[kernel-sec-discuss] r3326 - dsa-texts

Dann Frazier dannf at moszumanska.debian.org
Fri Apr 25 00:12:39 UTC 2014 

Author: dannf
Date: 2014-04-25 00:12:39 +0000 (Fri, 25 Apr 2014)
New Revision: 3326

Modified:
   dsa-texts/2.6.32-48squeeze5
Log:
clean up some working; released

Modified: dsa-texts/2.6.32-48squeeze5
===================================================================
--- dsa-texts/2.6.32-48squeeze5	2014-04-24 23:46:49 UTC (rev 3325)
+++ dsa-texts/2.6.32-48squeeze5	2014-04-25 00:12:39 UTC (rev 3326)
@@ -49,7 +49,8 @@
 
     Vasily Kulikov discovered that a flaw in the get_dumpable() function of
     the ptrace subsytsem could lead to information disclosure. Only systems
-    with the fs.suid_dumpable sysctl set to '2' are vulnerable.
+    with the fs.suid_dumpable sysctl set to a non-default value of '2' are
+    vulnerable.
 
 CVE-2013-4162
 
@@ -70,8 +71,9 @@
 
     Nico Golde and Fabian Yamaguchi reported an issue in the user mode
     linux port. A buffer overflow condition exists in the write method
-    for the /proc/exitcode file. Local users with sufficient privilege
-    to write to this file could gain elevated privileges.
+    for the /proc/exitcode file. Local users with sufficient privileges
+    allowing them to write to this file could gain further elevated
+    privileges.
 
 CVE-2013-4587
 
@@ -110,9 +112,7 @@
     from various vendors. A local user could gain elevated privileges due to
     a missing privilege level check in the aac_compat_ioctl function.
 
-CVE-2013-7263
-CVE-2013-7264
-CVE-2013-7265
+CVE-2013-7263 CVE-2013-7264 CVE-2013-7265
 
     mpb reported an information leak in the recvfrom, recvmmsg and recvmsg
     system calls. A local user could obtain access to sensitive kernel memory.
@@ -131,18 +131,18 @@
 CVE-2014-1444
 
     Salva Peiro reported an issue in the FarSync WAN driver. Local users
-    with the CAP_NET_ADMIN capability could contain access to sensitive kernel
+    with the CAP_NET_ADMIN capability could gain access to sensitive kernel
     memory.
 
 CVE-2014-1445
 
-    Salva Peiro reported an issue in the wanXL serial card driver. Local users
-    could contain access to sensitive kernel memory.
+    Salva Peiro reported an issue in the wanXL serial card driver. Local
+    users could gain access to sensitive kernel memory.
 
 CVE-2014-1446
 
     Salva Peiro reported an issue in the YAM radio modem driver. Local users
-    with the CAP_NET_ADMIN capability could contain access to sensitive kernel
+    with the CAP_NET_ADMIN capability could gain access to sensitive kernel
     memory.
 
 CVE-2014-1874
@@ -153,7 +153,7 @@
     
 CVE-2014-2039
 
-    Martin Schwidefsky reported an issue on s390 platforms. A local user
+    Martin Schwidefsky reported an issue on s390 systems. A local user
     could cause a denial of service (kernel oops) by executing an application
     with a linkage stack instruction.

More information about the kernel-sec-discuss mailing list