Re: [SECURITY] [DSA 3329-1] linux security update
Mmmm
> On 7/8/2015, at 4:25, Salvatore Bonaccorso <carnil@debian.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3329-1 security@debian.org
> https://www.debian.org/security/ Salvatore Bonaccorso
> August 07, 2015 https://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : linux
> CVE ID : CVE-2015-1333 CVE-2015-3212 CVE-2015-4692 CVE-2015-4700
> CVE-2015-5364 CVE-2015-5366 CVE-2015-5697 CVE-2015-5706
> CVE-2015-5707
>
> Several vulnerabilities have been discovered in the Linux kernel
> that may lead to a privilege escalation, denial of service or
> information leak.
>
> CVE-2015-1333
>
> Colin Ian King discovered a flaw in the add_key function of the
> Linux kernel's keyring subsystem. A local user can exploit this flaw
> to cause a denial of service due to memory exhaustion.
>
> CVE-2015-3212
>
> Ji Jianwen of Red Hat Engineering discovered a flaw in the handling
> of the SCTPs automatic handling of dynamic multi-homed connections.
> A local attacker could use this flaw to cause a crash or potentially
> for privilege escalation.
>
> CVE-2015-4692
>
> A NULL pointer dereference flaw was found in the
> kvm_apic_has_events function in the KVM subsystem. A unprivileged
> local user could exploit this flaw to crash the system kernel
> resulting in denial of service.
>
> CVE-2015-4700
>
> Daniel Borkmann discovered a flaw in the Linux kernel implementation
> of the Berkeley Packet Filter which can be used by a local user to
> crash the system.
>
> CVE-2015-5364
>
> It was discovered that the Linux kernel does not properly handle
> invalid UDP checksums. A remote attacker could exploit this flaw to
> cause a denial of service using a flood of UDP packets with invalid
> checksums.
>
> CVE-2015-5366
>
> It was discovered that the Linux kernel does not properly handle
> invalid UDP checksums. A remote attacker can cause a denial of
> service against applications that use epoll by injecting a single
> packet with an invalid checksum.
>
> CVE-2015-5697
>
> A flaw was discovered in the md driver in the Linux kernel leading
> to an information leak.
>
> CVE-2015-5706
>
> An user triggerable use-after-free vulnerability in path lookup in
> the Linux kernel could potentially lead to privilege escalation.
>
> CVE-2015-5707
>
> An integer overflow in the SCSI generic driver in the Linux kernel
> was discovered. A local user with write permission on a SCSI generic
> device could potentially exploit this flaw for privilege escalation.
>
> For the oldstable distribution (wheezy), these problems have been fixed
> in version 3.2.68-1+deb7u3. CVE-2015-1333, CVE-2015-4692 and
> CVE-2015-5706 do not affect the wheezy distribution.
>
> For the stable distribution (jessie), these problems have been fixed in
> version 3.16.7-ckt11-1+deb8u3, except CVE-2015-5364 and CVE-2015-5366
> which were fixed already in DSA-3313-1.
>
> For the unstable distribution (sid), these problems have been fixed in
> version 4.1.3-1 or earlier versions.
>
> We recommend that you upgrade your linux packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCgAGBQJVxFhxAAoJEAVMuPMTQ89Ew5wQAJtibxM4B5zSP8svVyhcDOWy
> bmBlyxP5ibxgtq+mh5jPO8R9W18LnZE7Bz6z0lGkOfwcmWbfsIPBLES3mHhwskZq
> HK9r+h4rh82Ydn7OC3pKISayxCyWcHQ/9lCPQ5qsv3/ZZn9/G0hq+zYDubT6M7c9
> QdppP0dg8+pF+8ZhWjy1Jpl3EY5IwdNojx6oXD4VyK7c8gZlpX2FGdaQ9Sc6v8Cm
> 0Nj5UJFSosrJqa8HEuV6XwrWmj27onIqjGsVuU9F8L2282uOZdA8fEe8u7mheeH1
> n0cziRhkGVdmkdCHWrkZOHq3FrldRpMMUP7c4nLilmXECaJRiHmeXYJzYQTdebIB
> 9MkLT3qQI07c1LDTtugAiRMuuMOt9Y7P5o5adAtTfyKcfpy6pp7E8zhmKBAHFx90
> hnjYIg/kM6Fd+Xmm18d1mQIVA8rRtI6sYfnpUPrsfhtLZibcHgyKTq9FiLBjZ70R
> TLq8jFGs9mWEh+0C0z4/C8sOMrE9uDujy6kOaBzxfNRvlaXjr9DuusOwCjl+Ygqy
> 8ylhgJ70+31FQst8xsnkOBOUYdZ3yWJ2winjRLiMLmII/haWGGNdhZeVdwNMUAHY
> 0OdVcqUBxsHpXr6tHU9s1fMzhPHzD92ApaCOupTbxroRGgm6wxnXUPZAPYkMFNQa
> 4ouuRAK0QohqIRquuebC
> =Ra/9
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: https://lists.debian.org/E1ZNbvJ-0001ko-UV@master.debian.org
>
Reply to: