Operating System:

[LINUX][Debian]

Published:

06 June 2014

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ESB-2014.0893 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.0893
                           linux security update
                                6 June 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
                   Linux variants
Impact/Access:     Root Compromise   -- Existing Account
                   Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-3153 CVE-2014-3145 CVE-2014-3144

Original Bulletin: 
   http://www.debian.org/security/2014/dsa-2949

Comment: This advisory references vulnerabilities in the Linux kernel that 
         also affect distributions other than Debian. It is recommended that
         administrators running Linux check for an updated version of the 
         kernel for their system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2949-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
June 05, 2014                          http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2014-3144 CVE-2014-3145 CVE-2014-3153

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation:

CVE-2014-3144 / CVE-2014-3145

    A local user can cause a denial of service (system crash) via
    crafted BPF instructions.

CVE-2014-3153

    Pinkie Pie discovered an issue in the futex subsystem that allows a
    local user to gain ring 0 control via the futex syscall. An
    unprivileged user could use this flaw to crash the kernel (resulting
    in denial of service) or for privilege escalation.

For the stable distribution (wheezy), these problems have been fixed in
version 3.2.57-3+deb7u2.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTkFu1AAoJEAVMuPMTQ89EkU8P/3XPmOVUppOUURzEK8T3SwrV
wGgGE8Ab51f/bDaI7bzUlQ7q8SkMoPhYbQFYLVcLuMnkKOo4Vgdb5hRHS3BdGnuh
UB/X3fzYFZ4NDy07V3LwvSCrTV3gZgB9Mf8HkmohDjeLkBgiTMgcW0K9AAJKqxKY
5vVkvhuufuDB3aX2rtTqoJmOv1kopQB0CI6ESQS2lyu0XeDDibXMAV6N4HIQkasu
5VCr/t6jRbjpBMyENeWzXsGKtllmnGwnwWzkvYg8cpFtZPOeyKtvUBz2a6WdT0u0
x7DLBTIvk7HudBwL9mhOYs9Av1rtnc1Ch9DupJL1XeOew+Bd6o4MXZxTlnJt70JZ
U4xb09K607bbMhfTrxkaYp8UMEo1VjeoY3Xi+Qx7qbgVq6BUGko8n93fgYH19/uc
q1l3ESDz0bNQneKDNgQJ3es7eVgs4Cxsx+X9R3PxTF5+eH3mtkmJRab7EIgyWYbe
Y7JrqX59bMkFRbAHE+9LGYVqbXpBv2Jp3cpeAB0Z/XjGEQY8bRkIYRPE1gz0t+Yn
axbkCyfLppAJ3TCnaDEQ658smuMh3donXLevPEN/dIVYzZtXRs32afRutiFysZJa
9azBg91Wi+vX+UDvAn334JnSaaD1OA0WRTq35tDulrZj3Zoo7y/NE6Fk1ibyL8zd
4FS2CjFBWKAMiALb3cTR
=EgOI
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU5Ek3xLndAQH1ShLAQLIWA/9HGoIBMobG5hk0+IR7ZlDuhP4Z5ZNSm3k
Dg5ouCXc1Ap/cInzv01NKFLgb8zAerldgewGi1jqozWZ7wfcXfr8ZqHaoKSdhn3i
46IE8GsJGF131yRXx0WIhG7hAXLNu6iVjk9XkBeWZyud65yQ3s5n8L9cORioNde0
QSdYOfiHx27xIIKxvL3kD6SNx6F9MgR4XUU1/W6Ltmm9MbiERjQXWB2IbOlC3sGR
H3z3ENlW+PfokfgA0X+OpS+ieMWZ6UrqdQUFH2GAy8s1HdiLOZ9j3bpBxCT8jvcs
yt5nculXpx5D69gNbIu3vOmWHZ8xDZlaKkG96IUsMa3dTVqBMOR75YbpIMqa1CY5
yIMx5t0MbzNmfEXVB05BsVum6clu9q9HE2xb4dswlRykhw5LoWn3E6nkcvP/2hCj
LPA5lfqxgP1oZvVB24F1vesdqDr4rYMgtXB5g9CWetCXu73U0nyr1CmDgyZ494CV
2KJ+44YtMuVH9y0mFDjcGSpjG2tZ4zKfYaNnozGMk46LO25Tdm8gGGXBFoLtDw3u
Z6BBzhjiMnnBceRE7U4Cudz2AZ2q7lEdhTnAm5JZZC7FuTtw0ncQkDRmwwYrKfuu
a4uqH0H7AIi4Y/h61DwR5E9kzvWvgR6QrUiVGivs0e5rZXUh90nHYkTFQKArREQk
PGjLRzXxUjQ=
=zQPN
-----END PGP SIGNATURE-----