;-) solang du spaß hattest oder es zu mindest lustig war Am Sat Sep 28 01:24:02 2013 schrieb dann frazier: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ---------------------------------------------------------------------- > Debian Security Advisory DSA-2766-1 [email protected] > http://www.debian.org/security/ Dann Frazier > September 27, 2013 http://www.debian.org/security/faq > - ---------------------------------------------------------------------- > > Package : linux-2.6 > Vulnerability : privilege escalation/denial of service/information leak > Problem type : local/remote > Debian-specific: no > CVE Id(s) : CVE-2013-2141 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232 > CVE-2013-2234 CVE-2013-2237 CVE-2013-2239 CVE-2013-2851 > CVE-2013-2852 CVE-2013-2888 CVE-2013-2892 > > Several vulnerabilities have been discovered in the Linux kernel that may lead > to a denial of service, information leak or privilege escalation. The Common > Vulnerabilities and Exposures project identifies the following problems: > > CVE-2013-2141 > > Emese Revfy provided a fix for an information leak in the tkill and > tgkill system calls. A local user on a 64-bit system maybe able to > gain access to sensitive memory contents. > > CVE-2013-2164 > > Jonathan Salwan reported an information leak in the CD-ROM driver. A > local user on a system with a malfunctioning CD-ROM drive could gain > access to sensitive memory. > > CVE-2013-2206 > > Karl Heiss reported an issue in the Linux SCTP implementation. A remote > user could cause a denial of service (system crash). > > CVE-2013-2232 > > Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6 > subsystem. Local users could cause a denial of service by using an > AF_INET6 socket to connect to an IPv4 destination. > > CVE-2013-2234 > > Mathias Krause reported a memory leak in the implementation of PF_KEYv2 > sockets. Local users could gain access to sensitive kernel memory. > > CVE-2013-2237 > > Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2 > sockets. Local users could gain access to sensitive kernel memory. > > CVE-2013-2239 > > Jonathan Salwan discovered multiple memory leaks in the openvz kernel > flavor. Local users could gain access to sensitive kernel memory. > > CVE-2013-2851 > > Kees Cook reported an issue in the block subsystem. Local users with > uid 0 could gain elevated ring 0 privileges. This is only a security > issue for certain specially configured systems. > > CVE-2013-2852 > > Kees Cook reported an issue in the b43 network driver for certain Broadcom > wireless devices. Local users with uid 0 could gain elevated ring 0 > privileges. This is only a security issue for certain specially configured > systems. > > CVE-2013-2888 > > Kees Cook reported an issue in the HID driver subsystem. A local user, > with the ability to attach a device, could cause a denial of service > (system crash). > > CVE-2013-2892 > > Kees Cook reported an issue in the pantherlord HID device driver. Local > users with the ability to attach a device could cause a denial of service > or possibly gain elevated privileges. > > For the oldstable distribution (squeeze), this problem has been fixed in > version 2.6.32-48squeeze4. > > The following matrix lists additional source packages that were rebuilt for > compatibility with or to take advantage of this update: > > Debian 6.0 (squeeze) > user-mode-linux 2.6.32-1um-4+48squeeze4 > > We recommend that you upgrade your linux-2.6 and user-mode-linux packages. > > Note: Debian carefully tracks all known security issues across every > linux kernel package in all releases under active security support. > However, given the high frequency at which low-severity security > issues are discovered in the kernel and the resource requirements of > doing an update, updates for lower priority issues will normally not > be released for all kernels at the same time. Rather, they will be > released in a staggered or "leap-frog" fashion. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.14 (GNU/Linux) > > iQIcBAEBAgAGBQJSRhLtAAoJEBv4PF5U/IZA18oP/jpZRZu3XXN7t4GOLeH94vgg > OyKwG+EyltAjYAq4XfCjUens5SfH8BylfXITpEkq2d2AWVI/K2fsuStpDbeHLtPo > p1+x3s1xQynxQLPrnqZlOqs58iHEnKF/A9NyJHu/rAO1iA24B8hcNGPTWEL6007Z > MWqJ0avaTXtgvOk/jRumR3qVlW0fskK5uS9lIVRX/S2WWQ2LPLwJ9URLV6YGeoi5 > gyMGCMgkqiMQsGt4CTCoLjk26R/W70ed138088sZOMqHxaMlAImDClOMpnD9i/2g > XQ9mP0htmcyCdDB6I2H4QCQ6+YzAi424EL2j5b4ZX4NMjHs0sUYNfYWY/mRyg2kB > o6GI+ZRXl7N02nZw6ugFU/HTk7J2IVFbtYUf7KclJR74QkcKTSFxTOKZQp4ElZU2 > gvdL4764JK8IfW0dk+jK7uzENWfu+U1JT8t+Ta8iuLKf+dx7BDT8uX9ebfSELJxo > 5RX1OdmUcgIJsRxngPkr79QGIV13s1G/Af3dFqDGjCeOqlKS96OuatpkA45hwjEr > LSKoVRX63zePo8Ru7NH6OLNI37RGCxHOwGO5Xu0lOR7NAizQ2afvcDnKfAh7DV9D > Pg5pP9//WEYm++k872YkBkVPTCnRIasQ8kIZEk8ujWjheBCb3v0b/LNt12TcCgvp > Vjlx35M/GhQFtoUfej+v > =spE8 > -----END PGP SIGNATURE----- > >
-- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
