Debian Security Advisory DSA 2632-1 (linux-2.6 - privilege escalation/denial of service)

Information

Severity

Severity

Medium

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

6.9

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

9 years ago

Modified

Modified

6 months ago

Summary

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0231 Jan Beulich provided a fix for an issue in the Xen PCI backend drivers. Users of guests on a system using passed-through PCI devices can create a denial of service of the host system due to the use of non-ratelimited kernel log messages. CVE-2013-0871 Suleiman Souhlal and Salman Qazi of Google, with help from Aaron Durbin and Michael Davidson of Google, discovered an issue in the ptrace subsystem. Due to a race condition with PTRACE_SETREGS, local users can cause kernel stack corruption and execution of arbitrary code.

Affected Software

Affected Software

linux-2.6 on Debian Linux

Detection Method

Detection Method

This check tests the installed software version using the apt package manager.

Solution

Solution

For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-48squeeze1. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: ?Debian 6.0 (squeeze)user-mode-linux2.6.32-1um-4+48squeeze1 We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

Common Vulnerabilities and Exposures (CVE)

Free Vulnerability Scanner

Mageni can help you to scan, assess and manage your vulnerabilities.

Processing. Please wait...

We care about the protection of your data. Read our Privacy Policy.