[SECURITY] [DSA 2949-1] linux security update

ID DEBIAN:DSA-2949-1:5D47D
Type debian
Reporter Debian
Modified 2014-06-05T12:16:16


Debian Security Advisory DSA-2949-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso June 05, 2014 http://www.debian.org/security/faq

Package : linux CVE ID : CVE-2014-3144 CVE-2014-3145 CVE-2014-3153

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation:

CVE-2014-3144 / CVE-2014-3145

A local user can cause a denial of service (system crash) via
crafted BPF instructions.


Pinkie Pie discovered an issue in the futex subsystem that allows a
local user to gain ring 0 control via the futex syscall. An
unprivileged user could use this flaw to crash the kernel (resulting
in denial of service) or for privilege escalation.

For the stable distribution (wheezy), these problems have been fixed in version 3.2.57-3+deb7u2.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your linux packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org