[kernel-sec-discuss] r2957 - dsa-texts
Dann Frazier
dannf at alioth.debian.org
Wed May 15 05:41:00 UTC 2013
Author: dannf
Date: 2013-05-15 05:40:38 +0000 (Wed, 15 May 2013)
New Revision: 2957
Added:
dsa-texts/3.2.41-2+deb7u1
Log:
add new text draft
Copied: dsa-texts/3.2.41-2+deb7u1 (from rev 2953, dsa-texts/2.6.32-48squeeze3)
===================================================================
--- dsa-texts/3.2.41-2+deb7u1 (rev 0)
+++ dsa-texts/3.2.41-2+deb7u1 2013-05-15 05:40:38 UTC (rev 2957)
@@ -0,0 +1,116 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1 security at debian.org
+http://www.debian.org/security/ Dann Frazier
+May 15, 2013 http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package : linux
+Vulnerability : privilege escalation/denial of service/information leak
+Problem type : local/remote
+Debian-specific: no
+CVE Id(s) : CVE-2013-0160 CVE-2013-1796 CVE-2013-1929 CVE-2013-1979
+ CVE-2013-2015 CVE-2013-2094 CVE-2013-3076 CVE-2013-3222
+ CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227
+ CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234
+ CVE-2013-3235 CVE-2013-3301
+
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a denial of service, information leak or privilege escalation. The Common
+Vulnerabilities and Exposures project identifies the following problems:
+
+CVE-2013-0160
+CVE-2013-1796
+
+ Andrew Honig of Google reported an issue in the KVM subsystem. A user in
+ a guest operating system could corrupt kernel memory, resulting in a
+ denial of service.
+
+CVE-2013-1929
+
+ Oded Horovitz and Brad Spengler reported an issue in the device driver for
+ Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach
+ untrusted devices can create an overflow condition, resulting in a denial
+ of service or elevated privileges.
+
+CVE-2013-1979
+CVE-2013-2015
+
+ Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local
+ users with the ability to mount a specially crafted filesystem can cause
+ a denial of service (infinite loop).
+
+CVE-2013-2094
+CVE-2013-3076
+CVE-2013-3222
+
+ Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM)
+ protocol support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3223
+
+ Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol
+ support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3224
+
+ Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users
+ can gain access to sensitive kernel memory.
+
+CVE-2013-3225
+
+ Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol
+ support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3227
+CVE-2013-3228
+
+ Mathias Krauss discovered an issue in the IrDA (infrared) subsystem
+ support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3229
+
+ Mathias Krauss discovered an issue in the IUCV support on s390 systems.
+ Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3231
+
+ Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2
+ protocol support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3234
+
+ Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose)
+ protocol support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3235
+
+ Mathias Krauss discovered an issue in the Transparent Inter Process
+ Communication (TIPC) protocol support. Local users can gain access to
+ sensitive kernel memory.
+
+CVE-2013-3301
+
+For the stable distribution (wheezy), this problem has been fixed in version
+3.2.41-2+deb7u1.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+ Debian 7.0 (wheezy)
+ user-mode-linux XXXX
+
+We recommend that you upgrade your linux and user-mode-linux packages.
+
+Note: Debian carefully tracks all known security issues across every
+linux kernel package in all releases under active security support.
+However, given the high frequency at which low-severity security
+issues are discovered in the kernel and the resource requirements of
+doing an update, updates for lower priority issues will normally not
+be released for all kernels at the same time. Rather, they will be
+released in a staggered or "leap-frog" fashion.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: http://www.debian.org/security/
+
+Mailing list: debian-security-announce at lists.debian.org
More information about the kernel-sec-discuss
mailing list