linux-2.6 - several

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service, information leak or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:

• CVE-2012-2121
  Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU
  mapping of memory slots used in KVM device assignment. Local users with
  the ability to assign devices could cause a denial of service due to a
  memory page leak.
• CVE-2012-3552
  Hafid Lin reported an issue in the IP networking subsystem. A remote user
  can cause a denial of service (system crash) on servers running
  applications that set options on sockets which are actively being
  processed.
• CVE-2012-4461
  Jon Howell reported a denial of service issue in the KVM subsystem.
  On systems that do not support the XSAVE feature, local users with
  access to the /dev/kvm interface can cause a system crash.
• CVE-2012-4508
  Dmitry Monakhov and Theodore Ts’o reported a race condition in the ext4
  filesystem. Local users could gain access to sensitive kernel memory.
• CVE-2012-6537
  Mathias Krause discovered information leak issues in the Transformation
  user configuration interface. Local users with the CAP_NET_ADMIN capability
  can gain access to sensitive kernel memory.
• CVE-2012-6539
  Mathias Krause discovered an issue in the networking subsystem. Local
  users on 64-bit systems can gain access to sensitive kernel memory.
• CVE-2012-6540
  Mathias Krause discovered an issue in the Linux virtual server subsystem.
  Local users can gain access to sensitive kernel memory. Note: this issue
  does not affect Debian provided kernels, but may affect custom kernels
  built from Debian’s linux-source-2.6.32 package.
• CVE-2012-6542
  Mathias Krause discovered an issue in the LLC protocol support code.
  Local users can gain access to sensitive kernel memory.
• CVE-2012-6544
  Mathias Krause discovered issues in the Bluetooth subsystem.
  Local users can gain access to sensitive kernel memory.
• CVE-2012-6545
  Mathias Krause discovered issues in the Bluetooth RFCOMM protocol
  support. Local users can gain access to sensitive kernel memory.
• CVE-2012-6546
  Mathias Krause discovered issues in the ATM networking support. Local
  users can gain access to sensitive kernel memory.
• CVE-2012-6548
  Mathias Krause discovered an issue in the UDF file system support.
  Local users can obtain access to sensitive kernel memory.
• CVE-2012-6549
  Mathias Krause discovered an issue in the isofs file system support.
  Local users can obtain access to sensitive kernel memory.
• CVE-2013-0349
  Anderson Lizardo discovered an issue in the Bluetooth Human Interface
  Device Protocol (HIDP) stack. Local users can obtain access to sensitive
  kernel memory.
• CVE-2013-0914
  Emese Revfy discovered an issue in the signal implementation. Local
  users may be able to bypass the address space layout randomization (ASLR)
  facility due to a leaking of information to child processes.
• CVE-2013-1767
  Greg Thelen reported an issue in the tmpfs virtual memory filesystem.
  Local users with sufficient privilege to mount filesystems can cause
  a denial of service or possibly elevated privileges due to a use-after free defect.
• CVE-2013-1773
  Alan Stern provided a fix for a defect in the UTF8->UTF16 string conversion
  facility used by the VFAT filesystem. A local user could cause a buffer
  overflow condition, resulting in a denial of service or potentially
  elevated privileges.
• CVE-2013-1774
  Wolfgang Frisch provided a fix for a NULL-pointer dereference defect
  in the driver for some serial USB devices from Inside Out Networks.
  Local users with permission to access these devices can create a denial
  of service (kernel oops) by causing the device to be removed while it is
  in use.
• CVE-2013-1792
  Mateusz Guzik of Red Hat EMEA GSS SEG Team discovered a race condition
  in the access key retention support in the kernel. A local user could
  cause a denial of service (NULL pointer dereference).
• CVE-2013-1796
  Andrew Honig of Google reported an issue in the KVM subsystem. A user in
  a guest operating system could corrupt kernel memory, resulting in a
  denial of service.
• CVE-2013-1798
  Andrew Honig of Google reported an issue in the KVM subsystem. A user in
  a guest operating system could cause a denial of service due to a use after-free defect.
• CVE-2013-1826
  Mathias Krause discovered an issue in the Transformation (XFRM) user
  configuration interface of the networking stack. A user with the
  CAP_NET_ADMIN capability may be able to gain elevated privileges.
• CVE-2013-1860
  Oliver Neukum discovered an issue in the USB CDC WCM Device Management
  driver. Local users with the ability to attach devices can cause a
  denial of service (kernel crash) or potentially gain elevated privileges.
• CVE-2013-1928
  Kees Cook provided a fix for an information leak in the
  VIDEO_SET_SPU_PALETTE ioctl for 32-bit applications running on a 64-bit
  kernel. Local users can gain access to sensitive kernel memory.
• CVE-2013-1929
  Oded Horovitz and Brad Spengler reported an issue in the device driver for
  Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach
  untrusted devices can create an overflow condition, resulting in a denial
  of service or elevated privileges.
• CVE-2013-2015
  Theodore Ts’o provided a fix for an issue in the ext4 filesystem. Local
  users with the ability to mount a specially crafted filesystem can cause
  a denial of service (infinite loop).
• CVE-2013-2634
  Mathias Krause discovered a few issues in the Data Center Bridging (DCB)
  netlink interface. Local users can gain access to sensitive kernel memory.
• CVE-2013-3222
  Mathias Krause discovered an issue in the Asynchronous Transfer Mode (ATM)
  protocol support. Local users can gain access to sensitive kernel memory.
• CVE-2013-3223
  Mathias Krause discovered an issue in the Amateur Radio AX.25 protocol
  support. Local users can gain access to sensitive kernel memory.
• CVE-2013-3224
  Mathias Krause discovered an issue in the Bluetooth subsystem. Local users
  can gain access to sensitive kernel memory.
• CVE-2013-3225
  Mathias Krause discovered an issue in the Bluetooth RFCOMM protocol
  support. Local users can gain access to sensitive kernel memory.
• CVE-2013-3228
  Mathias Krause discovered an issue in the IrDA (infrared) subsystem
  support. Local users can gain access to sensitive kernel memory.
• CVE-2013-3229
  Mathias Krause discovered an issue in the IUCV support on s390 systems.
  Local users can gain access to sensitive kernel memory.
• CVE-2013-3231
  Mathias Krause discovered an issue in the ANSI/IEEE 802.2 LLC type 2
  protocol support. Local users can gain access to sensitive kernel memory.
• CVE-2013-3234
  Mathias Krause discovered an issue in the Amateur Radio X.25 PLP (Rose)
  protocol support. Local users can gain access to sensitive kernel memory.
• CVE-2013-3235
  Mathias Krause discovered an issue in the Transparent Inter Process
  Communication (TIPC) protocol support. Local users can gain access to
  sensitive kernel memory.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2.6.32-48squeeze3.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or “leap-frog” fashion.