[kernel-sec-discuss] r2948 - dsa-texts

Dann Frazier dannf at alioth.debian.org
Mon May 13 22:49:59 UTC 2013 

Author: dannf
Date: 2013-05-13 22:49:38 +0000 (Mon, 13 May 2013)
New Revision: 2948

Modified:
   dsa-texts/2.6.32-48squeeze2
Log:
sync CVE list & add text for some more descriptions


Modified: dsa-texts/2.6.32-48squeeze2
===================================================================
--- dsa-texts/2.6.32-48squeeze2	2013-05-13 07:34:48 UTC (rev 2947)
+++ dsa-texts/2.6.32-48squeeze2	2013-05-13 22:49:38 UTC (rev 2948)
@@ -8,12 +8,15 @@
 Vulnerability  : privilege escalation/denial of service
 Problem type   : local
 Debian-specific: no
-CVE Id(s)      : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-6537
-                 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542 CVE-2012-6544
-                 CVE-2012-6545 CVE-2012-6546 CVE-2012-6548 CVE-2012-6549
-                 CVE-2013-0349 CVE-2013-0914 CVE-2013-1767 CVE-2013-1773
-                 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796 CVE-2013-1798
-                 CVE-2013-1826 CVE-2013-1860 CVE-2013-2634
+CVE Id(s)      : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-4508
+                 CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542
+                 CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6548
+                 CVE-2012-6549 CVE-2013-0349 CVE-2013-0914 CVE-2013-1767
+                 CVE-2013-1773 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796
+                 CVE-2013-1798 CVE-2013-1826 CVE-2013-1860 CVE-2013-1928
+                 CVE-2013-1929 CVE-2013-2015 CVE-2013-2634 CVE-2013-3222
+                 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3228
+                 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234 CVE-2013-3235
 
 Several vulnerabilities have been discovered in the Linux kernel that may lead
 to a denial of service or privilege escalation. The Common Vulnerabilities and
@@ -39,6 +42,7 @@
     On systems that do not support the XSAVE feature, local users with
     access to the /dev/kvm interface can cause a system crash.
 
+CVE-2012-4508
 CVE-2012-6537
 
     Mathias Krause discovered information leak issues in the Transformation
@@ -88,16 +92,79 @@
     Local users can obtain access to sensitive kernel memory.
 
 CVE-2013-0349
+
+    Anderson Lizardo discovered an issue in the Bluetooth Human Interface
+    Device Protocol (HIDP) stack. Local users can obtain access to sensitive
+    kernel memory.
+
 CVE-2013-0914
+
+    Emese Revfy discovered an issue in the signal implementation. Local
+    users maybe able to bypass the address space layout randomization (ASLR)
+    facility due to a leaking of information to child processes.
+
 CVE-2013-1767
+
+    Greg Thelen reported an issue in the tmpfs virtual memory filesystem.
+    Local users with sufficient privilege to mount filesystems can cause
+    a denial of service or possibly elevated privileges due to a use-after-
+    free defect.
+
 CVE-2013-1773
+
+    Alan Stern provided a fix for a defect in the UTF8->UTF16 string conversion
+    facility used by the VFAT filesystem. A local user could cause a buffer
+    overflow condition, resulting in a denial of service or potentially
+    elevated privileges.
+
 CVE-2013-1774
+
+    Wolfgang Frisch provided a fix for a NULL-pointer dereference defect
+    in the driver for some serial USB devices from Inside Out Networks.
+    Local users with permission to access these devices can create a denial
+    of service (kernel oops) by causing the device to be removed while it is
+    in use.
+
 CVE-2013-1792
+
+    Mateusz Guzik of Red Hat EMEA GSS SEG Team discovered a race condition
+    in the access key retention support in the kernel. A local user could
+    cause a denial of service (NULL pointer dereference).
+
 CVE-2013-1796
+
+    Andrew Honig of Google reported an issue in the KVM subsystem. A user in
+    a guest operating system could corrupt kernel memory, resulting in a
+    denial of service.
+
 CVE-2013-1798
+
+    Andrew Honig of Google reported an issue in the KVM subsystem. A user in
+    a guest operating system could cause a denial of service due to a use-
+    after-free defect.
+    
 CVE-2013-1826
+
+    Mathias Krause discovered an issue in the Transformation (XFRM) user
+    configuration interface of the networking stack. A user with the
+    CAP_NET_ADMIN capability maybe able to gain elevated privileges.
+    
 CVE-2013-1860
+
+    
+CVE-2013-1928
+CVE-2013-1929
+CVE-2013-2015
 CVE-2013-2634
+CVE-2013-3222
+CVE-2013-3223
+CVE-2013-3224
+CVE-2013-3225
+CVE-2013-3228
+CVE-2013-3229
+CVE-2013-3231
+CVE-2013-3234
+CVE-2013-3235
 
 For the stable distribution (squeeze), this problem has been fixed in version
 2.6.32-48squeeze1.

More information about the kernel-sec-discuss mailing list