linux - security update

2014-07-0600:00:00

Google

osv.dev

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON

Andy Lutomirski discovered that the ptrace syscall was not verifying the
RIP register to be valid in the ptrace API on x86_64 processors. An
unprivileged user could use this flaw to crash the kernel (resulting in
denial of service) or for privilege escalation.

For the stable distribution (wheezy), this problem has been fixed in
version 3.2.60-1+deb7u1. In addition, this update contains several
bugfixes originally targeted for the upcoming Wheezy point release.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your linux packages.

CPENameOperatorVersion
linuxeq3.2.54-1
linuxeq3.2.41-2
linuxeq3.2.46-1~bpo60+1
linuxeq3.2.57-1
linuxeq3.2.41-2+deb7u2~bpo60+1
linuxeq3.2.41-2+deb7u1
linuxeq3.2.57-3+deb7u2~bpo60+1
linuxeq3.2.54-2~bpo60+1
linuxeq3.2.60-1
linuxeq3.2.53-1

Name	Operator	Version
linux	eq	3.2.54-1
linux	eq	3.2.41-2
linux	eq	3.2.46-1~bpo60+1
linux	eq	3.2.57-1
linux	eq	3.2.41-2+deb7u2~bpo60+1
linux	eq	3.2.41-2+deb7u1
linux	eq	3.2.57-3+deb7u2~bpo60+1
linux	eq	3.2.54-2~bpo60+1
linux	eq	3.2.60-1
linux	eq	3.2.53-1