Debian 7 Wheezy DSA-2992-1 Critical: Linux Kernel Denial Of Service
debian
July 29, 2014
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation: CVE-2014-3534
Summary
CVE-2014-3534
Martin Schwidefsky of IBM discovered that the ptrace subsystem does
not properly sanitize the psw mask value. On s390 systems, an
unprivileged local user could use this flaw to set address space
control bits to kernel space combination and thus gain read/write
access to kernel memory.
CVE-2014-4667
Gopal Reddy Kodudula of Nokia Siemens Networks discovered that the
sctp_association_free function does not properly manage a certain
backlog value, which allows remote attackers to cause a denial of
service (socket outage) via a crafted SCTP packet.
CVE-2014-4943
Sasha Levin discovered a flaw in the Linux kernel's point-to-point
protocol (PPP) when used with the Layer Two Tunneling Protocol
(L2TP). An unprivileged local user could use this flaw for privilege
escalation.
For the stable distribution (wheezy), these problems have been fixed in
version 3.2.60-1+deb7u3.
For the unstable distribution (sid), these problems have been fixed in
version...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux
CVE ID: CVE-2014-3534 CVE-2014-4667 CVE-2014-4943
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!