[continued from previous message]
denial of service or possibly to execute arbitrary code on a
system with Bluetooth enabled.
CVE-2017-1000252 (stretch only)
Jan H. Schoenherr of Amazon reported that the KVM implementation
for Intel x86 processors did not correctly validate interrupt
injection requests. A local user with permission to use KVM could
use this for denial of service.
CVE-2017-1000370
The Qualys Research Labs reported that a large argument or
environment list can result in ASLR bypass for 32-bit PIE binaries.
CVE-2017-1000371
The Qualys Research Labs reported that a large argument
orenvironment list can result in a stack/heap clash for 32-bit
PIE binaries.
CVE-2017-1000380
Alexander Potapenko of Google reported a race condition in the ALSA
(sound) timer driver, leading to an information leak. A local user
with permission to access sound devices could use this to obtain
sensitive information.
Debian disables unprivileged user namespaces by default, but if they
are enabled (via the kernel.unprivileged_userns_clone sysctl) then CVE-2017-11600, CVE-2017-14497 and CVE-2017-1000111 can be exploited
by any local user.
For the oldstable distribution (jessie), these problems have been fixed
in version 3.16.43-2+deb8u5.
For the stable distribution (stretch), these problems have been fixed in version 4.9.30-2+deb9u5.
We recommend that you upgrade your linux packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
[email protected]
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlnC3oNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TV4A//YKPZIGwx784py9DEwJuPApBQD0OKxbry0Rvz16bvE+Oi4iVlLsjXb1WP thCzf9CiCHPIM0pBjMUWYGWyoRFcjDtvXOSSYG8SpiwpK7jVRlqgZz1CzSoJhEaC a/twAzmT/+AHMNwCmryk29qGHr/TqbKe8hsHcuiBo9TWjqsZWalsUvau1mGhMGXd U0gDBqy3lS1YsLwGpkeF0zY3x6As7D6W4cB4R7nn2dWzObb8fEItn+4ZO/3wpgiR iTPF2MtdfjLIWwsDcXmmCt6mlhr8dztpYKxKWce33rnwVV4SfTidJNcXm2xsfS7Y yprrFX7FUV/MHvdsvnVWI+SardVgP7KCcB2S+j1WzBtuKJ5YnSDqwDowDJ9mZia3 MrOXAr/NaBmQxTDNB0O6s8knNXIOvfSl+TNMAVVTN2o1bBg+dVg/Enu0C6I1Ui9c 9JbbEd1n4dOxbHE+9XSeAK8F9sDdAxmy1xpPFd6h+eFNFC7dQ6XYrjArSsEOcSEv Yi3TOtdveFWLHCjgpkfEaqWYGZ1tiBjaVqyN5ItNjy3Kn4beyUcWOg2w7PwoK/lc wgF5z+hjEZ9ottwTddRlwqb1HdjCYA4SOa6ojF7euCwCM9hq1gv2PMlXSHGYjo3d F5Ua2VpPcCc+hmGN6mm56zeAZ+boFwIqxiCIOTGfjrusseJBmkY=
=EuYF
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)