[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

linux-2.6 update

Package        : linux-2.6
Version        : 2.6.32-48squeeze8
CVE ID         : CVE-2013-4387 CVE-2013-4470 CVE-2014-0203 CVE-2014-2678
                 CVE-2014-3122 CVE-2014-3144 CVE-2014-3917 CVE-2014-4652
                 CVE-2014-4699 CVE-2015-3145 CVE-2014-4656 CVE-2014-4667

This update fixes several remote and local denial of service attacks and other 

CVE-2013-4387: ipv6: udp packets following an UFO enqueued packet need
also be handled by UFO to prevent remote attackers to cause a denial of 
(memory corruption and system crash) or possibly have unspecified other impact
via network traffic that triggers a large response packet.

CVE-2013-4470: inet: fix possible memory corruption with UDP_CORK and UFO to
prevent local users to cause a denial of service (memory corruption and system
crash) or possibly gain privileges via a crafted application.

CVE-2014-0203: fix autofs/afs/etc. magic mountpoint breakage, preventing 
of service attacks by local users.

CVE-2014-2678: rds: prevent dereference of a NULL device in rds_iw_laddr_check
to prevent local denial of service attacks (system crash or possibly have 
unspecified other impact).

CVE-2014-3122 : Incorrect locking of memory can result in local denial of

CVE-2014-3144 / CVE-2014-3145: A local user can cause a denial of service
(system crash) via crafted BPF instructions.

CVE-2014-3917: auditsc: audit_krule mask accesses need bounds checking to
prevent a local denial of service attack (OOPS) or possibly leaking sensitive 
values from kernel memory.

CVE-2014-4652: ALSA: control: Protect user controls against concurrent access,
resulting in a race condition, possibly allowing local users access to 
information from kernel memory.

CVE-2014-4656: ALSA: control: Make sure that id->index does not overflow, to
prevent a denial of service of the sound system by local users.

CVE-2014-4667: sctp: Fix sk_ack_backlog wrap-around problem, preventing denial
of service (socket outage) via a crafted SCTP packet by remote attackers.

CVE-2014-4699: Andy Lutomirski discovered that the ptrace syscall was not
verifying the RIP register to be valid in the ptrace API on x86_64 processors.
An unprivileged user could use this flaw to crash the kernel (resulting in
denial of service) or for privilege escalation.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: