BugTraq
[SECURITY] [DSA 2949-1] linux security update Jun 05 2014 12:15PM
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2949-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
June 05, 2014 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
-

Package : linux
CVE ID : CVE-2014-3144 CVE-2014-3145 CVE-2014-3153

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation:

CVE-2014-3144 / CVE-2014-3145

A local user can cause a denial of service (system crash) via
crafted BPF instructions.

CVE-2014-3153

Pinkie Pie discovered an issue in the futex subsystem that allows a
local user to gain ring 0 control via the futex syscall. An
unprivileged user could use this flaw to crash the kernel (resulting
in denial of service) or for privilege escalation.

For the stable distribution (wheezy), these problems have been fixed in
version 3.2.57-3+deb7u2.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTkFu1AAoJEAVMuPMTQ89EkU8P/3XPmOVUppOUURzEK8T3SwrV
wGgGE8Ab51f/bDaI7bzUlQ7q8SkMoPhYbQFYLVcLuMnkKOo4Vgdb5hRHS3BdGnuh
UB/X3fzYFZ4NDy07V3LwvSCrTV3gZgB9Mf8HkmohDjeLkBgiTMgcW0K9AAJKqxKY
5vVkvhuufuDB3aX2rtTqoJmOv1kopQB0CI6ESQS2lyu0XeDDibXMAV6N4HIQkasu
5VCr/t6jRbjpBMyENeWzXsGKtllmnGwnwWzkvYg8cpFtZPOeyKtvUBz2a6WdT0u0
x7DLBTIvk7HudBwL9mhOYs9Av1rtnc1Ch9DupJL1XeOew+Bd6o4MXZxTlnJt70JZ
U4xb09K607bbMhfTrxkaYp8UMEo1VjeoY3Xi+Qx7qbgVq6BUGko8n93fgYH19/uc
q1l3ESDz0bNQneKDNgQJ3es7eVgs4Cxsx+X9R3PxTF5+eH3mtkmJRab7EIgyWYbe
Y7JrqX59bMkFRbAHE+9LGYVqbXpBv2Jp3cpeAB0Z/XjGEQY8bRkIYRPE1gz0t+Yn
axbkCyfLppAJ3TCnaDEQ658smuMh3donXLevPEN/dIVYzZtXRs32afRutiFysZJa
9azBg91Wi+vX+UDvAn334JnSaaD1OA0WRTq35tDulrZj3Zoo7y/NE6Fk1ibyL8zd
4FS2CjFBWKAMiALb3cTR
=EgOI
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus