Debian Long Term Support / LTS Security Information / 2014 / Security Information -- DLA-0007-1 linux-2.6

Debian Security Advisory

DLA-0007-1 linux-2.6 -- LTS security update

Date Reported:

18 Jun 2014

Affected Packages:

linux-2.6

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-3153, CVE-2014-1438.

More information:

• CVE-2014-3153:

  Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

• CVE-2014-1438:

  The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.

For Debian 6 Squeeze, these issues have been fixed in linux-2.6 version 2.6.32-48squeeze7