[SECURITY] [DLA 103-1] linux-2.6 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 103-1] linux-2.6 security update
From: Holger Levsen <holger@layer-acht.org>
Date: Tue, 9 Dec 2014 02:05:55 +0100
Message-id: <[🔎] 201412090206.03542.holger@layer-acht.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : linux-2.6
Version        : CVE-2014-90902.6.32-48squeeze9
CVE ID         : CVE-2012-6657 CVE-2013-0228 CVE-2013-7266 CVE-2014-4157 
                 CVE-2014-4508 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655
                 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472

This security upload has been prepared in cooperation of the Debian Kernel, 
Security and LTS Teams and features the upstream stable release 2.6.32.64 (see 
https://lkml.org/lkml/2014/11/23/181 for more information for that). It fixes 
the CVEs described below.

Note: if you are using the openvz flavors, please consider three things: a.) 
we haven't got any feedback on them (while we have for all other flavors) b.) 
so do your test before deploying them and c.) once you have done so, please 
give feedback to debian-lts@lists.debian.org. 

If you are not using openvz flavors, please still consider b+c :-)


CVE-2012-6657

Fix the sock_setsockopt function to prevent local users from being able to 
cause a denial of service (system crash) attack.

CVE-2013-0228

Fix a XEN priviledge escalation, which allowed guest OS users to gain guest OS 
priviledges.

CVE-2013-7266

Fix the mISDN_sock_recvmsg function to prevent local users from obtaining 
sensitive information from kernel memory.

CVE-2014-4157

MIPS platform: prevent local users from bypassing intended PR_SET_SECCOMP 
restrictions.

CVE-2014-4508

Prevent local users from causing a denial of service (OOPS and system crash) 
when syscall auditing is enabled .

CVE-2014-4653
CVE-2014-4654
CVE-2014-4655

Fix the ALSA control implementation to prevent local users from causing a 
denial of service attack and from obtaining sensitive information from kernel 
memory.

CVE-2014-4943

Fix PPPoL2TP feature to prevent local users to from gaining privileges.

CVE-2014-5077

Prevent remote attackers from causing a denial of service attack involving 
SCTP.

CVE-2014-5471
CVE-2014-5472

Fix the parse_rock_ridge_inode_internal function to prevent local users from 
causing a denial of service attack via a crafted iso9660 images.

CVE-2014-9090

Fix the do_double_fault function to prevent local users from causing a denial 
of service (panic) attack.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: [SECURITY] [DLA 102-1] tcpdump security update
Next by Date: [SECURITY] [DLA 104-1] pdns-recursor security update
Previous by thread: [SECURITY] [DLA 102-1] tcpdump security update
Next by thread: [SECURITY] [DLA 104-1] pdns-recursor security update
Index(es):
- Date
- Thread