| Description: | Summary:
The remote host is missing an update for the Debian 'linux-2.6' package(s) announced via the DSA-2906-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2013-0343
George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled.
CVE-2013-2147
Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory.
CVE-2013-2889
Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service.
CVE-2013-2893
Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service.
CVE-2013-2929
Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of 2 are vulnerable.
CVE-2013-4162
Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets using the UDP_CORK option could result in denial of service.
CVE-2013-4299
Fujitsu reported an issue in the device-mapper subsystem. Local users could gain access to sensitive kernel memory.
CVE-2013-4345
Stephan Mueller found in bug in the ANSI pseudo random number generator which could lead to the use of less entropy than expected.
CVE-2013-4512
Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method for the /proc/exitcode file. Local users with sufficient privileges allowing them to write to this file could gain further elevated privileges.
CVE-2013-4587
Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A local user could gain elevated privileges by passing a large vcpu_id parameter.
CVE-2013-6367
Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A divide-by-zero condition could allow a guest user to cause a denial of service on the host (crash).
CVE-2013-6380
Mahesh Rajashekhara reported an issue in the aacraid driver for storage products from various vendors. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.
CVE-2013-6381
Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet device support for s390 systems. Local users could cause a denial of service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.
CVE-2013-6382
Nico Golde and Fabian Yamaguchi reported an issue in the ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux-2.6' package(s) on Debian 6.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
