1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • Re: [SECURITY] [DSA 3329-1] linux security update (2/2)

    From Rui Ribeiro@1:229/2 to Salvatore Bonaccorso on Fri Aug 7 13:00:01 2015
    [continued from previous message]

    Content-Transfer-Encoding: quoted-printable

    <div dir="ltr">feito e reboot a DNSes e Radius que assenta em serviços UDP realizado.</div><div class="gmail_extra"><br><div class="gmail_quote">On 7 August 2015 at 08:18, Salvatore Bonaccorso <span dir="ltr">&lt;<a href="mailto:[email protected]"
    target="_blank">[email protected]</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
    Hash: SHA512<br>

    - -------------------------------------------------------------------------<br> Debian Security Advisory DSA-3329-1                   <a href="mailto:[email protected]">[email protected]</a><br>
    <a href="https://www.debian.org/security/" rel="noreferrer" target="_blank">https://www.debian.org/security/</a>                     Salvatore Bonaccorso<br>
    August 07, 2015                       <a href="https://www.debian.org/security/faq" rel="noreferrer" target="_blank">https://www.debian.org/security/faq</a><br>
    - -------------------------------------------------------------------------<br>

    Package        : linux<br>
    CVE ID         : CVE-2015-1333 CVE-2015-3212 CVE-2015-4692 CVE-2015-4700<br>
                     CVE-2015-5364 CVE-2015-5366 CVE-2015-5697 CVE-2015-5706<br>
                     CVE-2015-5707<br>

    Several vulnerabilities have been discovered in the Linux kernel<br>
    that may lead to a privilege escalation, denial of service or<br>
    information leak.<br>

    CVE-2015-1333<br>

        Colin Ian King discovered a flaw in the add_key function of the<br>
        Linux kernel&#39;s keyring subsystem. A local user can exploit this flaw<br>
        to cause a denial of service due to memory exhaustion.<br>

    CVE-2015-3212<br>

        Ji Jianwen of Red Hat Engineering discovered a flaw in the handling<br>     of the SCTPs automatic handling of dynamic multi-homed connections.<br>     A local attacker could use this flaw to cause a crash or potentially<br>     for privilege escalation.<br>

    CVE-2015-4692<br>

        A NULL pointer dereference flaw was found in the<br>
        kvm_apic_has_events function in the KVM subsystem. A unprivileged<br>
        local user could exploit this flaw to crash the system kernel<br>
        resulting in denial of service.<br>

    CVE-2015-4700<br>

        Daniel Borkmann discovered a flaw in the Linux kernel implementation<br>     of the Berkeley Packet Filter which can be used by a local user to<br>
        crash the system.<br>

    CVE-2015-5364<br>

        It was discovered that the Linux kernel does not properly handle<br>
        invalid UDP checksums. A remote attacker could exploit this flaw to<br>     cause a denial of service using a flood of UDP packets with invalid<br>     checksums.<br>

    CVE-2015-5366<br>

        It was discovered that the Linux kernel does not properly handle<br>
        invalid UDP checksums. A remote attacker can cause a denial of<br>
        service against applications that use epoll by injecting a single<br>
        packet with an invalid checksum.<br>

    CVE-2015-5697<br>

        A flaw was discovered in the md driver in the Linux kernel leading<br>
        to an information leak.<br>

    CVE-2015-5706<br>

        An user triggerable use-after-free vulnerability in path lookup in<br>
        the Linux kernel could potentially lead to privilege escalation.<br>

    CVE-2015-5707<br>

        An integer overflow in the SCSI generic driver in the Linux kernel<br>
        was discovered. A local user with write permission on a SCSI generic<br>     device could potentially exploit this flaw for privilege escalation.<br>

    For the oldstable distribution (wheezy), these problems have been fixed<br>
    in version 3.2.68-1+deb7u3. CVE-2015-1333, CVE-2015-4692 and<br>
    CVE-2015-5706 do not affect the wheezy distribution.<br>

    For the stable distribution (jessie), these problems have been fixed in<br> version 3.16.7-ckt11-1+deb8u3, except CVE-2015-5364 and CVE-2015-5366<br>
    which were fixed already in DSA-3313-1.<br>

    For the unstable distribution (sid), these problems have been fixed in<br> version 4.1.3-1 or earlier versions.<br>

    We recommend that you upgrade your linux packages.<br>

    Further information about Debian Security Advisories, how to apply<br>
    these updates to your system and frequently asked questions can be<br>
    found at: <a href="https://www.debian.org/security/" rel="noreferrer" target="_blank">https://www.debian.org/security/</a><br>

    Mailing list: <a href="mailto:[email protected]">[email protected]</a><br>
    -----BEGIN PGP SIGNATURE-----<br>
    Version: GnuPG v1<br>

    iQIcBAEBCgAGBQJVxFhxAAoJEAVMuPMTQ89Ew5wQAJtibxM4B5zSP8svVyhcDOWy<br> bmBlyxP5ibxgtq+mh5jPO8R9W18LnZE7Bz6z0lGkOfwcmWbfsIPBLES3mHhwskZq<br> HK9r+h4rh82Ydn7OC3pKISayxCyWcHQ/9lCPQ5qsv3/ZZn9/G0hq+zYDubT6M7c9<br> QdppP0dg8+pF+8ZhWjy1Jpl3EY5IwdNojx6oXD4VyK7c8gZlpX2FGdaQ9Sc6v8Cm<br> 0Nj5UJFSosrJqa8HEuV6XwrWmj27onIqjGsVuU9F8L2282uOZdA8fEe8u7mheeH1<br> n0cziRhkGVdmkdCHWrkZOHq3FrldRpMMUP7c4nLilmXECaJRiHmeXYJzYQTdebIB<br> 9MkLT3qQI07c1LDTtugAiRMuuMOt9Y7P5o5adAtTfyKcfpy6pp7E8zhmKBAHFx90<br> hnjYIg/kM6Fd+Xmm18d1mQIVA8rRtI6sYfnpUPrsfhtLZibcHgyKTq9FiLBjZ70R<br> TLq8jFGs9mWEh+0C0z4/C8sOMrE9uDujy6kOaBzxfNRvlaXjr9DuusOwCjl+Ygqy<br> 8ylhgJ70+31FQst8xsnkOBOUYdZ3yWJ2winjRLiMLmII/haWGGNdhZeVdwNMUAHY<br> 0OdVcqUBxsHpXr6tHU9s1fMzhPHzD92ApaCOupTbxroRGgm6wxnXUPZAPYkMFNQa<br> 4ouuRAK0QohqIRquuebC<br>
    =Ra/9<br>
    -----END PGP SIGNATURE-----<br>
    <span class="HOEnZb"><font color="#888888"><br>

    --<br>
    To UNSUBSCRIBE, email to <a href="mailto:[email protected]">[email protected]</a><br>
    with a subject of &quot;unsubscribe&quot;. Trouble? Contact <a href="mailto:[email protected]">[email protected]</a><br>
    Archive: <a href="https://lists.debian.org/[email protected]" rel="noreferrer" target="_blank">https://lists.debian.org/[email protected]</a><br>

    </font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div>Regards,<br></div><div><br></div><div>--</div><div>Rui Ribeiro</div><div>Senior Sysadm</div><div>ISCTE-IUL</div><div><a href="
    https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434" style="color:rgb(17,85,204)" target="_blank">https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434</a><div><img src="https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif"></div></div></div></div>
    </div>

    --001a11336e5ac1d128051cb63c60--


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/CAGnR_r_4CFj-37-=M0CFZs9rcUt2YJn5oR02BUJ9truLLAFOMg@mail.gmail.com

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)