Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0691
linux-2.6 security update
15 May 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: Debian
Operating System: Debian GNU/Linux 6
Impact/Access: Root Compromise -- Existing Account
Increased Privileges -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2013-3235 CVE-2013-3234 CVE-2013-3231
CVE-2013-3229 CVE-2013-3228 CVE-2013-3225
CVE-2013-3224 CVE-2013-3223 CVE-2013-3222
CVE-2013-2634 CVE-2013-2015 CVE-2013-1929
CVE-2013-1928 CVE-2013-1860 CVE-2013-1826
CVE-2013-1798 CVE-2013-1796 CVE-2013-1792
CVE-2013-1774 CVE-2013-1773 CVE-2013-1767
CVE-2013-0914 CVE-2013-0349 CVE-2012-6549
CVE-2012-6548 CVE-2012-6546 CVE-2012-6545
CVE-2012-6544 CVE-2012-6542 CVE-2012-6540
CVE-2012-6539 CVE-2012-6537 CVE-2012-4508
CVE-2012-4461 CVE-2012-3552 CVE-2012-2121
Reference: ESB-2013.0645
ESB-2013.0573
ESB-2013.0572
ESB-2013.0539
ESB-2013.0512
ESB-2013.0333
ESB-2013.0306
ESB-2013.0243
ESB-2013.0160
Original Bulletin:
http://www.debian.org/security/2013/dsa-2668
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ----------------------------------------------------------------------
Debian Security Advisory DSA-2668-1 security@debian.org
http://www.debian.org/security/ Dann Frazier
May 14, 2013 http://www.debian.org/security/faq
- - ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-4508
CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542
CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6548
CVE-2012-6549 CVE-2013-0349 CVE-2013-0914 CVE-2013-1767
CVE-2013-1773 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796
CVE-2013-1798 CVE-2013-1826 CVE-2013-1860 CVE-2013-1928
CVE-2013-1929 CVE-2013-2015 CVE-2013-2634 CVE-2013-3222
CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3228
CVE-2013-3229 CVE-2013-3231 CVE-2013-3234 CVE-2013-3235
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service, information leak or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2012-2121
Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU
mapping of memory slots used in KVM device assignment. Local users with
the ability to assign devices could cause a denial of service due to a
memory page leak.
CVE-2012-3552
Hafid Lin reported an issue in the IP networking subsystem. A remote user
can cause a denial of service (system crash) on servers running
applications that set options on sockets which are actively being
processed.
CVE-2012-4461
Jon Howell reported a denial of service issue in the KVM subsystem.
On systems that do not support the XSAVE feature, local users with
access to the /dev/kvm interface can cause a system crash.
CVE-2012-4508
Dmitry Monakhov and Theodore Ts'o reported a race condition in the ext4
filesystem. Local users could gain access to sensitive kernel memory.
CVE-2012-6537
Mathias Krause discovered information leak issues in the Transformation
user configuration interface. Local users with the CAP_NET_ADMIN capability
can gain access to sensitive kernel memory.
CVE-2012-6539
Mathias Krause discovered an issue in the networking subsystem. Local
users on 64-bit systems can gain access to sensitive kernel memory.
CVE-2012-6540
Mathias Krause discovered an issue in the Linux virtual server subsystem.
Local users can gain access to sensitive kernel memory. Note: this issue
does not affect Debian provided kernels, but may affect custom kernels
built from Debian's linux-source-2.6.32 package.
CVE-2012-6542
Mathias Krause discovered an issue in the LLC protocol support code.
Local users can gain access to sensitive kernel memory.
CVE-2012-6544
Mathias Krause discovered issues in the Bluetooth subsystem.
Local users can gain access to sensitive kernel memory.
CVE-2012-6545
Mathias Krause discovered issues in the Bluetooth RFCOMM protocol
support. Local users can gain access to sensitive kernel memory.
CVE-2012-6546
Mathias Krause discovered issues in the ATM networking support. Local
users can gain access to sensitive kernel memory.
CVE-2012-6548
Mathias Krause discovered an issue in the UDF file system support.
Local users can obtain access to sensitive kernel memory.
CVE-2012-6549
Mathias Krause discovered an issue in the isofs file system support.
Local users can obtain access to sensitive kernel memory.
CVE-2013-0349
Anderson Lizardo discovered an issue in the Bluetooth Human Interface
Device Protocol (HIDP) stack. Local users can obtain access to sensitive
kernel memory.
CVE-2013-0914
Emese Revfy discovered an issue in the signal implementation. Local
users maybe able to bypass the address space layout randomization (ASLR)
facility due to a leaking of information to child processes.
CVE-2013-1767
Greg Thelen reported an issue in the tmpfs virtual memory filesystem.
Local users with sufficient privilege to mount filesystems can cause
a denial of service or possibly elevated privileges due to a use-after-
free defect.
CVE-2013-1773
Alan Stern provided a fix for a defect in the UTF8->UTF16 string conversion
facility used by the VFAT filesystem. A local user could cause a buffer
overflow condition, resulting in a denial of service or potentially
elevated privileges.
CVE-2013-1774
Wolfgang Frisch provided a fix for a NULL-pointer dereference defect
in the driver for some serial USB devices from Inside Out Networks.
Local users with permission to access these devices can create a denial
of service (kernel oops) by causing the device to be removed while it is
in use.
CVE-2013-1792
Mateusz Guzik of Red Hat EMEA GSS SEG Team discovered a race condition
in the access key retention support in the kernel. A local user could
cause a denial of service (NULL pointer dereference).
CVE-2013-1796
Andrew Honig of Google reported an issue in the KVM subsystem. A user in
a guest operating system could corrupt kernel memory, resulting in a
denial of service.
CVE-2013-1798
Andrew Honig of Google reported an issue in the KVM subsystem. A user in
a guest operating system could cause a denial of service due to a use-
after-free defect.
CVE-2013-1826
Mathias Krause discovered an issue in the Transformation (XFRM) user
configuration interface of the networking stack. A user with the
CAP_NET_ADMIN capability maybe able to gain elevated privileges.
CVE-2013-1860
Oliver Neukum discovered an issue in the USB CDC WCM Device Management
driver. Local users with the ability to attach devices can cause a
denial of service (kernel crash) or potentially gain elevated privileges.
CVE-2013-1928
Kees Cook provided a fix for an information leak in the
VIDEO_SET_SPU_PALETTE ioctl for 32-bit applications running on a 64-bit
kernel. Local users can gain access to sensitive kernel memory.
CVE-2013-1929
Oded Horovitz and Brad Spengler reported an issue in the device driver for
Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach
untrusted devices can create an overflow condition, resulting in a denial
of service or elevated privileges.
CVE-2013-2015
Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local
users with the ability to mount a specially crafted filesystem can cause
a denial of service (infinite loop).
CVE-2013-2634
Mathias Krause discovered a few issues in the Data Center Bridging (DCB)
netlink interface. Local users can gain access to sensitive kernel memory.
CVE-2013-3222
Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM)
protocol support. Local users can gain access to sensitive kernel memory.
CVE-2013-3223
Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol
support. Local users can gain access to sensitive kernel memory.
CVE-2013-3224
Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users
can gain access to sensitive kernel memory.
CVE-2013-3225
Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol
support. Local users can gain access to sensitive kernel memory.
CVE-2013-3228
Mathias Krauss discovered an issue in the IrDA (infrared) subsystem
support. Local users can gain access to sensitive kernel memory.
CVE-2013-3229
Mathias Krauss discovered an issue in the IUCV support on s390 systems.
Local users can gain access to sensitive kernel memory.
CVE-2013-3231
Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2
protocol support. Local users can gain access to sensitive kernel memory.
CVE-2013-3234
Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose)
protocol support. Local users can gain access to sensitive kernel memory.
CVE-2013-3235
Mathias Krauss discovered an issue in the Transparent Inter Process
Communication (TIPC) protocol support. Local users can gain access to
sensitive kernel memory.
For the oldstable distribution (squeeze), this problem has been fixed in
version 2.6.32-48squeeze3.
The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:
Debian 6.0 (squeeze)
user-mode-linux 2.6.32-1um-4+48squeeze3
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJRkox3AAoJEBv4PF5U/IZA8i8P/0HmqD/hYRYRdiYAs9eAnvKv
1zhrLJWN0xoRresucZhlm6nR/MLSjDJ4WZCvUPxJV9wnKRRaOq8satYK1dB4kn39
mEQr1WXMU9ojY4edMjRHsF0qcAVotJKsckmnecBd91KEd73SzeSg6zff7fQmAqWD
xa8pYdJtBt1A0V0w36Wp+nuqrcyrKD/xMT24oQnWf8uwaiPABI5Ujw0QqysO+48z
MhvP6PPpkkiVJ1zfGJMKPC9d2GwVqKHfQpyS0JCtrm9aeuN3oYg2bahEb+Rk905z
TCqi9ubLVlWvz4pNycR8kNE0uLhaP71KXcBkRN1Z9G6XTbYxsFuilGyp98ExcwxX
j4Psn9jwaCHDQLbNt+P4JiV9cH6FFnwGHgi248nkEbBBRTzyCAdOQDg5h8Otn39O
2UlvFQUNQzU/s0mtmuj5b+gqGS4BelQYmKitJYga0ZpePSJ+GPpK1bSSbKeidUp6
jjxLIcG66OqTUdE14REOQa+yru9j2SpaAdXE62bW+uw5AGeaN6lZk4/kZTFXiZYc
4sZPVY3A0H7IUo56i+r6KwRqOUCoPKT2MmUp+Qw+OW1so3LAvFjhjkITvcIUllgf
l4B6kau4NASZUBfXAd7ClWYLJqu8zGunIdJFI1UtVqy2iYxbCEdyQUotmsvf6Pxy
HE5aT4RfgwD6zOmV/Pcq
=q9q5
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUZMMve4yVqjM2NGpAQLnEQ//fq+SEyjBaSuCal71KHGnaUKl6YmOQJxW
5ufMv0VbBsxBpEKjR+Fsi2g7LM7NUNZ+L0u9O8VeVwbt+x0OlJyoQeODdFDTUcuy
aLoL+CtYUnI7FFw6ggLaYbz9wf6gEegDHfzCHRDJrX8e9b3c+MgXQXELVwcCnw/J
daB9Llp9MVPH0KeS2+3XjVzqY7TxyVTYQwvClQnYPFMzsPTH38Gt2jh/VoLiV3xX
gH4jf88pyduQVqDzzJBfhwPx7tZ9ylwp7ptoyuAdi0b1b4WOax5GTYPvwS0KyPhg
z8SletY+eRP2ZQAaJjbKXjl+soXf4jX4g9pbOKwqNv+IXOqzeOTJdiFYCvOzw/in
T0Ier+OPG2KiHyNEVgXLsDfFUFkiRN97R4noKfD/djCBOixyHjKr2Ditaqv5OsT2
qFJOHouZSlwQxRzUz4dolCjMtw9YHSAfeJospzxpmlFyrdjT6ArSd0uAx21J2GHW
rBu3kymiusdRq8pfILdonIm5HUEBfZkUPJJbPujErPC1qEREFapqgYQUQVkNK2e4
vr1lnLxhCmpGbT0F/fn3w1WDDYOXAjPv8eYwcc4B4GNk8sVBD6HS5YTxYLgD+CVq
lthWnUPDgLYrKarW8q/30oTTRen2fFgp1sApyM8ObCyjVbEVXtYVNmncpp/FNk6r
Go+wWcLKEWc=
=CiWY
-----END PGP SIGNATURE-----