Debian Security Advisory

DSA-2949-1 linux -- security update

Date Reported:
05 Jun 2014
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2014-3144, CVE-2014-3145, CVE-2014-3153.
More information:

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation:

  • CVE-2014-3144 / CVE-2014-3145

    A local user can cause a denial of service (system crash) via crafted BPF instructions.

  • CVE-2014-3153

    Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

For the stable distribution (wheezy), these problems have been fixed in version 3.2.57-3+deb7u2.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your linux packages.