[kernel-sec-discuss] r2960 - dsa-texts
Dann Frazier
dannf at alioth.debian.org
Wed May 15 21:13:24 UTC 2013
Author: dannf
Date: 2013-05-15 21:13:01 +0000 (Wed, 15 May 2013)
New Revision: 2960
Added:
dsa-texts/3.2.41-2+deb7u2
Removed:
dsa-texts/3.2.41-2+deb7u1
Log:
rename to reflect version number
Deleted: dsa-texts/3.2.41-2+deb7u1
===================================================================
--- dsa-texts/3.2.41-2+deb7u1 2013-05-15 07:21:10 UTC (rev 2959)
+++ dsa-texts/3.2.41-2+deb7u1 2013-05-15 21:13:01 UTC (rev 2960)
@@ -1,116 +0,0 @@
-----------------------------------------------------------------------
-Debian Security Advisory DSA-XXXX-1 security at debian.org
-http://www.debian.org/security/ Dann Frazier
-May 15, 2013 http://www.debian.org/security/faq
-----------------------------------------------------------------------
-
-Package : linux
-Vulnerability : privilege escalation/denial of service/information leak
-Problem type : local/remote
-Debian-specific: no
-CVE Id(s) : CVE-2013-0160 CVE-2013-1796 CVE-2013-1929 CVE-2013-1979
- CVE-2013-2015 CVE-2013-2094 CVE-2013-3076 CVE-2013-3222
- CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227
- CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234
- CVE-2013-3235 CVE-2013-3301
-
-Several vulnerabilities have been discovered in the Linux kernel that may lead
-to a denial of service, information leak or privilege escalation. The Common
-Vulnerabilities and Exposures project identifies the following problems:
-
-CVE-2013-0160
-CVE-2013-1796
-
- Andrew Honig of Google reported an issue in the KVM subsystem. A user in
- a guest operating system could corrupt kernel memory, resulting in a
- denial of service.
-
-CVE-2013-1929
-
- Oded Horovitz and Brad Spengler reported an issue in the device driver for
- Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach
- untrusted devices can create an overflow condition, resulting in a denial
- of service or elevated privileges.
-
-CVE-2013-1979
-CVE-2013-2015
-
- Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local
- users with the ability to mount a specially crafted filesystem can cause
- a denial of service (infinite loop).
-
-CVE-2013-2094
-CVE-2013-3076
-CVE-2013-3222
-
- Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM)
- protocol support. Local users can gain access to sensitive kernel memory.
-
-CVE-2013-3223
-
- Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol
- support. Local users can gain access to sensitive kernel memory.
-
-CVE-2013-3224
-
- Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users
- can gain access to sensitive kernel memory.
-
-CVE-2013-3225
-
- Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol
- support. Local users can gain access to sensitive kernel memory.
-
-CVE-2013-3227
-CVE-2013-3228
-
- Mathias Krauss discovered an issue in the IrDA (infrared) subsystem
- support. Local users can gain access to sensitive kernel memory.
-
-CVE-2013-3229
-
- Mathias Krauss discovered an issue in the IUCV support on s390 systems.
- Local users can gain access to sensitive kernel memory.
-
-CVE-2013-3231
-
- Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2
- protocol support. Local users can gain access to sensitive kernel memory.
-
-CVE-2013-3234
-
- Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose)
- protocol support. Local users can gain access to sensitive kernel memory.
-
-CVE-2013-3235
-
- Mathias Krauss discovered an issue in the Transparent Inter Process
- Communication (TIPC) protocol support. Local users can gain access to
- sensitive kernel memory.
-
-CVE-2013-3301
-
-For the stable distribution (wheezy), this problem has been fixed in version
-3.2.41-2+deb7u1.
-
-The following matrix lists additional source packages that were rebuilt for
-compatibility with or to take advantage of this update:
-
- Debian 7.0 (wheezy)
- user-mode-linux XXXX
-
-We recommend that you upgrade your linux and user-mode-linux packages.
-
-Note: Debian carefully tracks all known security issues across every
-linux kernel package in all releases under active security support.
-However, given the high frequency at which low-severity security
-issues are discovered in the kernel and the resource requirements of
-doing an update, updates for lower priority issues will normally not
-be released for all kernels at the same time. Rather, they will be
-released in a staggered or "leap-frog" fashion.
-
-Further information about Debian Security Advisories, how to apply
-these updates to your system and frequently asked questions can be
-found at: http://www.debian.org/security/
-
-Mailing list: debian-security-announce at lists.debian.org
Copied: dsa-texts/3.2.41-2+deb7u2 (from rev 2957, dsa-texts/3.2.41-2+deb7u1)
===================================================================
--- dsa-texts/3.2.41-2+deb7u2 (rev 0)
+++ dsa-texts/3.2.41-2+deb7u2 2013-05-15 21:13:01 UTC (rev 2960)
@@ -0,0 +1,116 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1 security at debian.org
+http://www.debian.org/security/ Dann Frazier
+May 15, 2013 http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package : linux
+Vulnerability : privilege escalation/denial of service/information leak
+Problem type : local/remote
+Debian-specific: no
+CVE Id(s) : CVE-2013-0160 CVE-2013-1796 CVE-2013-1929 CVE-2013-1979
+ CVE-2013-2015 CVE-2013-2094 CVE-2013-3076 CVE-2013-3222
+ CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227
+ CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234
+ CVE-2013-3235 CVE-2013-3301
+
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a denial of service, information leak or privilege escalation. The Common
+Vulnerabilities and Exposures project identifies the following problems:
+
+CVE-2013-0160
+CVE-2013-1796
+
+ Andrew Honig of Google reported an issue in the KVM subsystem. A user in
+ a guest operating system could corrupt kernel memory, resulting in a
+ denial of service.
+
+CVE-2013-1929
+
+ Oded Horovitz and Brad Spengler reported an issue in the device driver for
+ Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach
+ untrusted devices can create an overflow condition, resulting in a denial
+ of service or elevated privileges.
+
+CVE-2013-1979
+CVE-2013-2015
+
+ Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local
+ users with the ability to mount a specially crafted filesystem can cause
+ a denial of service (infinite loop).
+
+CVE-2013-2094
+CVE-2013-3076
+CVE-2013-3222
+
+ Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM)
+ protocol support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3223
+
+ Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol
+ support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3224
+
+ Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users
+ can gain access to sensitive kernel memory.
+
+CVE-2013-3225
+
+ Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol
+ support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3227
+CVE-2013-3228
+
+ Mathias Krauss discovered an issue in the IrDA (infrared) subsystem
+ support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3229
+
+ Mathias Krauss discovered an issue in the IUCV support on s390 systems.
+ Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3231
+
+ Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2
+ protocol support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3234
+
+ Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose)
+ protocol support. Local users can gain access to sensitive kernel memory.
+
+CVE-2013-3235
+
+ Mathias Krauss discovered an issue in the Transparent Inter Process
+ Communication (TIPC) protocol support. Local users can gain access to
+ sensitive kernel memory.
+
+CVE-2013-3301
+
+For the stable distribution (wheezy), this problem has been fixed in version
+3.2.41-2+deb7u1.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+ Debian 7.0 (wheezy)
+ user-mode-linux XXXX
+
+We recommend that you upgrade your linux and user-mode-linux packages.
+
+Note: Debian carefully tracks all known security issues across every
+linux kernel package in all releases under active security support.
+However, given the high frequency at which low-severity security
+issues are discovered in the kernel and the resource requirements of
+doing an update, updates for lower priority issues will normally not
+be released for all kernels at the same time. Rather, they will be
+released in a staggered or "leap-frog" fashion.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: http://www.debian.org/security/
+
+Mailing list: debian-security-announce at lists.debian.org
More information about the kernel-sec-discuss
mailing list