[kernel-sec-discuss] r2598 - dsa-texts
Dann Frazier
dannf at alioth.debian.org
Sun Jan 15 18:42:17 UTC 2012
Author: dannf
Date: 2012-01-15 18:42:16 +0000 (Sun, 15 Jan 2012)
New Revision: 2598
Added:
dsa-texts/2.6.32-39squeeze1
Log:
add new text
Added: dsa-texts/2.6.32-39squeeze1
===================================================================
--- dsa-texts/2.6.32-39squeeze1 (rev 0)
+++ dsa-texts/2.6.32-39squeeze1 2012-01-15 18:42:16 UTC (rev 2598)
@@ -0,0 +1,97 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1 security at debian.org
+http://www.debian.org/security/ Dann Frazier
+January XX, 2012 http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package : linux-2.6
+Vulnerability : privilege escalation/denial of service/information leak
+Problem type : local/remote
+Debian-specific: no
+CVE Id(s) : CVE-2011-2183 CVE-2011-2213 CVE-2011-2898 CVE-2011-3353
+ CVE-2011-4077 CVE-2011-4110 CVE-2011-4127 CVE-2011-4611
+ CVE-2011-4622 CVE-2011-4914
+
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a denial of service or privilege escalation. The Common Vulnerabilities and
+Exposures project identifies the following problems:
+
+CVE-2011-2183
+
+ Andrea Righi reported an issue in KSM, a memory-saving de-duplication
+ feature. By exploiting a race with exiting tasks, local users can cause
+ a kernel oops, resulting in a denial of service.
+
+CVE-2011-2213
+
+ Dan Rosenberg discovered an issue in the INET socket monitoring interface.
+ Local users could cause a denial of service by injecting code and causing
+ the kernel to execute an infinite loop.
+
+CVE-2011-2898
+
+ Eric Dumazet reported an information leak in the raw packet socket
+ implementation.
+
+CVE-2011-3353
+
+ Han-Wen Nienhuys reported a local denial of service issue issue in the FUSE
+ (Filesystem in Userspace) support in the linux kernel. Local users could
+ cause a buffer overflow, leading to a kernel oops and resulting in a denial
+ of service.
+
+CVE-2011-4077
+
+ Carlos Maiolino reported an issue in the XFS filesystem. A local user
+ with the ability to mount a filesystem could corrupt memory resulting
+ in a denial of service or possibly gain elevated privileges.
+
+CVE-2011-4110
+
+ David Howells reported an issue in the kernel's access key retention
+ system which allow local users to cause a kernel oops leading to a denial
+ of service.
+
+CVE-2011-4127
+
+ Paolo Bonzini of Red Hat reported an issue in the ioctl passthrough
+ support for SCSI devices. Users with permission to access restricted
+ portions of a device (e.g. a partition or a logical volume) can obtain
+ access to the entire device by way of the SG_IO ioctl. This could be
+ exploited by a local user or privileged VM guest to achieve a privilege
+ escalation.
+
+CVE-2011-4611
+
+ Maynard Johnson reported an issue with the perf support on POWER7 systems
+ that allows local users to cause a denial of service.
+
+CVE-2011-4622
+
+ Jan Kiszka reported an issue in the KVM PIT timer support. Local users
+ with the permission to use KVM can cause a denial of service by starting
+ a PIT timer without first setting up the irqchip.
+
+CVE-2011-4914
+
+ Ben Hutchings reported various bounds checking issues within the ROSE
+ protocol support in the kernel. Remote users could possibly use this
+ to gain access to sensitive memory or cause a denial of service.
+
+For the stable distribution (squeeze), this problem has been fixed in version
+2.6.32-39squeeze1. Updates for issues impacting the oldstable distribution
+(lenny) will be available soon.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+ Debian 6.0 (squeeze)
+ user-mode-linux 2.6.32-1um-4+39squeeze1
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: http://www.debian.org/security/
+
+Mailing list: debian-security-announce at lists.debian.org
More information about the kernel-sec-discuss
mailing list