-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-2668-1                security@debian.org
http://www.debian.org/security/                           Dann Frazier
May 14, 2013                        http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package        : linux-2.6
Vulnerability  : privilege escalation/denial of service/information leak
Problem type   : local/remote
Debian-specific: no
CVE Id(s)      : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-4508
                 CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542
                 CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6548
                 CVE-2012-6549 CVE-2013-0349 CVE-2013-0914 CVE-2013-1767
                 CVE-2013-1773 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796
                 CVE-2013-1798 CVE-2013-1826 CVE-2013-1860 CVE-2013-1928
                 CVE-2013-1929 CVE-2013-2015 CVE-2013-2634 CVE-2013-3222
                 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3228
                 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234 CVE-2013-3235

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service, information leak or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2012-2121

    Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU
    mapping of memory slots used in KVM device assignment. Local users with
    the ability to assign devices could cause a denial of service due to a
    memory page leak.

CVE-2012-3552

    Hafid Lin reported an issue in the IP networking subsystem. A remote user
    can cause a denial of service (system crash) on servers running
    applications that set options on sockets which are actively being
    processed.

CVE-2012-4461

    Jon Howell reported a denial of service issue in the KVM subsystem.
    On systems that do not support the XSAVE feature, local users with
    access to the /dev/kvm interface can cause a system crash.

CVE-2012-4508

    Dmitry Monakhov and Theodore Ts'o reported a race condition in the ext4
    filesystem. Local users could gain access to sensitive kernel memory.

CVE-2012-6537

    Mathias Krause discovered information leak issues in the Transformation
    user configuration interface. Local users with the CAP_NET_ADMIN capability
    can gain access to sensitive kernel memory.

CVE-2012-6539

    Mathias Krause discovered an issue in the networking subsystem. Local
    users on 64-bit systems can gain access to sensitive kernel memory.

CVE-2012-6540

    Mathias Krause discovered an issue in the Linux virtual server subsystem.
    Local users can gain access to sensitive kernel memory. Note: this issue
    does not affect Debian provided kernels, but may affect custom kernels
    built from Debian's linux-source-2.6.32 package.

CVE-2012-6542

    Mathias Krause discovered an issue in the LLC protocol support code.
    Local users can gain access to sensitive kernel memory.

CVE-2012-6544

    Mathias Krause discovered issues in the Bluetooth subsystem.
    Local users can gain access to sensitive kernel memory.

CVE-2012-6545

    Mathias Krause discovered issues in the Bluetooth RFCOMM protocol
    support. Local users can gain access to sensitive kernel memory.

CVE-2012-6546

    Mathias Krause discovered issues in the ATM networking support. Local
    users can gain access to sensitive kernel memory.

CVE-2012-6548

    Mathias Krause discovered an issue in the UDF file system support.
    Local users can obtain access to sensitive kernel memory.

CVE-2012-6549

    Mathias Krause discovered an issue in the isofs file system support.
    Local users can obtain access to sensitive kernel memory.

CVE-2013-0349

    Anderson Lizardo discovered an issue in the Bluetooth Human Interface
    Device Protocol (HIDP) stack. Local users can obtain access to sensitive
    kernel memory.

CVE-2013-0914

    Emese Revfy discovered an issue in the signal implementation. Local
    users maybe able to bypass the address space layout randomization (ASLR)
    facility due to a leaking of information to child processes.

CVE-2013-1767

    Greg Thelen reported an issue in the tmpfs virtual memory filesystem.
    Local users with sufficient privilege to mount filesystems can cause
    a denial of service or possibly elevated privileges due to a use-after-
    free defect.

CVE-2013-1773

    Alan Stern provided a fix for a defect in the UTF8->UTF16 string conversion
    facility used by the VFAT filesystem. A local user could cause a buffer
    overflow condition, resulting in a denial of service or potentially
    elevated privileges.

CVE-2013-1774

    Wolfgang Frisch provided a fix for a NULL-pointer dereference defect
    in the driver for some serial USB devices from Inside Out Networks.
    Local users with permission to access these devices can create a denial
    of service (kernel oops) by causing the device to be removed while it is
    in use.

CVE-2013-1792

    Mateusz Guzik of Red Hat EMEA GSS SEG Team discovered a race condition
    in the access key retention support in the kernel. A local user could
    cause a denial of service (NULL pointer dereference).

CVE-2013-1796

    Andrew Honig of Google reported an issue in the KVM subsystem. A user in
    a guest operating system could corrupt kernel memory, resulting in a
    denial of service.

CVE-2013-1798

    Andrew Honig of Google reported an issue in the KVM subsystem. A user in
    a guest operating system could cause a denial of service due to a use-
    after-free defect.
    
CVE-2013-1826

    Mathias Krause discovered an issue in the Transformation (XFRM) user
    configuration interface of the networking stack. A user with the
    CAP_NET_ADMIN capability maybe able to gain elevated privileges.
    
CVE-2013-1860

    Oliver Neukum discovered an issue in the USB CDC WCM Device Management
    driver. Local users with the ability to attach devices can cause a
    denial of service (kernel crash) or potentially gain elevated privileges.

CVE-2013-1928

    Kees Cook provided a fix for an information leak in the
    VIDEO_SET_SPU_PALETTE ioctl for 32-bit applications running on a 64-bit
    kernel. Local users can gain access to sensitive kernel memory.

CVE-2013-1929

    Oded Horovitz and Brad Spengler reported an issue in the device driver for
    Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach
    untrusted devices can create an overflow condition, resulting in a denial
    of service or elevated privileges.

CVE-2013-2015

    Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local
    users with the ability to mount a specially crafted filesystem can cause
    a denial of service (infinite loop).

CVE-2013-2634

    Mathias Krause discovered a few issues in the Data Center Bridging (DCB)
    netlink interface. Local users can gain access to sensitive kernel memory.

CVE-2013-3222

    Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM)
    protocol support. Local users can gain access to sensitive kernel memory.

CVE-2013-3223

    Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol
    support. Local users can gain access to sensitive kernel memory.

CVE-2013-3224

    Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users    can gain access to sensitive kernel memory.

CVE-2013-3225

    Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol
    support. Local users can gain access to sensitive kernel memory.
    
CVE-2013-3228

    Mathias Krauss discovered an issue in the IrDA (infrared) subsystem
    support. Local users can gain access to sensitive kernel memory.

CVE-2013-3229

    Mathias Krauss discovered an issue in the IUCV support on s390 systems.
    Local users can gain access to sensitive kernel memory.

CVE-2013-3231

    Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2
    protocol support. Local users can gain access to sensitive kernel memory.

CVE-2013-3234

    Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose)
    protocol support. Local users can gain access to sensitive kernel memory.

CVE-2013-3235

    Mathias Krauss discovered an issue in the Transparent Inter Process
    Communication (TIPC) protocol support. Local users can gain access to
    sensitive kernel memory.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2.6.32-48squeeze3.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

                                             Debian 6.0 (squeeze)
     user-mode-linux                         2.6.32-1um-4+48squeeze3

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-2668-1: linux-2.6 security update

May 14, 2013
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation

Summary

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service, information leak or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2012-2121

Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU
mapping of memory slots used in KVM device assignment. Local users with
the ability to assign devices could cause a denial of service due to a
memory page leak.

CVE-2012-3552

Hafid Lin reported an issue in the IP networking subsystem. A remote user
can cause a denial of service (system crash) on servers running
applications that set options on sockets which are actively being
processed.

CVE-2012-4461

Jon Howell reported a denial of service issue in the KVM subsystem.
On systems that do not support the XSAVE feature, local users with
access to the /dev/kvm interface can cause a system crash.

CVE-2012-4508

Dmitry Monakhov and Theodore Ts'o reported a race condition in the ext4
filesystem. Local users could gain access to sensitive kernel memory.

CVE-2012-6537

Mathias Krause discovered information leak issues in the Transformation
user configuration interface. Local users with the CAP_NET_ADMIN capability
can gain access to sensitive kernel memory.

CVE-2012-6539

Mathias Krause discovered an issue in the networking subsystem. Local
users on 64-bit systems can gain access to sensitive kernel memory.

CVE-2012-6540

Mathias Krause discovered an issue in the Linux virtual server subsystem.
Local users can gain access to sensitive kernel memory. Note: this issue
does not affect Debian provided kernels, but may affect custom kernels
built from Debian's linux-source-2.6.32 package.

CVE-2012-6542

Mathias Krause discovered an issue in the LLC protocol support code.
Local users can gain access to sensitive kernel memory.

CVE-2012-6544

Mathias Krause discovered issues in the Bluetooth subsystem.
Local users can gain access to sensitive kernel memory.

CVE-2012-6545

Mathias Krause discovered issues in the Bluetooth RFCOMM protocol
support. Local users can gain access to sensitive kernel memory.

CVE-2012-6546

Mathias Krause discovered issues in the ATM networking support. Local
users can gain access to sensitive kernel memory.

CVE-2012-6548

Mathias Krause discovered an issue in the UDF file system support.
Local users can obtain access to sensitive kernel memory.

CVE-2012-6549

Mathias Krause discovered an issue in the isofs file system support.
Local users can obtain access to sensitive kernel memory.

CVE-2013-0349

Anderson Lizardo discovered an issue in the Bluetooth Human Interface
Device Protocol (HIDP) stack. Local users can obtain access to sensitive
kernel memory.

CVE-2013-0914

Emese Revfy discovered an issue in the signal implementation. Local
users maybe able to bypass the address space layout randomization (ASLR)
facility due to a leaking of information to child processes.

CVE-2013-1767

Greg Thelen reported an issue in the tmpfs virtual memory filesystem.
Local users with sufficient privilege to mount filesystems can cause
a denial of service or possibly elevated privileges due to a use-after-
free defect.

CVE-2013-1773

Alan Stern provided a fix for a defect in the UTF8->UTF16 string conversion
facility used by the VFAT filesystem. A local user could cause a buffer
overflow condition, resulting in a denial of service or potentially
elevated privileges.

CVE-2013-1774

Wolfgang Frisch provided a fix for a NULL-pointer dereference defect
in the driver for some serial USB devices from Inside Out Networks.
Local users with permission to access these devices can create a denial
of service (kernel oops) by causing the device to be removed while it is
in use.

CVE-2013-1792

Mateusz Guzik of Red Hat EMEA GSS SEG Team discovered a race condition
in the access key retention support in the kernel. A local user could
cause a denial of service (NULL pointer dereference).

CVE-2013-1796

Andrew Honig of Google reported an issue in the KVM subsystem. A user in
a guest operating system could corrupt kernel memory, resulting in a
denial of service.

CVE-2013-1798

Andrew Honig of Google reported an issue in the KVM subsystem. A user in
a guest operating system could cause a denial of service due to a use-
after-free defect.

CVE-2013-1826

Mathias Krause discovered an issue in the Transformation (XFRM) user
configuration interface of the networking stack. A user with the
CAP_NET_ADMIN capability maybe able to gain elevated privileges.

CVE-2013-1860

Oliver Neukum discovered an issue in the USB CDC WCM Device Management
driver. Local users with the ability to attach devices can cause a
denial of service (kernel crash) or potentially gain elevated privileges.

CVE-2013-1928

Kees Cook provided a fix for an information leak in the
VIDEO_SET_SPU_PALETTE ioctl for 32-bit applications running on a 64-bit
kernel. Local users can gain access to sensitive kernel memory.

CVE-2013-1929

Oded Horovitz and Brad Spengler reported an issue in the device driver for
Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach
untrusted devices can create an overflow condition, resulting in a denial
of service or elevated privileges.

CVE-2013-2015

Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local
users with the ability to mount a specially crafted filesystem can cause
a denial of service (infinite loop).

CVE-2013-2634

Mathias Krause discovered a few issues in the Data Center Bridging (DCB)
netlink interface. Local users can gain access to sensitive kernel memory.

CVE-2013-3222

Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM)
protocol support. Local users can gain access to sensitive kernel memory.

CVE-2013-3223

Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol
support. Local users can gain access to sensitive kernel memory.

CVE-2013-3224

Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users can gain access to sensitive kernel memory.

CVE-2013-3225

Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol
support. Local users can gain access to sensitive kernel memory.

CVE-2013-3228

Mathias Krauss discovered an issue in the IrDA (infrared) subsystem
support. Local users can gain access to sensitive kernel memory.

CVE-2013-3229

Mathias Krauss discovered an issue in the IUCV support on s390 systems.
Local users can gain access to sensitive kernel memory.

CVE-2013-3231

Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2
protocol support. Local users can gain access to sensitive kernel memory.

CVE-2013-3234

Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose)
protocol support. Local users can gain access to sensitive kernel memory.

CVE-2013-3235

Mathias Krauss discovered an issue in the Transparent Inter Process
Communication (TIPC) protocol support. Local users can gain access to
sensitive kernel memory.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2.6.32-48squeeze3.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

Debian 6.0 (squeeze)
user-mode-linux 2.6.32-1um-4+48squeeze3

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-4508
CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542
CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6548
CVE-2012-6549 CVE-2013-0349 CVE-2013-0914 CVE-2013-1767
CVE-2013-1773 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796
CVE-2013-1798 CVE-2013-1826 CVE-2013-1860 CVE-2013-1928
CVE-2013-1929 CVE-2013-2015 CVE-2013-2634 CVE-2013-3222
CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3228
CVE-2013-3229 CVE-2013-3231 CVE-2013-3234 CVE-2013-3235

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up