[kernel-sec-discuss] r2902 - dsa-texts
Dann Frazier
dannf at alioth.debian.org
Wed Apr 24 06:28:02 UTC 2013
Author: dannf
Date: 2013-04-24 06:27:39 +0000 (Wed, 24 Apr 2013)
New Revision: 2902
Added:
dsa-texts/2.6.32-48squeeze2
Log:
add new text draft
Added: dsa-texts/2.6.32-48squeeze2
===================================================================
--- dsa-texts/2.6.32-48squeeze2 (rev 0)
+++ dsa-texts/2.6.32-48squeeze2 2013-04-24 06:27:39 UTC (rev 2902)
@@ -0,0 +1,119 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1 security at debian.org
+http://www.debian.org/security/ Dann Frazier
+April XX, 2013 http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package : linux-2.6
+Vulnerability : privilege escalation/denial of service
+Problem type : local
+Debian-specific: no
+CVE Id(s) : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-6537
+ CVE-2012-6539 CVE-2012-6540 CVE-2012-6542 CVE-2012-6544
+ CVE-2012-6545 CVE-2012-6546 CVE-2012-6548 CVE-2012-6549
+ CVE-2013-0349 CVE-2013-0914 CVE-2013-1767 CVE-2013-1773
+ CVE-2013-1774 CVE-2013-1792 CVE-2013-1796 CVE-2013-1798
+ CVE-2013-1826 CVE-2013-1860 CVE-2013-2634
+
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a denial of service or privilege escalation. The Common Vulnerabilities and
+Exposures project identifies the following problems:
+
+CVE-2012-2121
+
+ Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU
+ mapping of memory slots used in KVM device assignment. Local users with
+ the ability to assign devices could cause a denial of service due to a
+ memory page leak.
+
+CVE-2012-3552
+
+ Hafid Lin reported an issue in the IP network subsystem. A remote user
+ can cause a denial of service (system crash) on servers running
+ applications that set options on sockets which are actively being
+ processed.
+
+CVE-2012-4461
+
+ Jon Howell reported a denial of service issue in the KVM subsystem.
+ On systems that do not support the XSAVE feature, local users with
+ access to the /dev/kvm interface can cause a system crash.
+
+CVE-2012-6537
+
+ Mathias Krause discovered information leak issues in the Transformation
+ user configuration interface. Local users with the CAP_NET_ADMIN capability
+ can gain access to sensitive kernel memory.
+
+CVE-2012-6539
+
+ Mathias Krause discovered an issue in the networking subsystem. Local
+ users on 64-bit systems can gain access to sensitive kernel memory.
+
+CVE-2012-6540
+
+ Mathias Krause discovered an issue in the Linux virtual server subsystem.
+ Local users can gain access to sensitive kernel memory. Note: this issue
+ does not affect Debian provided kernels, but may affect custom kernels
+ built from Debian's linux-source-2.6.32 package.
+
+CVE-2012-6542
+
+ Mathias Krause discovered an issue in the LLC protocol support code.
+ Local users can gain access to sensitive kernel memory.
+
+CVE-2012-6544
+
+ Mathias Krause discovered issues in the Bluetooth subsystem.
+ Local users can gain access to sensitive kernel memory.
+
+CVE-2012-6545
+
+ Mathias Krause discovered issues in the Bluetooth RFCOMM protocol
+ support. Local users can gain access to sensitive kernel memory.
+
+CVE-2012-6546
+
+ Mathias Krause discovered issues in the ATM networking support. Local
+ users can gain access to sensitive kernel memory.
+
+CVE-2012-6548
+
+ Mathias Krause discovered an issue in the UDF file system support.
+ Local users can obtain access to sensitive kernel memory.
+
+CVE-2012-6549
+
+ Mathias Krause discovered an issue in the isofs file system support.
+ Local users can obtain access to sensitive kernel memory.
+
+CVE-2013-0349
+CVE-2013-0914
+CVE-2013-1767
+CVE-2013-1773
+CVE-2013-1774
+CVE-2013-1792
+CVE-2013-1796
+CVE-2013-1798
+CVE-2013-1826
+CVE-2013-1860
+CVE-2013-2634
+
+For the stable distribution (squeeze), this problem has been fixed in version
+2.6.32-48squeeze1.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+ Debian 6.0 (squeeze)
+ user-mode-linux 2.6.32-1um-4+48squeeze1
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
+
+Thanks to Micah Anderson for proof reading this text.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: http://www.debian.org/security/
+
+Mailing list: debian-security-announce at lists.debian.org
More information about the kernel-sec-discuss
mailing list