[kernel-sec-discuss] r2951 - dsa-texts

Dann Frazier dannf at alioth.debian.org
Tue May 14 15:43:41 UTC 2013 

Author: dannf
Date: 2013-05-14 15:43:19 +0000 (Tue, 14 May 2013)
New Revision: 2951

Modified:
   dsa-texts/2.6.32-48squeeze3
Log:
various updates


Modified: dsa-texts/2.6.32-48squeeze3
===================================================================
--- dsa-texts/2.6.32-48squeeze3	2013-05-14 15:17:08 UTC (rev 2950)
+++ dsa-texts/2.6.32-48squeeze3	2013-05-14 15:43:19 UTC (rev 2951)
@@ -1,12 +1,12 @@
 ----------------------------------------------------------------------
-Debian Security Advisory DSA-XXXX-1                security at debian.org
+Debian Security Advisory DSA-2668-1                security at debian.org
 http://www.debian.org/security/                           Dann Frazier
 May 14, 2013                        http://www.debian.org/security/faq
 ----------------------------------------------------------------------
 
 Package        : linux-2.6
-Vulnerability  : privilege escalation/denial of service
-Problem type   : local
+Vulnerability  : privilege escalation/denial of service/information leak
+Problem type   : local/remote
 Debian-specific: no
 CVE Id(s)      : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-4508
                  CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542
@@ -31,7 +31,7 @@
 
 CVE-2012-3552
 
-    Hafid Lin reported an issue in the IP network subsystem. A remote user
+    Hafid Lin reported an issue in the IP networking subsystem. A remote user
     can cause a denial of service (system crash) on servers running
     applications that set options on sockets which are actively being
     processed.
@@ -43,6 +43,10 @@
     access to the /dev/kvm interface can cause a system crash.
 
 CVE-2012-4508
+
+    Dmitry Monakhov and Theodore Ts'o reported a race condition in the ext4
+    filesystem. Local users could gain access to sensitive kernel memory.
+
 CVE-2012-6537
 
     Mathias Krause discovered information leak issues in the Transformation
@@ -225,8 +229,8 @@
     Communication (TIPC) protocol support. Local users can gain access to
     sensitive kernel memory.
 
-For the stable distribution (squeeze), this problem has been fixed in version
-2.6.32-48squeeze3.
+For the oldstable distribution (squeeze), this problem has been fixed in
+version 2.6.32-48squeeze3.
 
 The following matrix lists additional source packages that were rebuilt for
 compatibility with or to take advantage of this update:
@@ -238,6 +242,14 @@
 
 Thanks to Micah Anderson for proof reading this text.
 
+Note: Debian carefully tracks all known security issues across every
+linux kernel package in all releases under active security support.
+However, given the high frequency at which low-severity security
+issues are discovered in the kernel and the resource requirements of
+doing an update, updates for lower priority issues will normally not
+be released for all kernels at the same time. Rather, they will be
+released in a staggered or "leap-frog" fashion.
+
 Further information about Debian Security Advisories, how to apply
 these updates to your system and frequently asked questions can be
 found at: http://www.debian.org/security/

More information about the kernel-sec-discuss mailing list