Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-103-1:72B78
HistoryDec 09, 2014 - 1:05 a.m.

[SECURITY] [DLA 103-1] linux-2.6 security update

2014-12-0901:05:55
lists.debian.org
33

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Package : linux-2.6
Version : CVE-2014-90902.6.32-48squeeze9
CVE ID : CVE-2012-6657 CVE-2013-0228 CVE-2013-7266 CVE-2014-4157
CVE-2014-4508 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655
CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472

This security upload has been prepared in cooperation of the Debian Kernel,
Security and LTS Teams and features the upstream stable release 2.6.32.64 (see
https://lkml.org/lkml/2014/11/23/181 for more information for that). It fixes
the CVEs described below.

Note: if you are using the openvz flavors, please consider three things: a.)
we haven't got any feedback on them (while we have for all other flavors) b.)
so do your test before deploying them and c.) once you have done so, please
give feedback to [email protected].

If you are not using openvz flavors, please still consider b+c :-)

CVE-2012-6657

Fix the sock_setsockopt function to prevent local users from being able to
cause a denial of service (system crash) attack.

CVE-2013-0228

Fix a XEN priviledge escalation, which allowed guest OS users to gain guest OS
priviledges.

CVE-2013-7266

Fix the mISDN_sock_recvmsg function to prevent local users from obtaining
sensitive information from kernel memory.

CVE-2014-4157

MIPS platform: prevent local users from bypassing intended PR_SET_SECCOMP
restrictions.

CVE-2014-4508

Prevent local users from causing a denial of service (OOPS and system crash)
when syscall auditing is enabled .

CVE-2014-4653
CVE-2014-4654
CVE-2014-4655

Fix the ALSA control implementation to prevent local users from causing a
denial of service attack and from obtaining sensitive information from kernel
memory.

CVE-2014-4943

Fix PPPoL2TP feature to prevent local users to from gaining privileges.

CVE-2014-5077

Prevent remote attackers from causing a denial of service attack involving
SCTP.

CVE-2014-5471
CVE-2014-5472

Fix the parse_rock_ridge_inode_internal function to prevent local users from
causing a denial of service attack via a crafted iso9660 images.

CVE-2014-9090

Fix the do_double_fault function to prevent local users from causing a denial
of service (panic) attack.
Attachment:
signature.asc
Description: This is a digitally signed message part.

OSVersionArchitecturePackageVersionFilename
Debian7i386event-modules-3.2.0-4-486-di< 3.2.60-1event-modules-3.2.0-4-486-di_3.2.60-1_i386.deb
Debian7i386nic-extra-modules-3.2.0-4-486-di< 3.2.60-1nic-extra-modules-3.2.0-4-486-di_3.2.60-1_i386.deb
Debian7mipsfuse-modules-3.2.0-4-sb1-bcm91250a-di< 3.2.60-1fuse-modules-3.2.0-4-sb1-bcm91250a-di_3.2.60-1_mips.deb
Debian7alllinux-doc-3.2< 3.2.60-1linux-doc-3.2_3.2.60-1_all.deb
Debian6amd64linux-headers-2.6.32-5-all< 2.6.32-48squeeze9linux-headers-2.6.32-5-all_2.6.32-48squeeze9_amd64.deb
Debian7armelnbd-modules-3.2.0-4-versatile-di< 3.2.60-1nbd-modules-3.2.0-4-versatile-di_3.2.60-1_armel.deb
Debian7armhfnic-wireless-modules-3.2.0-4-mx5-di< 3.2.60-1nic-wireless-modules-3.2.0-4-mx5-di_3.2.60-1_armhf.deb
Debian7armeluinput-modules-3.2.0-4-kirkwood-di< 3.2.60-1uinput-modules-3.2.0-4-kirkwood-di_3.2.60-1_armel.deb
Debian6i386linux-libc-dev< 2.6.32-48squeeze9linux-libc-dev_2.6.32-48squeeze9_i386.deb
Debian7armhfnic-wireless-modules-3.2.0-4-vexpress-di< 3.2.60-1nic-wireless-modules-3.2.0-4-vexpress-di_3.2.60-1_armhf.deb
Rows per page:
1-10 of 10181

Related

osv 1
openvas 38
nessus 49
oraclelinux 10
securityvulns 5
redhat 7
ubuntu 12
fedora 2
suse 5
veracode 7
centos 4
f5 4
ubuntucve 12
cve 12
prion 12
debiancve 12
mageia 1
canvas 1
exploitdb 1
exploitpack 1
zdt 1
seebug 1
xen 1
osv
osv
linux-2.6 - security update
2014-12-09 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-103-1)
2023-03-08 00:00:00
Oracle: Security Advisory (ELSA-2014-3108)
2015-10-06 00:00:00
Oracle: Security Advisory (ELSA-2014-3083)
2015-10-06 00:00:00
nessus
nessus
Debian DLA-103-1 : linux-2.6 security update
2015-03-26 00:00:00
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3108)
2014-12-22 00:00:00
RHEL 6 : MRG (RHSA-2014:1083)
2014-08-21 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2014-12-19 00:00:00
Unbreakable Enterprise kernel security update
2014-10-17 00:00:00
Unbreakable Enterprise kernel Security update
2014-10-17 00:00:00
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2014-09-29 00:00:00
[USN-2359-1] Linux kernel vulnerabilities
2014-09-29 00:00:00
[USN-2332-1] Linux kernel vulnerabilities
2014-09-03 00:00:00
redhat
redhat
(RHSA-2014:1083) Important: kernel-rt security and bug fix update
2014-08-20 00:00:00
(RHSA-2014:1997) Important: kernel security and bug fix update
2014-12-16 00:00:00
(RHSA-2015:0803) Important: kernel security and bug fix update
2015-04-14 00:00:00
ubuntu
ubuntu
Linux kernel (Trusty HWE) vulnerabilities
2014-09-23 00:00:00
Linux kernel vulnerabilities
2014-09-02 00:00:00
Linux kernel vulnerabilities
2014-09-23 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: kernel-3.16.2-300.fc21
2014-09-23 04:59:50
[SECURITY] Fedora 21 Update: kernel-3.17.4-302.fc21
2014-12-12 04:06:43
suse
suse
Security update for Linux kernel (important)
2014-10-22 21:04:47
Security update for Linux kernel (important)
2014-10-23 01:08:35
Security update for the Linux Kernel (important)
2014-09-16 19:04:20
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:12:40
Denial Of Service (DoS)
2019-05-02 05:12:39
Denial Of Service (DoS)
2019-05-02 05:12:40
centos
centos
kernel, perf, python security update
2014-12-17 12:13:22
kernel, perf, python security update
2014-10-20 18:09:23
kernel, perf, python security update
2014-10-29 02:12:28
f5
f5
SOL16011 - Linux kernel vulnerability CVE-2012-6657
2015-01-21 00:00:00
K16011 : Linux kernel vulnerability CVE-2012-6657
2015-01-22 00:00:00
SOL15482 - Linux kernel vulnerability CVE-2014-4943
2014-08-05 00:00:00
ubuntucve
ubuntucve
CVE-2012-6657
2014-09-28 00:00:00
CVE-2013-7266
2014-01-06 00:00:00
CVE-2014-4654
2014-07-03 00:00:00
cve
cve
CVE-2013-7266
2014-01-06 16:55:00
CVE-2012-6657
2014-09-28 10:55:00
CVE-2014-4653
2014-07-03 04:22:00
prion
prion
Code injection
2014-09-28 10:55:00
Design/Logic Flaw
2014-07-03 04:22:00
Information disclosure
2014-01-06 16:55:00
debiancve
debiancve
CVE-2012-6657
2014-09-28 10:55:00
CVE-2013-7266
2014-01-06 16:55:00
CVE-2014-4654
2014-07-03 04:22:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2014-08-06 01:36:30
canvas
canvas
Immunity Canvas: LINUX_PPPOL2TP
2014-07-19 19:55:00
exploitdb
exploitdb
Linux x86 - Socket Re-use Shellcode 50 bytes
2014-07-14 00:00:00
exploitpack
exploitpack
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)
2015-03-04 00:00:00
zdt
zdt
Linux Kernel PPP-over-L2TP Socket Level Handling - Crash PoC
2015-03-05 00:00:00
seebug
seebug
Linux Kernel 本地权限提升漏洞(CVE-2013-0228)
2013-03-10 00:00:00
xen
xen
Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.
2013-02-12 12:00:00

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON
Related for DEBIAN:DLA-103-1:72B78
osv1openvas38nessus49oraclelinux10securityvulns5redhat7ubuntu12fedora2suse5veracode7centos4f54ubuntucve12cve12prion12debiancve12mageia1canvas1exploitdb1exploitpack1zdt1seebug1xen1