-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2668-1 security@debian.org http://www.debian.org/security/ Dann Frazier May 14, 2013 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-4508 CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542 CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6548 CVE-2012-6549 CVE-2013-0349 CVE-2013-0914 CVE-2013-1767 CVE-2013-1773 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796 CVE-2013-1798 CVE-2013-1826 CVE-2013-1860 CVE-2013-1928 CVE-2013-1929 CVE-2013-2015 CVE-2013-2634 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234 CVE-2013-3235 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2121 Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU mapping of memory slots used in KVM device assignment. Local users with the ability to assign devices could cause a denial of service due to a memory page leak. CVE-2012-3552 Hafid Lin reported an issue in the IP networking subsystem. A remote user can cause a denial of service (system crash) on servers running applications that set options on sockets which are actively being processed. CVE-2012-4461 Jon Howell reported a denial of service issue in the KVM subsystem. On systems that do not support the XSAVE feature, local users with access to the /dev/kvm interface can cause a system crash. CVE-2012-4508 Dmitry Monakhov and Theodore Ts'o reported a race condition in the ext4 filesystem. Local users could gain access to sensitive kernel memory. CVE-2012-6537 Mathias Krause discovered information leak issues in the Transformation user configuration interface. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2012-6539 Mathias Krause discovered an issue in the networking subsystem. Local users on 64-bit systems can gain access to sensitive kernel memory. CVE-2012-6540 Mathias Krause discovered an issue in the Linux virtual server subsystem. Local users can gain access to sensitive kernel memory. Note: this issue does not affect Debian provided kernels, but may affect custom kernels built from Debian's linux-source-2.6.32 package. CVE-2012-6542 Mathias Krause discovered an issue in the LLC protocol support code. Local users can gain access to sensitive kernel memory. CVE-2012-6544 Mathias Krause discovered issues in the Bluetooth subsystem. Local users can gain access to sensitive kernel memory. CVE-2012-6545 Mathias Krause discovered issues in the Bluetooth RFCOMM protocol support. Local users can gain access to sensitive kernel memory. CVE-2012-6546 Mathias Krause discovered issues in the ATM networking support. Local users can gain access to sensitive kernel memory. CVE-2012-6548 Mathias Krause discovered an issue in the UDF file system support. Local users can obtain access to sensitive kernel memory. CVE-2012-6549 Mathias Krause discovered an issue in the isofs file system support. Local users can obtain access to sensitive kernel memory. CVE-2013-0349 Anderson Lizardo discovered an issue in the Bluetooth Human Interface Device Protocol (HIDP) stack. Local users can obtain access to sensitive kernel memory. CVE-2013-0914 Emese Revfy discovered an issue in the signal implementation. Local users maybe able to bypass the address space layout randomization (ASLR) facility due to a leaking of information to child processes. CVE-2013-1767 Greg Thelen reported an issue in the tmpfs virtual memory filesystem. Local users with sufficient privilege to mount filesystems can cause a denial of service or possibly elevated privileges due to a use-after- free defect. CVE-2013-1773 Alan Stern provided a fix for a defect in the UTF8->UTF16 string conversion facility used by the VFAT filesystem. A local user could cause a buffer overflow condition, resulting in a denial of service or potentially elevated privileges. CVE-2013-1774 Wolfgang Frisch provided a fix for a NULL-pointer dereference defect in the driver for some serial USB devices from Inside Out Networks. Local users with permission to access these devices can create a denial of service (kernel oops) by causing the device to be removed while it is in use. CVE-2013-1792 Mateusz Guzik of Red Hat EMEA GSS SEG Team discovered a race condition in the access key retention support in the kernel. A local user could cause a denial of service (NULL pointer dereference). CVE-2013-1796 Andrew Honig of Google reported an issue in the KVM subsystem. A user in a guest operating system could corrupt kernel memory, resulting in a denial of service. CVE-2013-1798 Andrew Honig of Google reported an issue in the KVM subsystem. A user in a guest operating system could cause a denial of service due to a use- after-free defect. CVE-2013-1826 Mathias Krause discovered an issue in the Transformation (XFRM) user configuration interface of the networking stack. A user with the CAP_NET_ADMIN capability maybe able to gain elevated privileges. CVE-2013-1860 Oliver Neukum discovered an issue in the USB CDC WCM Device Management driver. Local users with the ability to attach devices can cause a denial of service (kernel crash) or potentially gain elevated privileges. CVE-2013-1928 Kees Cook provided a fix for an information leak in the VIDEO_SET_SPU_PALETTE ioctl for 32-bit applications running on a 64-bit kernel. Local users can gain access to sensitive kernel memory. CVE-2013-1929 Oded Horovitz and Brad Spengler reported an issue in the device driver for Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach untrusted devices can create an overflow condition, resulting in a denial of service or elevated privileges. CVE-2013-2015 Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local users with the ability to mount a specially crafted filesystem can cause a denial of service (infinite loop). CVE-2013-2634 Mathias Krause discovered a few issues in the Data Center Bridging (DCB) netlink interface. Local users can gain access to sensitive kernel memory. CVE-2013-3222 Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM) protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3223 Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3224 Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users can gain access to sensitive kernel memory. CVE-2013-3225 Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3228 Mathias Krauss discovered an issue in the IrDA (infrared) subsystem support. Local users can gain access to sensitive kernel memory. CVE-2013-3229 Mathias Krauss discovered an issue in the IUCV support on s390 systems. Local users can gain access to sensitive kernel memory. CVE-2013-3231 Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2 protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3234 Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose) protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3235 Mathias Krauss discovered an issue in the Transparent Inter Process Communication (TIPC) protocol support. Local users can gain access to sensitive kernel memory. For the oldstable distribution (squeeze), this problem has been fixed in version 2.6.32-48squeeze3. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+48squeeze3 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJRkox3AAoJEBv4PF5U/IZA8i8P/0HmqD/hYRYRdiYAs9eAnvKv 1zhrLJWN0xoRresucZhlm6nR/MLSjDJ4WZCvUPxJV9wnKRRaOq8satYK1dB4kn39 mEQr1WXMU9ojY4edMjRHsF0qcAVotJKsckmnecBd91KEd73SzeSg6zff7fQmAqWD xa8pYdJtBt1A0V0w36Wp+nuqrcyrKD/xMT24oQnWf8uwaiPABI5Ujw0QqysO+48z MhvP6PPpkkiVJ1zfGJMKPC9d2GwVqKHfQpyS0JCtrm9aeuN3oYg2bahEb+Rk905z TCqi9ubLVlWvz4pNycR8kNE0uLhaP71KXcBkRN1Z9G6XTbYxsFuilGyp98ExcwxX j4Psn9jwaCHDQLbNt+P4JiV9cH6FFnwGHgi248nkEbBBRTzyCAdOQDg5h8Otn39O 2UlvFQUNQzU/s0mtmuj5b+gqGS4BelQYmKitJYga0ZpePSJ+GPpK1bSSbKeidUp6 jjxLIcG66OqTUdE14REOQa+yru9j2SpaAdXE62bW+uw5AGeaN6lZk4/kZTFXiZYc 4sZPVY3A0H7IUo56i+r6KwRqOUCoPKT2MmUp+Qw+OW1so3LAvFjhjkITvcIUllgf l4B6kau4NASZUBfXAd7ClWYLJqu8zGunIdJFI1UtVqy2iYxbCEdyQUotmsvf6Pxy HE5aT4RfgwD6zOmV/Pcq =q9q5 -----END PGP SIGNATURE-----