[kernel-sec-discuss] r2961 - dsa-texts

[Dann Frazier]

Author: dannf
Date: 2013-05-15 21:41:07 +0000 (Wed, 15 May 2013)
New Revision: 2961

Modified:
   dsa-texts/3.2.41-2+deb7u2
Log:
flesh out

Modified: dsa-texts/3.2.41-2+deb7u2
===================================================================
--- dsa-texts/3.2.41-2+deb7u2	2013-05-15 21:13:01 UTC (rev 2960)
+++ dsa-texts/3.2.41-2+deb7u2	2013-05-15 21:41:07 UTC (rev 2961)
@@ -1,12 +1,12 @@
 ----------------------------------------------------------------------
-Debian Security Advisory DSA-XXXX-1                security at debian.org
+Debian Security Advisory DSA-2669-1                security at debian.org
 http://www.debian.org/security/                           Dann Frazier
 May 15, 2013                        http://www.debian.org/security/faq
 ----------------------------------------------------------------------
 
 Package        : linux
 Vulnerability  : privilege escalation/denial of service/information leak
-Problem type   : local/remote
+Problem type   : local
 Debian-specific: no
 CVE Id(s)      : CVE-2013-0160 CVE-2013-1796 CVE-2013-1929 CVE-2013-1979
                  CVE-2013-2015 CVE-2013-2094 CVE-2013-3076 CVE-2013-3222
@@ -19,6 +19,11 @@
 Vulnerabilities and Exposures project identifies the following problems:
 
 CVE-2013-0160
+
+    vladz reported a timing leak with the /dev/ptmx character device. A local
+    user could use this to determine sensitive information such as password
+    length.
+
 CVE-2013-1796
 
     Andrew Honig of Google reported an issue in the KVM subsystem. A user in
@@ -33,6 +38,10 @@
     of service or elevated privileges.
 
 CVE-2013-1979
+
+    Andy Lutomirski reported an issue in the socket level control message
+    processing subsystem. Local users maybe able to gain eleveated privileges.
+
 CVE-2013-2015
 
     Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local
@@ -40,7 +49,15 @@
     a denial of service (infinite loop).
 
 CVE-2013-2094
+
+    Tommie Rantala discovered an issue in the perf subsystem. An out-of-bounds
+    access vulnerability allows local users to gain elevated privileges.
+
 CVE-2013-3076
+
+    Mathias Krauss discovered an issue in the userspace interface for hash
+    algorithms. Local users can gain access to sensitive kernel memory.
+    
 CVE-2013-3222
 
     Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM)
@@ -62,6 +79,11 @@
     support. Local users can gain access to sensitive kernel memory.
     
 CVE-2013-3227
+
+    Mathias Krauss discovered an issue in the Communication CPU to Application
+    CPU Interface (CAIF). Local users can gain access to sensitive kernel
+    memory.
+
 CVE-2013-3228
 
     Mathias Krauss discovered an issue in the IrDA (infrared) subsystem
@@ -90,6 +112,10 @@
 
 CVE-2013-3301
 
+    Namhyung Kim reported an issue in the tracing subsystem. A privileged
+    local user could cause a denial of service (system crash). This
+    vulnerabililty is not applicable to Debian systems by default.
+
 For the stable distribution (wheezy), this problem has been fixed in version
 3.2.41-2+deb7u1.
 
@@ -97,7 +123,7 @@
 compatibility with or to take advantage of this update:
 
                                              Debian 7.0 (wheezy)
-     user-mode-linux                         XXXX
+     user-mode-linux                         3.2-2um-1+deb7u1
 
 We recommend that you upgrade your linux and user-mode-linux packages.