1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2928-1] linux-2.6 security update

    From dann frazier@1:229/2 to All on Wed May 14 20:30:02 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ----------------------------------------------------------------------
    Debian Security Advisory DSA-2928-1 [email protected] http://www.debian.org/security/ Dann Frazier
    May 14, 2014 http://www.debian.org/security/faq
    - ----------------------------------------------------------------------

    Package : linux-2.6
    Vulnerability : privilege escalation/denial of service/information leak Problem type : local
    Debian-specific: no
    CVE Id(s) : CVE-2014-0196 CVE-2014-1737 CVE-2014-1738

    Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:

    CVE-2014-0196

    Jiri Slaby discovered a race condition in the pty layer, which could lead
    to a denial of service or privilege escalation.

    CVE-2014-1737 CVE-2014-1738

    Matthew Daley discovered an information leak and missing input
    sanitising in the FDRAWCMD ioctl of the floppy driver. This could result
    in a privilege escalation.

    For the oldstable distribution (squeeze), this problem has been fixed in version 2.6.32-48squeeze6.

    The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update:

    Debian 6.0 (squeeze)
    user-mode-linux 2.6.32-1um-4+48squeeze6

    We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

    Note: Debian carefully tracks all known security issues across every
    linux kernel package in all releases under active security support.
    However, given the high frequency at which low-severity security
    issues are discovered in the kernel and the resource requirements of
    doing an update, updates for lower priority issues will normally not
    be released for all kernels at the same time. Rather, they will be
    released in a staggered or "leap-frog" fashion.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJTc7LUAAoJEBv4PF5U/IZA8NoQAIyX2/8dvzsbg3OLweZJkjYu Ot4ixGKWN7cq1Xf9X/DSKqYcfsUUe8p/7zG8aNyMOB2Drw+m9onqjk1TtcL+UCu5 xrYNDXrGNaF7DB+79XKvlT1tuTa2nYs+S9TmtYEPNoSOQbAIYFE3Y5Kuiynb2Cg1 3ri0FrYMjPEH7ByS72qyvRQAJ6yMpjOIDL1Et3Q/H5QjrV4hyMVGfV398+c+lIdc wBAwosMX73XA4Z8HkriDG5Af+QMwEB/CtOuOnEGFneXYCKdVlGXCacR8HJxavtCr N0ffNdVe39OvM0W10WzVYiGmB1d/f1aLAWLbQg5b7bXZNEbjNpg3G5hFdjXJxf9z SQ7jO+pTaSepzwiHb4o7m3LV70tFZv9gDV8nA2iDIMBldZxJAeVD8HtiDC/2UIBU 3N4fIJiI201X5P2f0IFeKNPlNlanj2byG1pAFC/sI3s+HJPJhpa6d8Ui7yH26vbM WOiFLFlvX7e7RC7WKWBgQTQ0SRfKZ32juFxKnQqa6mqtg8E1SxMV0aCBgEvBM2Bi MoXwm+3DVqlbVb4niWKqNymFKHJTSEPDHY8BgAR4GHpIKSs2yFaSZYwpVdAydYkg sxGHdHimJQ17Q49SRf/n4u9bq3B6bTlOBJB2G0CwyHVmIqRoaLET3Rt9mvF4tsOO B+aTRD4WKSaC3hfc7iPR
    =gGjD
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)