[kernel-sec-discuss] r3324 - dsa-texts
Dann Frazier
dannf at moszumanska.debian.org
Thu Apr 24 23:38:25 UTC 2014
Author: dannf
Date: 2014-04-24 23:38:25 +0000 (Thu, 24 Apr 2014)
New Revision: 3324
Modified:
dsa-texts/2.6.32-48squeeze5
Log:
text updates
Modified: dsa-texts/2.6.32-48squeeze5
===================================================================
--- dsa-texts/2.6.32-48squeeze5 2014-04-24 22:28:39 UTC (rev 3323)
+++ dsa-texts/2.6.32-48squeeze5 2014-04-24 23:38:25 UTC (rev 3324)
@@ -1,7 +1,7 @@
----------------------------------------------------------------------
Debian Security Advisory DSA-2906-1 security at debian.org
http://www.debian.org/security/ Dann Frazier
-April 15, 2014 http://www.debian.org/security/faq
+April 24, 2014 http://www.debian.org/security/faq
----------------------------------------------------------------------
Package : linux-2.6
@@ -25,7 +25,7 @@
George Kargiotakis reported an issue in the temporary address handling
of the IPv6 privacy extensions. Users on the same LAN can cause a denial
of service or obtain access to sensitive information by sending router
- advertisement messages that cause the temporary address generation to be
+ advertisement messages that cause temporary address generation to be
disabled.
CVE-2013-2147
@@ -36,20 +36,20 @@
CVE-2013-2889
- Kees Cook discovered that missing input sanitising in the HID
- driver for Zeroplus game pads could lead to local denial of service.
+ Kees Cook discovered missing input sanitization in the HID driver for
+ Zeroplus game pads that could lead to a local denial of service.
CVE-2013-2893
- Kees Cook discovered that missing input sanitising in the HID
- driver for various Logitech force feedback devices could lead to local
- denial of service.
+ Kees Cook discovered that missing input sanitization in the HID driver
+ for various Logitech force feedback devices could lead to a local denial
+ of service.
CVE-2013-2929
Vasily Kulikov discovered that a flaw in the get_dumpable() function of
- the ptrace subsytsem could lead to information disclosure.
- 'fs.suid_dumpable' needs to be set to 2.
+ the ptrace subsytsem could lead to information disclosure. Only systems
+ with the fs.suid_dumpable sysctl set to '2' are vulnerable.
CVE-2013-4162
@@ -58,7 +58,8 @@
CVE-2013-4299
- A bug in the device mapper can lead to information disclosure.
+ Fujitsu reported an issue in the device-mapper subsystem. Local users
+ could gain access to sensitive kernel memory.
CVE-2013-4345
@@ -127,13 +128,46 @@
A local user could cause a denial of service condition.
CVE-2014-0101
+
+ Nokia Siemens Networks reported an issue in the SCTP network protocol
+ subsystem. Remote users could cause a denial of service (NULL pointer
+ dereference).
+
CVE-2014-1444
+
+ Salva Peiro reported an issue in the FarSync WAN driver. Local users
+ with the CAP_NET_ADMIN capability could contain access to sensitive kernel
+ memory.
+
CVE-2014-1445
+
+ Salva Peiro reported an issue in the wanXL serial card driver. Local users
+ could contain access to sensitive kernel memory.
+
CVE-2014-1446
+
+ Salva Peiro reported an issue in the YAM radio modem driver. Local users
+ with the CAP_NET_ADMIN capability could contain access to sensitive kernel
+ memory.
+
CVE-2014-1874
+
+ Matthew Thode reported an issue in the SELinux subsystem. A local user
+ with CAP_MAC_ADMIN privileges could cause a denial of service by setting
+ an empty security context on a file.
+
CVE-2014-2039
+
+ Martin Schwidefsky reported an issue on s390 platforms. A local user
+ could cause a denial of service (kernel oops) by executing an application
+ with a linkage stack instruction.
+
CVE-2014-2523
+ Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp
+ module. Remote users could cause a denial of service (system crash)
+ or potentially gain elevated privileges.
+
For the oldstable distribution (squeeze), this problem has been fixed in
version 2.6.32-48squeeze5.
More information about the kernel-sec-discuss
mailing list