Changelog
user-mode-linux (3.2-2um-1+deb7u1) wheezy-security; urgency=high
* Rebuild against linux-source-3.2 (3.2.41-2+deb7u2):
* perf: Treat attr.config as u64 in perf_swevent_init() (CVE-2013-2094)
* TTY: fix timing leak with /dev/ptmx (CVE-2013-0160)
* ext4: avoid hang when mounting non-journal filesystems with orphan list
(CVE-2013-2015)
* crypto: algif - suppress sending source address information in recvmsg
(CVE-2013-3076)
* atm: update msg_namelen in vcc_recvmsg() (CVE-2013-3222)
* ax25: fix info leak via msg_name in ax25_recvmsg() (CVE-2013-3223)
* Bluetooth: fix possible info leak in bt_sock_recvmsg() (CVE-2013-3224)
* Bluetooth: RFCOMM - Fix missing msg_namelen update in
rfcomm_sock_recvmsg() (CVE-2013-3225)
* caif: Fix missing msg_namelen update in caif_seqpkt_recvmsg()
(CVE-2013-3227)
* irda: Fix missing msg_namelen update in irda_recvmsg_dgram()
(CVE-2013-3228)
* iucv: Fix missing msg_namelen update in iucv_sock_recvmsg()
(CVE-2013-3229)
* llc: Fix missing msg_namelen update in llc_ui_recvmsg() (CVE-2013-3231)
* rose: fix info leak via msg_name in rose_recvmsg() (CVE-2013-3234)
* tipc: fix info leaks via msg_name in recv_msg/recv_stream (CVE-2013-3235)
* tracing: Fix possible NULL pointer dereferences (CVE-2013-3301)
* [x86] KVM: Allow cross page reads and writes from cached translations.
(fixes regression in fix for CVE-2013-1796)
* net: fix incorrect credentials passing (CVE-2013-1979)
* tg3: fix length overflow in VPD firmware parsing (CVE-2013-1929)
* kernel/signal.c: stop info leak via the tkill and the tgkill syscalls
-- dann frazier <email address hidden> Wed, 15 May 2013 15:34:24 -0600
