Re: [SECURITY] [DSA 2668-1] linux-2.6 security update
Saw this earlier, apparently there is a serious issue that affects all of the
kernels up to 3.8
Will do a security thing tomorrow, if I get a chance, but it has been a while
since we've had a look at it, my fault.
Will update once I've reviewed.
On Tue, May 14, 2013 at 01:14:29PM -0600, dann frazier wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ----------------------------------------------------------------------
> Debian Security Advisory DSA-2668-1 security@debian.org
> http://www.debian.org/security/ Dann Frazier
> May 14, 2013 http://www.debian.org/security/faq
> - ----------------------------------------------------------------------
>
> Package : linux-2.6
> Vulnerability : privilege escalation/denial of service/information leak
> Problem type : local/remote
> Debian-specific: no
> CVE Id(s) : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-4508
> CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542
> CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6548
> CVE-2012-6549 CVE-2013-0349 CVE-2013-0914 CVE-2013-1767
> CVE-2013-1773 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796
> CVE-2013-1798 CVE-2013-1826 CVE-2013-1860 CVE-2013-1928
> CVE-2013-1929 CVE-2013-2015 CVE-2013-2634 CVE-2013-3222
> CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3228
> CVE-2013-3229 CVE-2013-3231 CVE-2013-3234 CVE-2013-3235
>
> Several vulnerabilities have been discovered in the Linux kernel that may lead
> to a denial of service, information leak or privilege escalation. The Common
> Vulnerabilities and Exposures project identifies the following problems:
>
> CVE-2012-2121
>
> Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU
> mapping of memory slots used in KVM device assignment. Local users with
> the ability to assign devices could cause a denial of service due to a
> memory page leak.
>
> CVE-2012-3552
>
> Hafid Lin reported an issue in the IP networking subsystem. A remote user
> can cause a denial of service (system crash) on servers running
> applications that set options on sockets which are actively being
> processed.
>
> CVE-2012-4461
>
> Jon Howell reported a denial of service issue in the KVM subsystem.
> On systems that do not support the XSAVE feature, local users with
> access to the /dev/kvm interface can cause a system crash.
>
> CVE-2012-4508
>
> Dmitry Monakhov and Theodore Ts'o reported a race condition in the ext4
> filesystem. Local users could gain access to sensitive kernel memory.
>
> CVE-2012-6537
>
> Mathias Krause discovered information leak issues in the Transformation
> user configuration interface. Local users with the CAP_NET_ADMIN capability
> can gain access to sensitive kernel memory.
>
> CVE-2012-6539
>
> Mathias Krause discovered an issue in the networking subsystem. Local
> users on 64-bit systems can gain access to sensitive kernel memory.
>
> CVE-2012-6540
>
> Mathias Krause discovered an issue in the Linux virtual server subsystem.
> Local users can gain access to sensitive kernel memory. Note: this issue
> does not affect Debian provided kernels, but may affect custom kernels
> built from Debian's linux-source-2.6.32 package.
>
> CVE-2012-6542
>
> Mathias Krause discovered an issue in the LLC protocol support code.
> Local users can gain access to sensitive kernel memory.
>
> CVE-2012-6544
>
> Mathias Krause discovered issues in the Bluetooth subsystem.
> Local users can gain access to sensitive kernel memory.
>
> CVE-2012-6545
>
> Mathias Krause discovered issues in the Bluetooth RFCOMM protocol
> support. Local users can gain access to sensitive kernel memory.
>
> CVE-2012-6546
>
> Mathias Krause discovered issues in the ATM networking support. Local
> users can gain access to sensitive kernel memory.
>
> CVE-2012-6548
>
> Mathias Krause discovered an issue in the UDF file system support.
> Local users can obtain access to sensitive kernel memory.
>
> CVE-2012-6549
>
> Mathias Krause discovered an issue in the isofs file system support.
> Local users can obtain access to sensitive kernel memory.
>
> CVE-2013-0349
>
> Anderson Lizardo discovered an issue in the Bluetooth Human Interface
> Device Protocol (HIDP) stack. Local users can obtain access to sensitive
> kernel memory.
>
> CVE-2013-0914
>
> Emese Revfy discovered an issue in the signal implementation. Local
> users maybe able to bypass the address space layout randomization (ASLR)
> facility due to a leaking of information to child processes.
>
> CVE-2013-1767
>
> Greg Thelen reported an issue in the tmpfs virtual memory filesystem.
> Local users with sufficient privilege to mount filesystems can cause
> a denial of service or possibly elevated privileges due to a use-after-
> free defect.
>
> CVE-2013-1773
>
> Alan Stern provided a fix for a defect in the UTF8->UTF16 string conversion
> facility used by the VFAT filesystem. A local user could cause a buffer
> overflow condition, resulting in a denial of service or potentially
> elevated privileges.
>
> CVE-2013-1774
>
> Wolfgang Frisch provided a fix for a NULL-pointer dereference defect
> in the driver for some serial USB devices from Inside Out Networks.
> Local users with permission to access these devices can create a denial
> of service (kernel oops) by causing the device to be removed while it is
> in use.
>
> CVE-2013-1792
>
> Mateusz Guzik of Red Hat EMEA GSS SEG Team discovered a race condition
> in the access key retention support in the kernel. A local user could
> cause a denial of service (NULL pointer dereference).
>
> CVE-2013-1796
>
> Andrew Honig of Google reported an issue in the KVM subsystem. A user in
> a guest operating system could corrupt kernel memory, resulting in a
> denial of service.
>
> CVE-2013-1798
>
> Andrew Honig of Google reported an issue in the KVM subsystem. A user in
> a guest operating system could cause a denial of service due to a use-
> after-free defect.
>
> CVE-2013-1826
>
> Mathias Krause discovered an issue in the Transformation (XFRM) user
> configuration interface of the networking stack. A user with the
> CAP_NET_ADMIN capability maybe able to gain elevated privileges.
>
> CVE-2013-1860
>
> Oliver Neukum discovered an issue in the USB CDC WCM Device Management
> driver. Local users with the ability to attach devices can cause a
> denial of service (kernel crash) or potentially gain elevated privileges.
>
> CVE-2013-1928
>
> Kees Cook provided a fix for an information leak in the
> VIDEO_SET_SPU_PALETTE ioctl for 32-bit applications running on a 64-bit
> kernel. Local users can gain access to sensitive kernel memory.
>
> CVE-2013-1929
>
> Oded Horovitz and Brad Spengler reported an issue in the device driver for
> Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach
> untrusted devices can create an overflow condition, resulting in a denial
> of service or elevated privileges.
>
> CVE-2013-2015
>
> Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local
> users with the ability to mount a specially crafted filesystem can cause
> a denial of service (infinite loop).
>
> CVE-2013-2634
>
> Mathias Krause discovered a few issues in the Data Center Bridging (DCB)
> netlink interface. Local users can gain access to sensitive kernel memory.
>
> CVE-2013-3222
>
> Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM)
> protocol support. Local users can gain access to sensitive kernel memory.
>
> CVE-2013-3223
>
> Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol
> support. Local users can gain access to sensitive kernel memory.
>
> CVE-2013-3224
>
> Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users
> can gain access to sensitive kernel memory.
>
> CVE-2013-3225
>
> Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol
> support. Local users can gain access to sensitive kernel memory.
>
> CVE-2013-3228
>
> Mathias Krauss discovered an issue in the IrDA (infrared) subsystem
> support. Local users can gain access to sensitive kernel memory.
>
> CVE-2013-3229
>
> Mathias Krauss discovered an issue in the IUCV support on s390 systems.
> Local users can gain access to sensitive kernel memory.
>
> CVE-2013-3231
>
> Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2
> protocol support. Local users can gain access to sensitive kernel memory.
>
> CVE-2013-3234
>
> Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose)
> protocol support. Local users can gain access to sensitive kernel memory.
>
> CVE-2013-3235
>
> Mathias Krauss discovered an issue in the Transparent Inter Process
> Communication (TIPC) protocol support. Local users can gain access to
> sensitive kernel memory.
>
> For the oldstable distribution (squeeze), this problem has been fixed in
> version 2.6.32-48squeeze3.
>
> The following matrix lists additional source packages that were rebuilt for
> compatibility with or to take advantage of this update:
>
> Debian 6.0 (squeeze)
> user-mode-linux 2.6.32-1um-4+48squeeze3
>
> We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
>
> Note: Debian carefully tracks all known security issues across every
> linux kernel package in all releases under active security support.
> However, given the high frequency at which low-severity security
> issues are discovered in the kernel and the resource requirements of
> doing an update, updates for lower priority issues will normally not
> be released for all kernels at the same time. Rather, they will be
> released in a staggered or "leap-frog" fashion.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iQIcBAEBAgAGBQJRkox3AAoJEBv4PF5U/IZA8i8P/0HmqD/hYRYRdiYAs9eAnvKv
> 1zhrLJWN0xoRresucZhlm6nR/MLSjDJ4WZCvUPxJV9wnKRRaOq8satYK1dB4kn39
> mEQr1WXMU9ojY4edMjRHsF0qcAVotJKsckmnecBd91KEd73SzeSg6zff7fQmAqWD
> xa8pYdJtBt1A0V0w36Wp+nuqrcyrKD/xMT24oQnWf8uwaiPABI5Ujw0QqysO+48z
> MhvP6PPpkkiVJ1zfGJMKPC9d2GwVqKHfQpyS0JCtrm9aeuN3oYg2bahEb+Rk905z
> TCqi9ubLVlWvz4pNycR8kNE0uLhaP71KXcBkRN1Z9G6XTbYxsFuilGyp98ExcwxX
> j4Psn9jwaCHDQLbNt+P4JiV9cH6FFnwGHgi248nkEbBBRTzyCAdOQDg5h8Otn39O
> 2UlvFQUNQzU/s0mtmuj5b+gqGS4BelQYmKitJYga0ZpePSJ+GPpK1bSSbKeidUp6
> jjxLIcG66OqTUdE14REOQa+yru9j2SpaAdXE62bW+uw5AGeaN6lZk4/kZTFXiZYc
> 4sZPVY3A0H7IUo56i+r6KwRqOUCoPKT2MmUp+Qw+OW1so3LAvFjhjkITvcIUllgf
> l4B6kau4NASZUBfXAd7ClWYLJqu8zGunIdJFI1UtVqy2iYxbCEdyQUotmsvf6Pxy
> HE5aT4RfgwD6zOmV/Pcq
> =q9q5
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20130514191429.GA22977@dannf.org
>
--
Jon Marshall
Workshop IT: www.workshopit.co.uk
e:jon@workshopit.co.uk t:020 7183 0498
Reply to: