[kernel-sec-discuss] r2951 - dsa-texts
Dann Frazier
dannf at alioth.debian.org
Tue May 14 15:43:41 UTC 2013
Author: dannf
Date: 2013-05-14 15:43:19 +0000 (Tue, 14 May 2013)
New Revision: 2951
Modified:
dsa-texts/2.6.32-48squeeze3
Log:
various updates
Modified: dsa-texts/2.6.32-48squeeze3
===================================================================
--- dsa-texts/2.6.32-48squeeze3 2013-05-14 15:17:08 UTC (rev 2950)
+++ dsa-texts/2.6.32-48squeeze3 2013-05-14 15:43:19 UTC (rev 2951)
@@ -1,12 +1,12 @@
----------------------------------------------------------------------
-Debian Security Advisory DSA-XXXX-1 security at debian.org
+Debian Security Advisory DSA-2668-1 security at debian.org
http://www.debian.org/security/ Dann Frazier
May 14, 2013 http://www.debian.org/security/faq
----------------------------------------------------------------------
Package : linux-2.6
-Vulnerability : privilege escalation/denial of service
-Problem type : local
+Vulnerability : privilege escalation/denial of service/information leak
+Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-4508
CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542
@@ -31,7 +31,7 @@
CVE-2012-3552
- Hafid Lin reported an issue in the IP network subsystem. A remote user
+ Hafid Lin reported an issue in the IP networking subsystem. A remote user
can cause a denial of service (system crash) on servers running
applications that set options on sockets which are actively being
processed.
@@ -43,6 +43,10 @@
access to the /dev/kvm interface can cause a system crash.
CVE-2012-4508
+
+ Dmitry Monakhov and Theodore Ts'o reported a race condition in the ext4
+ filesystem. Local users could gain access to sensitive kernel memory.
+
CVE-2012-6537
Mathias Krause discovered information leak issues in the Transformation
@@ -225,8 +229,8 @@
Communication (TIPC) protocol support. Local users can gain access to
sensitive kernel memory.
-For the stable distribution (squeeze), this problem has been fixed in version
-2.6.32-48squeeze3.
+For the oldstable distribution (squeeze), this problem has been fixed in
+version 2.6.32-48squeeze3.
The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:
@@ -238,6 +242,14 @@
Thanks to Micah Anderson for proof reading this text.
+Note: Debian carefully tracks all known security issues across every
+linux kernel package in all releases under active security support.
+However, given the high frequency at which low-severity security
+issues are discovered in the kernel and the resource requirements of
+doing an update, updates for lower priority issues will normally not
+be released for all kernels at the same time. Rather, they will be
+released in a staggered or "leap-frog" fashion.
+
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
More information about the kernel-sec-discuss
mailing list