1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3448-1] linux security update

    From Salvatore Bonaccorso@1:229/2 to All on Tue Jan 19 13:50:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3448-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 19, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : linux
    CVE ID : CVE-2013-4312 CVE-2015-7566 CVE-2015-8767 CVE-2016-0723
    CVE-2016-0728

    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation or denial-of-service.

    CVE-2013-4312

    Tetsuo Handa discovered that it is possible for a process to open
    far more files than the process' limit leading to denial-of-service
    conditions.

    CVE-2015-7566

    Ralf Spenneberg of OpenSource Security reported that the visor
    driver crashes when a specially crafted USB device without bulk-out
    endpoint is detected.

    CVE-2015-8767

    An SCTP denial-of-service was discovered which can be triggered by a
    local attacker during a heartbeat timeout event after the 4-way
    handshake.

    CVE-2016-0723

    A use-after-free vulnerability was discovered in the TIOCGETD ioctl.
    A local attacker could use this flaw for denial-of-service.

    CVE-2016-0728

    The Perception Point research team discovered a use-after-free
    vulnerability in the keyring facility, possibly leading to local
    privilege escalation.

    For the stable distribution (jessie), these problems have been fixed in
    version 3.16.7-ckt20-1+deb8u3.

    We recommend that you upgrade your linux packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJWni1mAAoJEAVMuPMTQ89EYvkP/Rmqrwxv1M+z4qj3OmfF81Q+ zj5Kd9nrvolH/asFac3URBHurSQby3JRgwxtqJuTrc68xBn147CQWaDM5nU9/HBi Dt3eceDxsGBo9W8FJEpE6Yk4a3NyNiEOnT7gLFfSjFkmyGr3a6+7b1VPAEcsDeBV FbA40UhrDnZYoeqqBFOGqedzFBioSafd+AQOYNqCjNByNq5i3SxMgS3XCECrruUr yGfR+0RD5EibvcUddzduuGOvjmaW+mPK6OTVir2f6AwJFdSOJEegkSZRkLeBJgYL Lfk131dlJ6gwelAaGOJA9wAqSPVIFe9h+jFh2DTQ6q5Lrg5dchkibbb2eSuoqRO1 Fa1cXW33k8YSilTzvy7pO1Snrp2YhGKK3RPo5PNAsdmOiuzSkI9PUw+khz/TtJ9N XSKmOGd3ZT3R81UuEiXTdJVzVsRS+jLpgQ2jjOlvDb5ldQgn9tirL36/isSRcM64 IGnJlLHxhzBv+GQyziVDy37ois2dYT3in6ls2tI7rHoYhaEyOwPyCn98/IJqPxea SIeLGxStaaCGqgDaFqCJbRuAZGFqpwZLKSd9/HycA7jTJbfrdzD74eDFc8LvGYly Il1vpT8Ekfxh9L4o+HkzVkme7dkYt5SmLGvN1euTUdjsuo87r3OwN0OKVhXrFoAV qaetOmH+fJB1/jo9jPLH
    =fylF
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)