[kernel-sec-discuss] r3322 - dsa-texts
Dann Frazier
dannf at moszumanska.debian.org
Thu Apr 24 05:28:58 UTC 2014
Author: dannf
Date: 2014-04-24 05:28:58 +0000 (Thu, 24 Apr 2014)
New Revision: 3322
Modified:
dsa-texts/2.6.32-48squeeze5
Log:
Add some text; note a couple issues that should probably not be advertised
as fixed (one was rejected, the other fix appears to be partial)
Modified: dsa-texts/2.6.32-48squeeze5
===================================================================
--- dsa-texts/2.6.32-48squeeze5 2014-04-22 07:18:08 UTC (rev 3321)
+++ dsa-texts/2.6.32-48squeeze5 2014-04-24 05:28:58 UTC (rev 3322)
@@ -66,18 +66,70 @@
which could lead to the use of less entropy than expected.
CVE-2013-4511
+
+ XXX PATCH IS MISSING CODE CHANGES TO au1[1,2]00fb.c - not sure this is
+ fixed.
+
CVE-2013-4512
+
+ Nico Golde and Fabian Yamaguchi reported an issue in the user mode
+ linux port. A buffer overflow condition exists in the write method
+ for the /proc/exitcode file. Local users with sufficient privilege
+ to write to this file could gain elevated privileges.
+
CVE-2013-4587
+
+ Andrew Honig of Google reported an issue in the KVM virtualization
+ subsystem. A local user could gain elevated privileges by passing
+ a large vcpu_id parameter.
+
CVE-2013-4588
+
+ XXX THIS WAS REJECTED.
+
CVE-2013-6367
+
+ Andrew Honig of Google reported an issue in the KVM virtualization
+ subsystem. A divide-by-zero condition could allow a guest user to
+ cause a denial of service on the host (crash).
+
CVE-2013-6380
+
+ Mahesh Rajashekhara reported an issue in the aacraid driver for storage
+ products from various vendors. Local users with CAP_SYS_ADMIN privileges
+ could gain further elevated privileges.
+
CVE-2013-6381
+
+ Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet
+ device support for s390 systems. Local users could cause a denial of
+ service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL
+ ioctl.
+
CVE-2013-6382
+
+ Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem.
+ Local users with CAP_SYS_ADMIN privileges could gain further elevated
+ privileges.
+
CVE-2013-6383
+
+ Dan Carpenter reported an issue in the aacraid driver for storage devices
+ from various vendors. A local user could gain elevated privileges due to
+ a missing privilege level check in the aac_compat_ioctl function.
+
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
+
+ mpb reported an information leak in the recvfrom, recvmmsg and recvmsg
+ system calls. A local user could obtain access to sensitive kernel memory.
+
CVE-2013-7339
+
+ Sasha Levin reported an issue in the RDS network protocol over Infiniband.
+ A local user could cause a denial of service condition.
+
CVE-2014-0101
CVE-2014-1444
CVE-2014-1445
More information about the kernel-sec-discuss
mailing list