[kernel-sec-discuss] r2902 - dsa-texts

Dann Frazier dannf at alioth.debian.org
Wed Apr 24 06:28:02 UTC 2013 

Author: dannf
Date: 2013-04-24 06:27:39 +0000 (Wed, 24 Apr 2013)
New Revision: 2902

Added:
   dsa-texts/2.6.32-48squeeze2
Log:
add new text draft

Added: dsa-texts/2.6.32-48squeeze2
===================================================================
--- dsa-texts/2.6.32-48squeeze2	                        (rev 0)
+++ dsa-texts/2.6.32-48squeeze2	2013-04-24 06:27:39 UTC (rev 2902)
@@ -0,0 +1,119 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security at debian.org
+http://www.debian.org/security/                           Dann Frazier
+April XX, 2013                   http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : privilege escalation/denial of service
+Problem type   : local
+Debian-specific: no
+CVE Id(s)      : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-6537
+                 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542 CVE-2012-6544
+                 CVE-2012-6545 CVE-2012-6546 CVE-2012-6548 CVE-2012-6549
+                 CVE-2013-0349 CVE-2013-0914 CVE-2013-1767 CVE-2013-1773
+                 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796 CVE-2013-1798
+                 CVE-2013-1826 CVE-2013-1860 CVE-2013-2634
+
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a denial of service or privilege escalation. The Common Vulnerabilities and
+Exposures project identifies the following problems:
+
+CVE-2012-2121
+
+    Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU
+    mapping of memory slots used in KVM device assignment. Local users with
+    the ability to assign devices could cause a denial of service due to a
+    memory page leak.
+
+CVE-2012-3552
+
+    Hafid Lin reported an issue in the IP network subsystem. A remote user
+    can cause a denial of service (system crash) on servers running
+    applications that set options on sockets which are actively being
+    processed.
+
+CVE-2012-4461
+
+    Jon Howell reported a denial of service issue in the KVM subsystem.
+    On systems that do not support the XSAVE feature, local users with
+    access to the /dev/kvm interface can cause a system crash.
+
+CVE-2012-6537
+
+    Mathias Krause discovered information leak issues in the Transformation
+    user configuration interface. Local users with the CAP_NET_ADMIN capability
+    can gain access to sensitive kernel memory.
+
+CVE-2012-6539
+
+    Mathias Krause discovered an issue in the networking subsystem. Local
+    users on 64-bit systems can gain access to sensitive kernel memory.
+
+CVE-2012-6540
+
+    Mathias Krause discovered an issue in the Linux virtual server subsystem.
+    Local users can gain access to sensitive kernel memory. Note: this issue
+    does not affect Debian provided kernels, but may affect custom kernels
+    built from Debian's linux-source-2.6.32 package.
+
+CVE-2012-6542
+
+    Mathias Krause discovered an issue in the LLC protocol support code.
+    Local users can gain access to sensitive kernel memory.
+
+CVE-2012-6544
+
+    Mathias Krause discovered issues in the Bluetooth subsystem.
+    Local users can gain access to sensitive kernel memory.
+
+CVE-2012-6545
+
+    Mathias Krause discovered issues in the Bluetooth RFCOMM protocol
+    support. Local users can gain access to sensitive kernel memory.
+
+CVE-2012-6546
+
+    Mathias Krause discovered issues in the ATM networking support. Local
+    users can gain access to sensitive kernel memory.
+
+CVE-2012-6548
+
+    Mathias Krause discovered an issue in the UDF file system support.
+    Local users can obtain access to sensitive kernel memory.
+
+CVE-2012-6549
+
+    Mathias Krause discovered an issue in the isofs file system support.
+    Local users can obtain access to sensitive kernel memory.
+
+CVE-2013-0349
+CVE-2013-0914
+CVE-2013-1767
+CVE-2013-1773
+CVE-2013-1774
+CVE-2013-1792
+CVE-2013-1796
+CVE-2013-1798
+CVE-2013-1826
+CVE-2013-1860
+CVE-2013-2634
+
+For the stable distribution (squeeze), this problem has been fixed in version
+2.6.32-48squeeze1.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+                                             Debian 6.0 (squeeze)
+     user-mode-linux                         2.6.32-1um-4+48squeeze1
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
+
+Thanks to Micah Anderson for proof reading this text.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: http://www.debian.org/security/
+
+Mailing list: debian-security-announce at lists.debian.org

More information about the kernel-sec-discuss mailing list