7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
This security upload has been prepared in cooperation of the Debian Kernel,
Security and LTS Teams and features the upstream stable release 2.6.32.64 (see
<https://lkml.org/lkml/2014/11/23/181> for more information for that). It fixes
the CVEs described below.
Note: if you are using the openvz flavors, please consider three things: a.)
we haven’t got any feedback on them (while we have for all other flavors) b.)
so do your test before deploying them and c.) once you have done so, please
give feedback to [email protected].
If you are not using openvz flavors, please still consider b+c :-)
Fix the ALSA control implementation to prevent local users from causing a
denial of service attack and from obtaining sensitive information from kernel
memory.
Fix the parse_rock_ridge_inode_internal function to prevent local users from
causing a denial of service attack via a crafted iso9660 images.
For Debian 6 Squeeze, these issues have been fixed in linux-2.6 version 2.6.32-48squeeze9