[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 670-1] linux security update

Package        : linux
Version        : 3.2.82-1
CVE ID         : CVE-2015-8956 CVE-2016-5195 CVE-2016-7042 CVE-2016-7425

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information


    It was discovered that missing input sanitising in RFCOMM Bluetooth
    socket handling may result in denial of service or information leak.

    It was discovered that a race condition in the memory management
    code can be used for local privilege escalation.  This does not
    affect kernels built with PREEMPT_RT enabled.

    Ondrej Kozina discovered that incorrect buffer allocation in the
    proc_keys_show() function may result in local denial of service.


    Marco Grassi discovered a buffer overflow in the arcmsr SCSI driver
    which may result in local denial of service, or potentially,
    arbitrary code execution.

For Debian 7 "Wheezy", these problems have been fixed in version
3.2.82-1.  This version also includes bug fixes from upstream version
3.2.82 and updates the PREEMPT_RT featureset to version 3.2.82-rt119.

For Debian 8 "Jessie", these problems have been fixed in version

We recommend that you upgrade your linux packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Ben Hutchings - Debian developer, member of kernel, installer and LTS teams

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: