1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3607-1] linux security update (2/2)

    From Salvatore Bonaccorso@1:229/2 to All on Tue Jun 28 12:00:02 2016
    [continued from previous message]

    Kangjie Lu reported that the USB devio, llc, rtnetlink, ALSA
    timer, x25, tipc, and rds facilities leaked information from the
    kernel stack.

    CVE-2016-4565

    Jann Horn of Google Project Zero reported that various components
    in the InfiniBand stack implemented unusual semantics for the
    write() operation. On a system with InfiniBand drivers loaded,
    local users could use this for denial of service or privilege
    escalation.

    CVE-2016-4581

    Tycho Andersen discovered that in some situations the Linux kernel
    did not handle propagated mounts correctly. A local user can take
    advantage of this flaw to cause a denial of service (system crash).

    CVE-2016-4805

    Baozeng Ding discovered a use-after-free in the generic PPP layer in
    the Linux kernel. A local user can take advantage of this flaw to
    cause a denial of service (system crash), or potentially escalate
    their privileges.

    CVE-2016-4913

    Al Viro found that the ISO9660 filesystem implementation did not
    correctly count the length of certain invalid name entries.
    Reading a directory containing such name entries would leak
    information from kernel memory. Users permitted to mount disks or
    disk images could use this to obtain sensitive information.

    CVE-2016-4997 / CVE-2016-4998

    Jesse Hertz and Tim Newsham discovered that missing input sanitising
    in Netfilter socket handling may result in denial of service. Debian
    disables unprivileged user namespaces by default, if locally enabled
    with the kernel.unprivileged_userns_clone sysctl, this also allows
    privilege escalation.

    For the stable distribution (jessie), these problems have been fixed in
    version 3.16.7-ckt25-2+deb8u2.

    We recommend that you upgrade your linux packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJXckE+AAoJEAVMuPMTQ89EbVoP/2hxxkUZ6hmCNzqfAdVglANg xzBg+dWsE/1Q8gl2OiMrxV8Dy/v9+3Xl2lI0Lldx0zDRSqImvxzCm6Fhhye/OiRD BWeVdeHFdUNTv6MQQ9qFH6ykbz4TQhKPBbbCN0LbbsFa2I1LQNirvMM0fNu915U+ JgMP0JtkvbLZNzT8tg2hR+KkHaZJp+HIZsQD4a8dCPNZVrQJNZt6FFfE0M01IQSw KnjAmzp9om9CAfrTPyu2bnHXa9ktmU2zOeat267TKzSB8zw1/AlHDpf/sODd6uTi lTeInri1NNc2r2VS5mAUWwTUHOHPLPS2PTH+Dpd0vla1qcbUFArfFONgICH3VnYs kqL/Y5ZlhzVC+YXOUDdw+poTSYL/sxTYU+8OImSXbVrhAOT0xTlXX80fqjZJ+lvM 1edtWoZQcpQQ7hZNq919LOrd770e3hkfFHTogwLQ3ROADxGGpOCcsySPDS1Xl2bX b+7HAagYfYknzF2UyZjmc4zn3BtGYYeHkKAWfeuj3U6V5JV2wut/vTHaSgYt4Jue Efy3745ZOZGVcj0UJ6YhN7BNY/kpsfeaiTMcismkU0ywKaINY8rX2GjdX68xmGaa Cs//sGmMSbTNb7JjqdHWY5GJG+q6qUzSyPsSiNfv8F+EsPW/u5PEl/VEo9nl2uvm bXgDVs7M9codkftA8ma7
    =LawE
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)