Debian: DSA-2992-1: linux security update

    Date 29 Jul 2014
    98
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation: CVE-2014-3534
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-2992-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                      Salvatore Bonaccorso
    July 29, 2014                          https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : linux
    CVE ID         : CVE-2014-3534 CVE-2014-4667 CVE-2014-4943
    Debian Bug     : 728705
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a denial of service or privilege escalation:
    
    CVE-2014-3534
    
        Martin Schwidefsky of IBM discovered that the ptrace subsystem does
        not properly sanitize the psw mask value. On s390 systems, an
        unprivileged local user could use this flaw to set address space
        control bits to kernel space combination and thus gain read/write
        access to kernel memory.
    
    CVE-2014-4667
    
        Gopal Reddy Kodudula of Nokia Siemens Networks discovered that the
        sctp_association_free function does not properly manage a certain
        backlog value, which allows remote attackers to cause a denial of
        service (socket outage) via a crafted SCTP packet.
    
    CVE-2014-4943
    
        Sasha Levin discovered a flaw in the Linux kernel's point-to-point
        protocol (PPP) when used with the Layer Two Tunneling Protocol
        (L2TP). An unprivileged local user could use this flaw for privilege
        escalation.
    
    For the stable distribution (wheezy), these problems have been fixed in
    version 3.2.60-1+deb7u3.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 3.14.13-2.
    
    We recommend that you upgrade your linux packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"7","type":"x","order":"1","pct":100,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.