Package : linux-2.6 Version : 2.6.32-48squeeze20 CVE ID : CVE-2015-8812 CVE-2016-0774 CVE-2016-2384 This update fixes the CVEs described below. CVE-2015-8812 A flaw was found in the iw_cxgb3 Infiniband driver. Whenever it could not send a packet because the network was congested, it would free the packet buffer but later attempt to send the packet again. This use-after-free could result in a denial of service (crash or hang), data loss or privilege escalation. CVE-2016-0774 It was found that the fix for CVE-2015-1805 in kernel versions older than Linux 3.16 did not correctly handle the case of a partially failed atomic read. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. CVE-2016-2384 Andrey Konovalov found that a USB MIDI device with an invalid USB descriptor could trigger a double-free. This may be used by a physically present user for privilege escalation. Additionally, it fixes some old security issues with no CVE ID: Several kernel APIs permitted reading or writing 2 GiB of data or more in a single chunk, which could lead to an integer overflow when applied to certain filesystems, socket or device types. The full security impact has not been evaluated. Finally, it fixes a regression in 2.6.32-48squeeze17 that would cause Samba to hang in some situations. For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze20. This is *really* the final update to the linux-2.6 package for squeeze. For the oldstable distribution (wheezy), the kernel was not affected by the integer overflow issues and the remaining problems will be fixed in version 3.2.73-2+deb7u3. For the stable distribution (jessie), the kernel was not affected by the integer overflow issues or CVE-2016-0774, and the remaining problems will be fixed in version 3.16.7-ckt20-1+deb8u4. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
Attachment:
signature.asc
Description: This is a digitally signed message part