Debian: DSA-2632-1 Critical: Linux-2.6 Privilege Escalation and DoS
debian
February 26, 2013
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation
Topics Covered
Summary
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2013-0231
Jan Beulich provided a fix for an issue in the Xen PCI backend drivers.
Users of guests on a system using passed-through PCI devices can create
a denial of service of the host system due to the use of non-ratelimited
kernel log messages.
CVE-2013-0871
Suleiman Souhlal and Salman Qazi of Google, with help from Aaron Durbin
and Michael Davidson of Google, discovered an issue in the
ptrace subsystem. Due to a race condition with PTRACE_SETREGS, local users can cause kernel stack corruption and execution of arbitrary code.
For the stable distribution (squeeze), this problem has been fixed in version
2.6.32-48squeeze1.
The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux-2.6
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!