Debian Security Advisory

DLA-0007-1 linux-2.6 -- LTS security update

Date Reported:
18 Jun 2014
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2014-3153, CVE-2014-1438.
More information:
  • CVE-2014-3153:

    Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

  • CVE-2014-1438:

    The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.

For Debian 6 Squeeze, these issues have been fixed in linux-2.6 version 2.6.32-48squeeze7