[kernel-sec-discuss] r2949 - dsa-texts
Dann Frazier
dannf at alioth.debian.org
Tue May 14 15:16:47 UTC 2013
Author: dannf
Date: 2013-05-14 15:16:24 +0000 (Tue, 14 May 2013)
New Revision: 2949
Modified:
dsa-texts/2.6.32-48squeeze2
Log:
flesh out descriptions, update metadata
Modified: dsa-texts/2.6.32-48squeeze2
===================================================================
--- dsa-texts/2.6.32-48squeeze2 2013-05-13 22:49:38 UTC (rev 2948)
+++ dsa-texts/2.6.32-48squeeze2 2013-05-14 15:16:24 UTC (rev 2949)
@@ -1,7 +1,7 @@
----------------------------------------------------------------------
Debian Security Advisory DSA-XXXX-1 security at debian.org
http://www.debian.org/security/ Dann Frazier
-April XX, 2013 http://www.debian.org/security/faq
+May 14, 2013 http://www.debian.org/security/faq
----------------------------------------------------------------------
Package : linux-2.6
@@ -151,29 +151,88 @@
CVE-2013-1860
-
+ Oliver Neukum discovered an issue in the USB CDC WCM Device Management
+ driver. Local users with the ability to attach devices can cause a
+ denial of service (kernel crash) or potentially gain elevated privileges.
+
CVE-2013-1928
+
+ Kees Cook provided a fix for an information leak in the
+ VIDEO_SET_SPU_PALETTE ioctl for 32-bit applications running on a 64-bit
+ kernel. Local users can gain access to sensitive kernel memory.
+
CVE-2013-1929
+
+ Oded Horovitz and Brad Spengler reported an issue in the device driver for
+ Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach
+ untrusted devices can create an overflow condition, resulting in a denial
+ of service or elevated privileges.
+
CVE-2013-2015
+
+ Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local
+ users with the ability to mount a specially crafted filesystem can cause
+ a denial of service (infinite loop).
+
CVE-2013-2634
+
+ Mathias Krause discovered a few issues in the Data Center Bridging (DCB)
+ netlink interface. Local users can gain access to sensitive kernel memory.
+
CVE-2013-3222
+
+ Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM)
+ protocol support. Local users can gain access to sensitive kernel memory.
+
CVE-2013-3223
+
+ Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol
+ support. Local users can gain access to sensitive kernel memory.
+
CVE-2013-3224
+
+ Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users
+ can gain access to sensitive kernel memory.
+
CVE-2013-3225
+
+ Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol
+ support. Local users can gain access to sensitive kernel memory.
+
CVE-2013-3228
+
+ Mathias Krauss discovered an issue in the IrDA (infrared) subsystem
+ support. Local users can gain access to sensitive kernel memory.
+
CVE-2013-3229
+
+ Mathias Krauss discovered an issue in the IUCV support on s390 systems.
+ Local users can gain access to sensitive kernel memory.
+
CVE-2013-3231
+
+ Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2
+ protocol support. Local users can gain access to sensitive kernel memory.
+
CVE-2013-3234
+
+ Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose)
+ protocol support. Local users can gain access to sensitive kernel memory.
+
CVE-2013-3235
+ Mathias Krauss discovered an issue in the Transparent Inter Process
+ Communication (TIPC) protocol support. Local users can gain access to
+ sensitive kernel memory.
+
For the stable distribution (squeeze), this problem has been fixed in version
-2.6.32-48squeeze1.
+2.6.32-48squeeze3.
The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:
Debian 6.0 (squeeze)
- user-mode-linux 2.6.32-1um-4+48squeeze1
+ user-mode-linux 2.6.32-1um-4+48squeeze3
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
More information about the kernel-sec-discuss
mailing list