[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2766-1] linux-2.6 security update

;-) solang du spaß hattest oder es zu mindest lustig war

Am Sat Sep 28 01:24:02 2013 schrieb dann frazier:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ----------------------------------------------------------------------
> Debian Security Advisory DSA-2766-1                security@debian.org
> http://www.debian.org/security/                           Dann Frazier
> September 27, 2013                  http://www.debian.org/security/faq
> - ----------------------------------------------------------------------
>
> Package        : linux-2.6
> Vulnerability  : privilege escalation/denial of service/information leak
> Problem type   : local/remote
> Debian-specific: no
> CVE Id(s)      : CVE-2013-2141 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232
>                  CVE-2013-2234 CVE-2013-2237 CVE-2013-2239 CVE-2013-2851
>                  CVE-2013-2852 CVE-2013-2888 CVE-2013-2892
>
> Several vulnerabilities have been discovered in the Linux kernel that may lead
> to a denial of service, information leak or privilege escalation. The Common
> Vulnerabilities and Exposures project identifies the following problems:
>
> CVE-2013-2141
>
>     Emese Revfy provided a fix for an information leak in the tkill and
>     tgkill system calls. A local user on a 64-bit system maybe able to
>     gain access to sensitive memory contents.
>
> CVE-2013-2164
>
>     Jonathan Salwan reported an information leak in the CD-ROM driver. A
>     local user on a system with a malfunctioning CD-ROM drive could gain
>     access to sensitive memory.
>
> CVE-2013-2206
>
>     Karl Heiss reported an issue in the Linux SCTP implementation. A remote
>     user could cause a denial of service (system crash).
>
> CVE-2013-2232
>
>     Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6
>     subsystem. Local users could cause a denial of service by using an
>     AF_INET6 socket to connect to an IPv4 destination.
>
> CVE-2013-2234
>
>     Mathias Krause reported a memory leak in the implementation of PF_KEYv2
>     sockets. Local users could gain access to sensitive kernel memory.
>
> CVE-2013-2237
>
>     Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2
>     sockets. Local users could gain access to sensitive kernel memory.
>
> CVE-2013-2239
>
>     Jonathan Salwan discovered multiple memory leaks in the openvz kernel
>     flavor. Local users could gain access to sensitive kernel memory.
>
> CVE-2013-2851
>
>     Kees Cook reported an issue in the block subsystem. Local users with
>     uid 0 could gain elevated ring 0 privileges. This is only a security
>     issue for certain specially configured systems.
>
> CVE-2013-2852
>
>     Kees Cook reported an issue in the b43 network driver for certain Broadcom
>     wireless devices. Local users with uid 0 could gain elevated ring 0
>     privileges. This is only a security issue for certain specially configured
>     systems.
>
> CVE-2013-2888
>
>     Kees Cook reported an issue in the HID driver subsystem. A local user,
>     with the ability to attach a device, could cause a denial of service
>     (system crash).
>
> CVE-2013-2892
>
>     Kees Cook reported an issue in the pantherlord HID device driver. Local
>     users with the ability to attach a device could cause a denial of service
>     or possibly gain elevated privileges.
>
> For the oldstable distribution (squeeze), this problem has been fixed in
> version 2.6.32-48squeeze4.
>
> The following matrix lists additional source packages that were rebuilt for
> compatibility with or to take advantage of this update:
>
>                                              Debian 6.0 (squeeze)
>      user-mode-linux                         2.6.32-1um-4+48squeeze4
>
> We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
>
> Note: Debian carefully tracks all known security issues across every
> linux kernel package in all releases under active security support.
> However, given the high frequency at which low-severity security
> issues are discovered in the kernel and the resource requirements of
> doing an update, updates for lower priority issues will normally not
> be released for all kernels at the same time. Rather, they will be
> released in a staggered or "leap-frog" fashion.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (GNU/Linux)
>
> iQIcBAEBAgAGBQJSRhLtAAoJEBv4PF5U/IZA18oP/jpZRZu3XXN7t4GOLeH94vgg
> OyKwG+EyltAjYAq4XfCjUens5SfH8BylfXITpEkq2d2AWVI/K2fsuStpDbeHLtPo
> p1+x3s1xQynxQLPrnqZlOqs58iHEnKF/A9NyJHu/rAO1iA24B8hcNGPTWEL6007Z
> MWqJ0avaTXtgvOk/jRumR3qVlW0fskK5uS9lIVRX/S2WWQ2LPLwJ9URLV6YGeoi5
> gyMGCMgkqiMQsGt4CTCoLjk26R/W70ed138088sZOMqHxaMlAImDClOMpnD9i/2g
> XQ9mP0htmcyCdDB6I2H4QCQ6+YzAi424EL2j5b4ZX4NMjHs0sUYNfYWY/mRyg2kB
> o6GI+ZRXl7N02nZw6ugFU/HTk7J2IVFbtYUf7KclJR74QkcKTSFxTOKZQp4ElZU2
> gvdL4764JK8IfW0dk+jK7uzENWfu+U1JT8t+Ta8iuLKf+dx7BDT8uX9ebfSELJxo
> 5RX1OdmUcgIJsRxngPkr79QGIV13s1G/Af3dFqDGjCeOqlKS96OuatpkA45hwjEr
> LSKoVRX63zePo8Ru7NH6OLNI37RGCxHOwGO5Xu0lOR7NAizQ2afvcDnKfAh7DV9D
> Pg5pP9//WEYm++k872YkBkVPTCnRIasQ8kIZEk8ujWjheBCb3v0b/LNt12TcCgvp
> Vjlx35M/GhQFtoUfej+v
> =spE8
> -----END PGP SIGNATURE-----
>
>
Reply to: