[kernel-sec-discuss] r3326 - dsa-texts
Dann Frazier
dannf at moszumanska.debian.org
Fri Apr 25 00:12:39 UTC 2014
Author: dannf
Date: 2014-04-25 00:12:39 +0000 (Fri, 25 Apr 2014)
New Revision: 3326
Modified:
dsa-texts/2.6.32-48squeeze5
Log:
clean up some working; released
Modified: dsa-texts/2.6.32-48squeeze5
===================================================================
--- dsa-texts/2.6.32-48squeeze5 2014-04-24 23:46:49 UTC (rev 3325)
+++ dsa-texts/2.6.32-48squeeze5 2014-04-25 00:12:39 UTC (rev 3326)
@@ -49,7 +49,8 @@
Vasily Kulikov discovered that a flaw in the get_dumpable() function of
the ptrace subsytsem could lead to information disclosure. Only systems
- with the fs.suid_dumpable sysctl set to '2' are vulnerable.
+ with the fs.suid_dumpable sysctl set to a non-default value of '2' are
+ vulnerable.
CVE-2013-4162
@@ -70,8 +71,9 @@
Nico Golde and Fabian Yamaguchi reported an issue in the user mode
linux port. A buffer overflow condition exists in the write method
- for the /proc/exitcode file. Local users with sufficient privilege
- to write to this file could gain elevated privileges.
+ for the /proc/exitcode file. Local users with sufficient privileges
+ allowing them to write to this file could gain further elevated
+ privileges.
CVE-2013-4587
@@ -110,9 +112,7 @@
from various vendors. A local user could gain elevated privileges due to
a missing privilege level check in the aac_compat_ioctl function.
-CVE-2013-7263
-CVE-2013-7264
-CVE-2013-7265
+CVE-2013-7263 CVE-2013-7264 CVE-2013-7265
mpb reported an information leak in the recvfrom, recvmmsg and recvmsg
system calls. A local user could obtain access to sensitive kernel memory.
@@ -131,18 +131,18 @@
CVE-2014-1444
Salva Peiro reported an issue in the FarSync WAN driver. Local users
- with the CAP_NET_ADMIN capability could contain access to sensitive kernel
+ with the CAP_NET_ADMIN capability could gain access to sensitive kernel
memory.
CVE-2014-1445
- Salva Peiro reported an issue in the wanXL serial card driver. Local users
- could contain access to sensitive kernel memory.
+ Salva Peiro reported an issue in the wanXL serial card driver. Local
+ users could gain access to sensitive kernel memory.
CVE-2014-1446
Salva Peiro reported an issue in the YAM radio modem driver. Local users
- with the CAP_NET_ADMIN capability could contain access to sensitive kernel
+ with the CAP_NET_ADMIN capability could gain access to sensitive kernel
memory.
CVE-2014-1874
@@ -153,7 +153,7 @@
CVE-2014-2039
- Martin Schwidefsky reported an issue on s390 platforms. A local user
+ Martin Schwidefsky reported an issue on s390 systems. A local user
could cause a denial of service (kernel oops) by executing an application
with a linkage stack instruction.
More information about the kernel-sec-discuss
mailing list