-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2013-0040
 
Title: Linux kernel Local Vulnerabilities
 
Version history:
25.04.2013 Initial publication

Summary
=======
Linux kernel has several vulneravilities that can cause a denial of service or escalate privileges.

An attacker can exploit these issues to execute arbitrary code with kernel-level privileges. Successfully exploiting may result in the complete compromise of the affected computers.

CVE numbers:

CVE-2013-0913 7.2 (HIGH) (AV:L/AC:L/Au:N/C:C/I:C/A:C) [1]
CVE-2013-1773 6.2 (MEDIUM) (AV:L/AC:H/Au:N/C:C/I:C/A:C) [2]

Vulnerable systems
==================

It depends on the vulnerabilite confront original information.

Original Details
================
* An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the Intel i915 driver in the Linux kernel handled the
allocation of the buffer used for relocation copies. A local user with
console access could use this flaw to cause a denial of service or escalate
their privileges. (CVE-2013-0913)

* A buffer overflow flaw was found in the way UTF-8 characters were
converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's
FAT file system implementation. A local user able to mount a FAT file
system with the "utf8=1" option could use this flaw to crash the system or,
potentially, to escalate their privileges. (CVE-2013-1773)

What can you do?
================
Fix is vendor dependent.

What to tell your users?
========================
N/A

More information
================

[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0913
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1773

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJReP47AAoJEPpzpNLI8SVo83MP/i+0BQkMg37xQBsGu0acg+88
cMmPrPrPOb32QFFj9wZ2QrsPBZpkGw3PdXG37EMHW8J4OoHLSLq7s6L3EpCpA9ZV
3PVyw1LI6KmSnWk57ou8DtHJ4xUsmcmVw4W7Hpso8BOGtLCssYpwAkucHsjnUyme
0ssAz9aXxywZ9uegAUzgsV/7GZr+H2LRCqiSXXE7V/9UzYxzgF2KNcj8iR2Dhrac
i/DxNS4pNQQC/rLgkvNKOkOhgCEWU0bLPxyZMSDFYqiJRnpoLuzIBdxKWWgREDiU
9co9lakcEblrm90jYVKNcEtxtWN65NPOVzB858NnuLVPeVG52k9mgw9HJrortN+E
Yu+Mo1Clx1XJaBFpxT/FmBS+KCZ4iDo4/ldHSoO1FhwXiqyp5bDrhif0ngAPAgS7
/NUZHpo2hh9UjI10dZitxosBnfc3kBMN3qA/FDH/eX2GjtsMCEpOL8pxuUVytkJX
rhDt4WIk+uJCIJRhoGx+I7Oh9ODpbTRJ17HG5VM/ZcWH9L9qyeTsCXXeRWGX2IoA
gMpsZb0z28a8y+rEFZCrlmOMHJKCfqc0zw+JiebzLoOoNF9rItuYcpgJJfEYtYDk
eNP7bnTRHWuFDUI5WMuZAg2vwZPCklcsIaViaLtBNKFYlZt9FdJch/nYVoANJYm2
haIdavQQuXWyuxxtyJV7
=b5PM
-----END PGP SIGNATURE-----