[kernel-sec-discuss] r3320 - dsa-texts
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Apr 16 16:07:38 UTC 2014
Author: jmm
Date: 2014-04-16 16:07:38 +0000 (Wed, 16 Apr 2014)
New Revision: 3320
Modified:
dsa-texts/2.6.32-48squeeze5
Log:
some update
Modified: dsa-texts/2.6.32-48squeeze5
===================================================================
--- dsa-texts/2.6.32-48squeeze5 2014-04-16 13:28:19 UTC (rev 3319)
+++ dsa-texts/2.6.32-48squeeze5 2014-04-16 16:07:38 UTC (rev 3320)
@@ -35,11 +35,36 @@
allowing users to gain access to sensitive kernel memory.
CVE-2013-2889
+
+ Kees Cook discovered that missing input sanitising in the HID
+ driver for Zeroplus game pads could lead to local denial of service.
+
CVE-2013-2893
+
+ Kees Cook discovered that missing input sanitising in the HID
+ driver for various Logitech force feedback devices could lead to local
+ denial of service.
+
CVE-2013-2929
+
+ Vasily Kulikov discovered that a flaw in the get_dumpable() function of
+ the ptrace subsytsem could lead to information disclosure.
+ 'fs.suid_dumpable' needs to be set to 2.
+
CVE-2013-4162
+
+ Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets
+ using the UDP_CORK option could result in denial of service.
+
CVE-2013-4299
+
+ A bug in the device mapper can lead to information disclosure.
+
CVE-2013-4345
+
+ Stephan Mueller found in bug in the ANSI pseudo random number generator
+ which could lead to the use of less entropy than expected.
+
CVE-2013-4511
CVE-2013-4512
CVE-2013-4587
More information about the kernel-sec-discuss
mailing list