Debian: DSA-2766-1: linux-2.6 security update

    Date27 Sep 2013
    CategoryDebian
    33
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ----------------------------------------------------------------------
    Debian Security Advisory DSA-2766-1                This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Dann Frazier
    September 27, 2013                  http://www.debian.org/security/faq
    - ----------------------------------------------------------------------
    
    Package        : linux-2.6
    Vulnerability  : privilege escalation/denial of service/information leak
    Problem type   : local/remote
    Debian-specific: no
    CVE Id(s)      : CVE-2013-2141 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232
                     CVE-2013-2234 CVE-2013-2237 CVE-2013-2239 CVE-2013-2851
                     CVE-2013-2852 CVE-2013-2888 CVE-2013-2892
    
    Several vulnerabilities have been discovered in the Linux kernel that may lead
    to a denial of service, information leak or privilege escalation. The Common
    Vulnerabilities and Exposures project identifies the following problems:
    
    CVE-2013-2141
    
        Emese Revfy provided a fix for an information leak in the tkill and
        tgkill system calls. A local user on a 64-bit system maybe able to
        gain access to sensitive memory contents.
    
    CVE-2013-2164
    
        Jonathan Salwan reported an information leak in the CD-ROM driver. A
        local user on a system with a malfunctioning CD-ROM drive could gain
        access to sensitive memory.
    
    CVE-2013-2206
    
        Karl Heiss reported an issue in the Linux SCTP implementation. A remote
        user could cause a denial of service (system crash).
    
    CVE-2013-2232
    
        Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6
        subsystem. Local users could cause a denial of service by using an
        AF_INET6 socket to connect to an IPv4 destination.
    
    CVE-2013-2234
    
        Mathias Krause reported a memory leak in the implementation of PF_KEYv2
        sockets. Local users could gain access to sensitive kernel memory.
    
    CVE-2013-2237
    
        Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2
        sockets. Local users could gain access to sensitive kernel memory.
    
    CVE-2013-2239
    
        Jonathan Salwan discovered multiple memory leaks in the openvz kernel
        flavor. Local users could gain access to sensitive kernel memory.
    
    CVE-2013-2851
    
        Kees Cook reported an issue in the block subsystem. Local users with
        uid 0 could gain elevated ring 0 privileges. This is only a security
        issue for certain specially configured systems.
    
    CVE-2013-2852
    
        Kees Cook reported an issue in the b43 network driver for certain Broadcom
        wireless devices. Local users with uid 0 could gain elevated ring 0 
        privileges. This is only a security issue for certain specially configured
        systems.
    
    CVE-2013-2888
    
        Kees Cook reported an issue in the HID driver subsystem. A local user,
        with the ability to attach a device, could cause a denial of service
        (system crash).
    
    CVE-2013-2892
    
        Kees Cook reported an issue in the pantherlord HID device driver. Local
        users with the ability to attach a device could cause a denial of service
        or possibly gain elevated privileges.
    
    For the oldstable distribution (squeeze), this problem has been fixed in
    version 2.6.32-48squeeze4.
    
    The following matrix lists additional source packages that were rebuilt for
    compatibility with or to take advantage of this update:
    
                                                 Debian 6.0 (squeeze)
         user-mode-linux                         2.6.32-1um-4+48squeeze4
    
    We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
    
    Note: Debian carefully tracks all known security issues across every
    linux kernel package in all releases under active security support.
    However, given the high frequency at which low-severity security
    issues are discovered in the kernel and the resource requirements of
    doing an update, updates for lower priority issues will normally not
    be released for all kernels at the same time. Rather, they will be
    released in a staggered or "leap-frog" fashion.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.