[kernel-sec-discuss] r2653 - dsa-texts

Dann Frazier dannf at alioth.debian.org
Mon Mar 26 04:05:07 UTC 2012 

Author: dannf
Date: 2012-03-26 04:05:05 +0000 (Mon, 26 Mar 2012)
New Revision: 2653

Added:
   dsa-texts/2.6.32-41squeeze2
Log:
new text

Copied: dsa-texts/2.6.32-41squeeze2 (from rev 2651, dsa-texts/2.6.32-39squeeze1)
===================================================================
--- dsa-texts/2.6.32-41squeeze2	                        (rev 0)
+++ dsa-texts/2.6.32-41squeeze2	2012-03-26 04:05:05 UTC (rev 2653)
@@ -0,0 +1,69 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security at debian.org
+http://www.debian.org/security/                           Dann Frazier
+March XX, 2012                      http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux-2.6
+Vulnerability  : privilege escalation/denial of service/information leak
+Problem type   : local/remote
+Debian-specific: no
+CVE Id(s)      : CVE-2009-4307 CVE-2011-1833 CVE-2011-4127 CVE-2011-4347
+                 CVE-2012-0045 CVE-2012-1090 CVE-2012-1097
+
+Several vulnerabilities have been discovered in the Linux kernel that may lead
+to a denial of service or privilege escalation. The Common Vulnerabilities and
+Exposures project identifies the following problems:
+
+CVE-2009-4307
+
+    Nageswara R Sastry reported an issue in the ext4 filesystem. Local users
+    with the privileges to mount a filesystem can cause a denial of service
+    (BUG) by providing a s_log_groups_per_flex value greater than 31.
+
+CVE-2011-1833
+
+    Vasiliy Kulikov of Openwall and Dan Rosenberg discovered an information
+    leak in the eCryptfs filesystem. Local users were able to mount arbitrary
+    directories.
+
+CVE-2011-4347
+
+    Sasha Levin reported an issue in the device assignment functionality
+    in KVM. Local users with permission to access /dev/kvm could assign
+    unused pci devices to a guest and cause a denial of service (crash).
+
+CVE-2012-0045
+
+    Stephan Barwolf reported an issue in KVM. Local users in a 32-bit
+    guest running on a 64-bit system can crash the guest with a syscall
+    instruction.
+
+CVE-2012-1090
+
+    CAI Qian reported an issue in the CIFS filesystem. A reference count
+    leak can occur during the lookup of special files, resulting in a
+    denial of service (oops) on umount.
+
+CVE-2012-1097
+
+    H. Peter Anvin reported an issue in the regset infrastructure. Local
+    users can cause a denial of service (NULL pointer dereference) by
+    triggering the write methods of readonly regsets.
+
+For the stable distribution (squeeze), this problem has been fixed in version
+2.6.32-41squeeze2.
+
+The following matrix lists additional source packages that were rebuilt for
+compatibility with or to take advantage of this update:
+
+                                             Debian 6.0 (squeeze)
+     user-mode-linux                         2.6.32-1um-4+41squeeze2
+
+We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: http://www.debian.org/security/
+
+Mailing list: debian-security-announce at lists.debian.org

More information about the kernel-sec-discuss mailing list