[kernel-sec-discuss] r3322 - dsa-texts

Dann Frazier dannf at moszumanska.debian.org
Thu Apr 24 05:28:58 UTC 2014 

Author: dannf
Date: 2014-04-24 05:28:58 +0000 (Thu, 24 Apr 2014)
New Revision: 3322

Modified:
   dsa-texts/2.6.32-48squeeze5
Log:
Add some text; note a couple issues that should probably not be advertised
as fixed (one was rejected, the other fix appears to be partial)


Modified: dsa-texts/2.6.32-48squeeze5
===================================================================
--- dsa-texts/2.6.32-48squeeze5	2014-04-22 07:18:08 UTC (rev 3321)
+++ dsa-texts/2.6.32-48squeeze5	2014-04-24 05:28:58 UTC (rev 3322)
@@ -66,18 +66,70 @@
     which could lead to the use of less entropy than expected.
 
 CVE-2013-4511
+
+    XXX PATCH IS MISSING CODE CHANGES TO au1[1,2]00fb.c - not sure this is
+    fixed.
+
 CVE-2013-4512
+
+    Nico Golde and Fabian Yamaguchi reported an issue in the user mode
+    linux port. A buffer overflow condition exists in the write method
+    for the /proc/exitcode file. Local users with sufficient privilege
+    to write to this file could gain elevated privileges.
+
 CVE-2013-4587
+
+    Andrew Honig of Google reported an issue in the KVM virtualization
+    subsystem. A local user could gain elevated privileges by passing
+    a large vcpu_id parameter.
+
 CVE-2013-4588
+
+    XXX THIS WAS REJECTED.
+
 CVE-2013-6367
+
+    Andrew Honig of Google reported an issue in the KVM virtualization
+    subsystem. A divide-by-zero condition could allow a guest user to
+    cause a denial of service on the host (crash).
+
 CVE-2013-6380
+
+    Mahesh Rajashekhara reported an issue in the aacraid driver for storage
+    products from various vendors. Local users with CAP_SYS_ADMIN privileges
+    could gain further elevated privileges.
+
 CVE-2013-6381
+
+    Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet
+    device support for s390 systems. Local users could cause a denial of
+    service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL
+    ioctl.
+
 CVE-2013-6382
+
+    Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem.
+    Local users with CAP_SYS_ADMIN privileges could gain further elevated
+    privileges.
+
 CVE-2013-6383
+
+    Dan Carpenter reported an issue in the aacraid driver for storage devices
+    from various vendors. A local user could gain elevated privileges due to
+    a missing privilege level check in the aac_compat_ioctl function.
+
 CVE-2013-7263
 CVE-2013-7264
 CVE-2013-7265
+
+    mpb reported an information leak in the recvfrom, recvmmsg and recvmsg
+    system calls. A local user could obtain access to sensitive kernel memory.
+
 CVE-2013-7339
+
+    Sasha Levin reported an issue in the RDS network protocol over Infiniband.
+    A local user could cause a denial of service condition.
+
 CVE-2014-0101
 CVE-2014-1444
 CVE-2014-1445

More information about the kernel-sec-discuss mailing list