| Description: | Summary:
The remote host is missing an update for the Debian 'linux-2.6' package(s) announced via the DSA-2668-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2012-2121
Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU mapping of memory slots used in KVM device assignment. Local users with the ability to assign devices could cause a denial of service due to a memory page leak.
CVE-2012-3552
Hafid Lin reported an issue in the IP networking subsystem. A remote user can cause a denial of service (system crash) on servers running applications that set options on sockets which are actively being processed.
CVE-2012-4461
Jon Howell reported a denial of service issue in the KVM subsystem. On systems that do not support the XSAVE feature, local users with access to the /dev/kvm interface can cause a system crash.
CVE-2012-4508
Dmitry Monakhov and Theodore Ts'o reported a race condition in the ext4 filesystem. Local users could gain access to sensitive kernel memory.
CVE-2012-6537
Mathias Krause discovered information leak issues in the Transformation user configuration interface. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory.
CVE-2012-6539
Mathias Krause discovered an issue in the networking subsystem. Local users on 64-bit systems can gain access to sensitive kernel memory.
CVE-2012-6540
Mathias Krause discovered an issue in the Linux virtual server subsystem. Local users can gain access to sensitive kernel memory. Note: this issue does not affect Debian provided kernels, but may affect custom kernels built from Debian's linux-source-2.6.32 package.
CVE-2012-6542
Mathias Krause discovered an issue in the LLC protocol support code. Local users can gain access to sensitive kernel memory.
CVE-2012-6544
Mathias Krause discovered issues in the Bluetooth subsystem. Local users can gain access to sensitive kernel memory.
CVE-2012-6545
Mathias Krause discovered issues in the Bluetooth RFCOMM protocol support. Local users can gain access to sensitive kernel memory.
CVE-2012-6546
Mathias Krause discovered issues in the ATM networking support. Local users can gain access to sensitive kernel memory.
CVE-2012-6548
Mathias Krause discovered an issue in the UDF file system support. Local users can obtain access to sensitive kernel memory.
CVE-2012-6549
Mathias Krause discovered an issue in the isofs file system support. Local users can obtain access to sensitive kernel memory.
CVE-2013-0349
Anderson Lizardo discovered an issue in the Bluetooth Human Interface Device Protocol (HIDP) stack. Local users can obtain access to sensitive kernel memory.
CVE-2013-0914
Emese Revfy discovered an issue in the signal implementation. Local users may be able to bypass the address space layout randomization (ASLR) facility due to a leaking of ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux-2.6' package(s) on Debian 6.
Solution:
Please install the updated package(s).
CVSS Score:
7.1
CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
