Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0710 linux security update 13 May 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Debian Operating System: Debian GNU/Linux 7 Linux variants Impact/Access: Root Compromise -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2014-3122 CVE-2014-2851 CVE-2014-1738 CVE-2014-1737 CVE-2014-0196 Original Bulletin: http://www.debian.org/security/2014/dsa-2926 Comment: This advisory references vulnerabilities in the Linux kernel that also affect distributions other than Debian. It is recommended that administrators running Linux check for an updated version of the kernel for their system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2926-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 12, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 CVE-2014-2851 CVE-2014-3122 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation: CVE-2014-0196 Jiri Slaby discovered a race condition in the pty layer, which could lead to denial of service or privilege escalation. CVE-2014-1737 / CVE-2014-1738 Matthew Daley discovered that missing input sanitising in the FDRAWCMD ioctl and an information leak could result in privilege escalation. CVE-2014-2851 Incorrect reference counting in the ping_init_sock() function allows denial of service or privilege escalation. CVE-2014-3122 Incorrect locking of memory can result in local denial of service. For the stable distribution (wheezy), these problems have been fixed in version 3.2.57-3+deb7u1. This update also fixes a regression in the isci driver and suspend problems with certain AMD CPUs (introduced in the updated kernel from the Wheezy 7.5 point release). For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your linux packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTcO+9AAoJEBDCk7bDfE421QQP/j08SKXHiHXcdZmtcP1ifE9P fBvddKDd9thLxec1bn4VhFDsDMMESvMGV4S62FaAuet7OU8GpX899ctGeZiR4YM6 EKpd86hwWiChs+PPhyEpae9/gX0ZDGJLToE5PyggOa/anpZ39yHT6rDccl/H9rIc OgFE7ru8je/I1jdeOlqdJLZ2YicM/xLy1gF6WwZFvfKUXHbeJ9cnz5VZR/R1aJCb Ys/rj2QjKDaXvDuW+l+ybQOL6nqevH1upFL4u+kkiOk78q2UoJdyYSeKGLrtIYBW 3SRnY8xHNAtHrldzDjXdFaTqd880/ter5l9OXo9zcR8wUojAqWbSDW+0TC/5CmRL oWa72DuCoxdulsmZQZydxB0U87pudsI2Ez5wiXVXfPWD7Ykwad+j/AV3EBaUEKwi hnWt+9IFWgIjnVnDbPbwfUkmzRCa58ewo10alxEq/supTrkAU/5xQbEtejt4MYtq TGy8b51aWg5VYpEze5HrPBPyl2szdOF+j9OhNF08Rh/RMGbzSi3Qamr/xsG1PhBx +93FcjfembChbPihpUQp7by/2xtT3Td1TA1Q7o3vgKk/bdcmsI1JMdPs46H+AFpi xRgd1dxxPpCaTTCgVHkp6uykWhQcW+nI87OEv/Ibxdch+qrlPs4BxxTk9uL0OHGa mlcOLozLVQLTcPYUAGL6 =AqGQ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU3FQdhLndAQH1ShLAQIGpxAAuQlTx8E/tlPCFHdMldof6HJJ1Tj43r0A Xw/glnWYwrg2MVX7rcAjQHY2litNSPzHA6KHyF8HjsKeO/hMd310lBvlwtIshQjt G5BVq81DsI9u9GZEtfSRfkOF0Oqu5FmReG9C2dzz865gFlo3d7cglywJzdcnoHoP cihYbARi7hGhfxllNjlCvnzh40rKh0ZRotPVuwxL2XmmFvMOFUAFlygEHOCdjcbK /+jEsep/7Dzld3tTdVBtK6niUgY6/pV5XiQnRl3Jc0d5i8gX2xKdAjzVCC0P/6qj uH9epY9lytHLKttJFhTKf66DKfTJE4P3TEqWmGjDk28AWpzMBXUV3KZ0FhjCFxaC K4FepconBtlKpqMD9gPp5kiopJpPJuc3NXnK9jsaE72x8b8vvVJBA3V4EQahq78Z ZrohKfCIbgy9IgxjGIXiy1ee9w4W0mkV+ICFkbXmfD9tPW+HxJUXYKeoArr0nfq8 yyokkrmfzlU1dEKETX2bCPqOE413Y42SU8TnEdT8RYNFBlQrMCz5r9goWIgIacZB CbrYJz6QUmhVqAu+oG8GRIZVoErgPaRwViEcgqWQY35KUqEixvSUoAsOYrcDbBy0 h5QzuXw++RLoBKiard1i3qkT3R4dtvs4wu1X7F+A7ytqnlYBD+G+RwlosLgDZ6Vo lfd47Qswgeo= =PLn6 -----END PGP SIGNATURE-----