to get rid of asterisks, fix a missing word and format
Modified: dsa-texts/2.6.26-26lenny4
===================================================================
--- dsa-texts/2.6.26-26lenny4 2011-09-20 03:17:05 UTC (rev 2499)
+++ dsa-texts/2.6.26-26lenny4 2011-09-20 15:06:45 UTC (rev 2500)
@@ -18,14 +18,14 @@
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:
-[*]CVE-2009-4067
+CVE-2009-4067
- Rafael Dominguez Vega of MWR InfoSecurity reported an issue in auerswald
- module, a driver for Auerswald PBX/System Telephone USB devices.
- Attackers with physical access to a system's USB ports could obtain
- elevated privileges using a specially crafted USB device.
+ Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald
+ module, a driver for Auerswald PBX/System Telephone USB devices. Attackers
+ with physical access to a system's USB ports could obtain elevated
+ privileges using a specially crafted USB device.
-[*]CVE-2011-0712
+CVE-2011-0712
Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq
module, a USB driver for Native Instruments USB audio devices. Attackers
@@ -38,18 +38,18 @@
users to gain access to sensitive process information after execution of a
setuid binary.
-[*]CVE-2011-2209
+CVE-2011-2209
- Dan Rosenberg discovered an issue in the osf_sysinfo() system call on
- the alpha architecture. Local users could obtain access to sensitive
- kernel memory.
+ Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the
+ alpha architecture. Local users could obtain access to sensitive kernel
+ memory.
-[*]CVE-2011-2211
+CVE-2011-2211
Dan Rosenberg discovered an issue in the osf_wait4() system call on the
alpha architecture permitting local users to gain elevated privileges.
-[*]CVE-2011-2213
+CVE-2011-2213
Dan Rosenberg discovered an issue in the INET socket monitoring interface.
Local users could cause a denial of service by injecting code and causing
@@ -116,8 +116,8 @@
This update also includes a fix for a regression introduced with the previous
security fix for CVE-2011-1768 (Debian: #633738)
-For the oldstable distribution (lenny), this problem has been fixed in
-version 2.6.26-26lenny4.
+For the oldstable distribution (lenny), this problem has been fixed in version
+2.6.26-26lenny4.
The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:
More information about the kernel-sec-discuss
mailing list