[kernel-sec-discuss] r2818 - dsa-texts

Dann Frazier dannf at alioth.debian.org
Sun Feb 24 22:44:42 UTC 2013 

Author: dannf
Date: 2013-02-24 22:44:21 +0000 (Sun, 24 Feb 2013)
New Revision: 2818

Added:
   dsa-texts/2.6.32-48squeeze1
Log:
new text


Added: dsa-texts/2.6.32-48squeeze1
===================================================================
--- dsa-texts/2.6.32-48squeeze1	                        (rev 0)
+++ dsa-texts/2.6.32-48squeeze1	2013-02-24 22:44:21 UTC (rev 2818)
@@ -0,0 +1,46 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security at debian.org
+http://www.debian.org/security/                           Dann Frazier
+February 25, 2013                   http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : privilege escalation/denial of service
+Problem type   : local
+Debian-specific: no
+CVE Id(s)      : CVE-2013-0231 CVE-2013-0871
+
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a denial of service or privilege escalation. The Common Vulnerabilities and
+Exposures project identifies the following problems:
+
+CVE-2013-0231
+
+    Jan Beulich provided a fix for an issue in the Xen PCI backend drivers.
+    Users of guests on a system using passed-through PCI devices can create
+    a denial of service of the host system due to the use of non-ratelimited
+    kernel log messages.
+
+CVE-2013-0871
+
+    Suleiman Souhlal and Salman Qazi of Google, with help from Aaron Durbin
+    and Michael Davidson of Google, discovered an issue in the
+    ptrace subsystem. Due to a race condition with PTRACE_SETREGS, local users
+    can cause kernel stack corruption and execution of arbitrary code.
+
+For the stable distribution (squeeze), this problem has been fixed in version
+2.6.32-48squeeze1.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+                                             Debian 6.0 (squeeze)
+     user-mode-linux                         2.6.32-1um-4+48squeeze1
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: http://www.debian.org/security/
+
+Mailing list: debian-security-announce at lists.debian.org

More information about the kernel-sec-discuss mailing list