exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 2669-1

Debian Security Advisory 2669-1
Posted May 16, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2669-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-0160, CVE-2013-1796, CVE-2013-1929, CVE-2013-1979, CVE-2013-2015, CVE-2013-2094, CVE-2013-3076, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224, CVE-2013-3225, CVE-2013-3227, CVE-2013-3228, CVE-2013-3229, CVE-2013-3231, CVE-2013-3234, CVE-2013-3235, CVE-2013-3301
SHA-256 | bcfe3afbb4182656ff4cebf2d30b08f1bd994ad473bc4830c1ed33aa786d930e

Debian Security Advisory 2669-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-2669-1 security@debian.org
http://www.debian.org/security/ Dann Frazier
May 15, 2013 http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package : linux
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2013-0160 CVE-2013-1796 CVE-2013-1929 CVE-2013-1979
CVE-2013-2015 CVE-2013-2094 CVE-2013-3076 CVE-2013-3222
CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227
CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234
CVE-2013-3235 CVE-2013-3301

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service, information leak or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2013-0160

vladz reported a timing leak with the /dev/ptmx character device. A local
user could use this to determine sensitive information such as password
length.

CVE-2013-1796

Andrew Honig of Google reported an issue in the KVM subsystem. A user in
a guest operating system could corrupt kernel memory, resulting in a
denial of service.

CVE-2013-1929

Oded Horovitz and Brad Spengler reported an issue in the device driver for
Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach
untrusted devices can create an overflow condition, resulting in a denial
of service or elevated privileges.

CVE-2013-1979

Andy Lutomirski reported an issue in the socket level control message
processing subsystem. Local users maybe able to gain eleveated privileges.

CVE-2013-2015

Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local
users with the ability to mount a specially crafted filesystem can cause
a denial of service (infinite loop).

CVE-2013-2094

Tommie Rantala discovered an issue in the perf subsystem. An out-of-bounds
access vulnerability allows local users to gain elevated privileges.

CVE-2013-3076

Mathias Krauss discovered an issue in the userspace interface for hash
algorithms. Local users can gain access to sensitive kernel memory.

CVE-2013-3222

Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM)
protocol support. Local users can gain access to sensitive kernel memory.

CVE-2013-3223

Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol
support. Local users can gain access to sensitive kernel memory.

CVE-2013-3224

Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users
can gain access to sensitive kernel memory.

CVE-2013-3225

Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol
support. Local users can gain access to sensitive kernel memory.

CVE-2013-3227

Mathias Krauss discovered an issue in the Communication CPU to Application
CPU Interface (CAIF). Local users can gain access to sensitive kernel
memory.

CVE-2013-3228

Mathias Krauss discovered an issue in the IrDA (infrared) subsystem
support. Local users can gain access to sensitive kernel memory.

CVE-2013-3229

Mathias Krauss discovered an issue in the IUCV support on s390 systems.
Local users can gain access to sensitive kernel memory.

CVE-2013-3231

Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2
protocol support. Local users can gain access to sensitive kernel memory.

CVE-2013-3234

Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose)
protocol support. Local users can gain access to sensitive kernel memory.

CVE-2013-3235

Mathias Krauss discovered an issue in the Transparent Inter Process
Communication (TIPC) protocol support. Local users can gain access to
sensitive kernel memory.

CVE-2013-3301

Namhyung Kim reported an issue in the tracing subsystem. A privileged
local user could cause a denial of service (system crash). This
vulnerabililty is not applicable to Debian systems by default.

For the stable distribution (wheezy), this problem has been fixed in version
3.2.41-2+deb7u1.

Note: Updates are currently available for the amd64, i386, ia64, s390, s390x
and sparc architectures. Updates for the remaining architectures will be
released as they become available.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

Debian 7.0 (wheezy)
user-mode-linux 3.2-2um-1+deb7u1

We recommend that you upgrade your linux and user-mode-linux packages.

Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJRlEd/AAoJEBv4PF5U/IZAbvYP/jsvKFYB+JijcZNsVjSsYAq+
Lz2uIXt/ZKkt/TGyM0ZOomX36YXHuWruUaRQR3dP3mH4abjq1W8opuWQfCWGYyt/
Rx9HeobGhoMFtZhbEwfNvVHqhb6YtXiocTUUHdpP17CfH+M2VPWEWoIOaRJ0nTpq
uYuHLMpaUc5oKiFY7mQne9BKXY34r+fySOmWNisb7/3VEIRCJCmiN/ZFLzYnEQZb
Y0wV/PwEQV9vV8WXAFZiR3uRwfXtFY5uHYP1PRRB0kvKdAu38ck6o7ZZheAFiluy
jLPZqNObF9I83nw7cXx7hCyU6JdBYNx6g8IK70JOLX8Orr77+tAmhEVniH7uNw1G
DrnpJFqJK0lomY2CJn5An4WlMyvJWoi+qXahzq0/FddL5v7Aox8Kjlnq5Vw3UzGd
GV33M7G0xMoaUoN7hq2TIlFGsEi1dxcYPNysv8g1bm9YVFyU0JG571Bx7U2H2WDB
YupLbEo0/ZJhgx3mQno2VwG8X4FpAYhsp3lAKvKDo1jmUNEp4F2k/XedM4NcwM6b
/SKq2b2LPorwzIQ1gDHgVInvJsxfVLxcJ+OmYLkcX4lgBMHjgcGpriYdS3xH16MT
J0UvQ35t7Do/vSUqemkniiwbf2rCDg/C5XqMSUNQ6ltuabXFY5fP/BrrI/Vg1t3D
X54EeUwEaVUEMt1BWXK6
=2Rtn
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close