Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0893 linux security update 6 June 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: linux Publisher: Debian Operating System: Debian GNU/Linux 7 Linux variants Impact/Access: Root Compromise -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2014-3153 CVE-2014-3145 CVE-2014-3144 Original Bulletin: http://www.debian.org/security/2014/dsa-2949 Comment: This advisory references vulnerabilities in the Linux kernel that also affect distributions other than Debian. It is recommended that administrators running Linux check for an updated version of the kernel for their system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2949-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso June 05, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2014-3144 CVE-2014-3145 CVE-2014-3153 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation: CVE-2014-3144 / CVE-2014-3145 A local user can cause a denial of service (system crash) via crafted BPF instructions. CVE-2014-3153 Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation. For the stable distribution (wheezy), these problems have been fixed in version 3.2.57-3+deb7u2. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your linux packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTkFu1AAoJEAVMuPMTQ89EkU8P/3XPmOVUppOUURzEK8T3SwrV wGgGE8Ab51f/bDaI7bzUlQ7q8SkMoPhYbQFYLVcLuMnkKOo4Vgdb5hRHS3BdGnuh UB/X3fzYFZ4NDy07V3LwvSCrTV3gZgB9Mf8HkmohDjeLkBgiTMgcW0K9AAJKqxKY 5vVkvhuufuDB3aX2rtTqoJmOv1kopQB0CI6ESQS2lyu0XeDDibXMAV6N4HIQkasu 5VCr/t6jRbjpBMyENeWzXsGKtllmnGwnwWzkvYg8cpFtZPOeyKtvUBz2a6WdT0u0 x7DLBTIvk7HudBwL9mhOYs9Av1rtnc1Ch9DupJL1XeOew+Bd6o4MXZxTlnJt70JZ U4xb09K607bbMhfTrxkaYp8UMEo1VjeoY3Xi+Qx7qbgVq6BUGko8n93fgYH19/uc q1l3ESDz0bNQneKDNgQJ3es7eVgs4Cxsx+X9R3PxTF5+eH3mtkmJRab7EIgyWYbe Y7JrqX59bMkFRbAHE+9LGYVqbXpBv2Jp3cpeAB0Z/XjGEQY8bRkIYRPE1gz0t+Yn axbkCyfLppAJ3TCnaDEQ658smuMh3donXLevPEN/dIVYzZtXRs32afRutiFysZJa 9azBg91Wi+vX+UDvAn334JnSaaD1OA0WRTq35tDulrZj3Zoo7y/NE6Fk1ibyL8zd 4FS2CjFBWKAMiALb3cTR =EgOI - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU5Ek3xLndAQH1ShLAQLIWA/9HGoIBMobG5hk0+IR7ZlDuhP4Z5ZNSm3k Dg5ouCXc1Ap/cInzv01NKFLgb8zAerldgewGi1jqozWZ7wfcXfr8ZqHaoKSdhn3i 46IE8GsJGF131yRXx0WIhG7hAXLNu6iVjk9XkBeWZyud65yQ3s5n8L9cORioNde0 QSdYOfiHx27xIIKxvL3kD6SNx6F9MgR4XUU1/W6Ltmm9MbiERjQXWB2IbOlC3sGR H3z3ENlW+PfokfgA0X+OpS+ieMWZ6UrqdQUFH2GAy8s1HdiLOZ9j3bpBxCT8jvcs yt5nculXpx5D69gNbIu3vOmWHZ8xDZlaKkG96IUsMa3dTVqBMOR75YbpIMqa1CY5 yIMx5t0MbzNmfEXVB05BsVum6clu9q9HE2xb4dswlRykhw5LoWn3E6nkcvP/2hCj LPA5lfqxgP1oZvVB24F1vesdqDr4rYMgtXB5g9CWetCXu73U0nyr1CmDgyZ494CV 2KJ+44YtMuVH9y0mFDjcGSpjG2tZ4zKfYaNnozGMk46LO25Tdm8gGGXBFoLtDw3u Z6BBzhjiMnnBceRE7U4Cudz2AZ2q7lEdhTnAm5JZZC7FuTtw0ncQkDRmwwYrKfuu a4uqH0H7AIi4Y/h61DwR5E9kzvWvgR6QrUiVGivs0e5rZXUh90nHYkTFQKArREQk PGjLRzXxUjQ= =zQPN -----END PGP SIGNATURE-----