Re: [SECURITY] [DSA 3329-1] linux security update

To: "<debian-security@lists.debian.org>" <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA 3329-1] linux security update
From: Marcelo Capozzi <MarceloC@exo.com.ar>
Date: Fri, 7 Aug 2015 10:31:45 +0000
Message-id: <[🔎] BDE93B6B-33EF-4E0D-95EC-8026D0F61ADA@exo.com.ar>
In-reply-to: <E1ZNbvJ-0001ko-UV@master.debian.org>
References: <E1ZNbvJ-0001ko-UV@master.debian.org>

Mmmm



> On 7/8/2015, at 4:25, Salvatore Bonaccorso <carnil@debian.org> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3329-1                   security@debian.org
> https://www.debian.org/security/                     Salvatore Bonaccorso
> August 07, 2015                       https://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : linux
> CVE ID         : CVE-2015-1333 CVE-2015-3212 CVE-2015-4692 CVE-2015-4700
>                 CVE-2015-5364 CVE-2015-5366 CVE-2015-5697 CVE-2015-5706
>                 CVE-2015-5707
> 
> Several vulnerabilities have been discovered in the Linux kernel
> that may lead to a privilege escalation, denial of service or
> information leak.
> 
> CVE-2015-1333
> 
>    Colin Ian King discovered a flaw in the add_key function of the
>    Linux kernel's keyring subsystem. A local user can exploit this flaw
>    to cause a denial of service due to memory exhaustion.
> 
> CVE-2015-3212
> 
>    Ji Jianwen of Red Hat Engineering discovered a flaw in the handling
>    of the SCTPs automatic handling of dynamic multi-homed connections.
>    A local attacker could use this flaw to cause a crash or potentially
>    for privilege escalation.
> 
> CVE-2015-4692
> 
>    A NULL pointer dereference flaw was found in the
>    kvm_apic_has_events function in the KVM subsystem. A unprivileged
>    local user could exploit this flaw to crash the system kernel
>    resulting in denial of service.
> 
> CVE-2015-4700
> 
>    Daniel Borkmann discovered a flaw in the Linux kernel implementation
>    of the Berkeley Packet Filter which can be used by a local user to
>    crash the system.
> 
> CVE-2015-5364
> 
>    It was discovered that the Linux kernel does not properly handle
>    invalid UDP checksums. A remote attacker could exploit this flaw to
>    cause a denial of service using a flood of UDP packets with invalid
>    checksums.
> 
> CVE-2015-5366
> 
>    It was discovered that the Linux kernel does not properly handle
>    invalid UDP checksums. A remote attacker can cause a denial of
>    service against applications that use epoll by injecting a single
>    packet with an invalid checksum.
> 
> CVE-2015-5697
> 
>    A flaw was discovered in the md driver in the Linux kernel leading
>    to an information leak.
> 
> CVE-2015-5706
> 
>    An user triggerable use-after-free vulnerability in path lookup in
>    the Linux kernel could potentially lead to privilege escalation.
> 
> CVE-2015-5707
> 
>    An integer overflow in the SCSI generic driver in the Linux kernel
>    was discovered. A local user with write permission on a SCSI generic
>    device could potentially exploit this flaw for privilege escalation.
> 
> For the oldstable distribution (wheezy), these problems have been fixed
> in version 3.2.68-1+deb7u3. CVE-2015-1333, CVE-2015-4692 and
> CVE-2015-5706 do not affect the wheezy distribution.
> 
> For the stable distribution (jessie), these problems have been fixed in
> version 3.16.7-ckt11-1+deb8u3, except CVE-2015-5364 and CVE-2015-5366
> which were fixed already in DSA-3313-1.
> 
> For the unstable distribution (sid), these problems have been fixed in
> version 4.1.3-1 or earlier versions.
> 
> We recommend that you upgrade your linux packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBCgAGBQJVxFhxAAoJEAVMuPMTQ89Ew5wQAJtibxM4B5zSP8svVyhcDOWy
> bmBlyxP5ibxgtq+mh5jPO8R9W18LnZE7Bz6z0lGkOfwcmWbfsIPBLES3mHhwskZq
> HK9r+h4rh82Ydn7OC3pKISayxCyWcHQ/9lCPQ5qsv3/ZZn9/G0hq+zYDubT6M7c9
> QdppP0dg8+pF+8ZhWjy1Jpl3EY5IwdNojx6oXD4VyK7c8gZlpX2FGdaQ9Sc6v8Cm
> 0Nj5UJFSosrJqa8HEuV6XwrWmj27onIqjGsVuU9F8L2282uOZdA8fEe8u7mheeH1
> n0cziRhkGVdmkdCHWrkZOHq3FrldRpMMUP7c4nLilmXECaJRiHmeXYJzYQTdebIB
> 9MkLT3qQI07c1LDTtugAiRMuuMOt9Y7P5o5adAtTfyKcfpy6pp7E8zhmKBAHFx90
> hnjYIg/kM6Fd+Xmm18d1mQIVA8rRtI6sYfnpUPrsfhtLZibcHgyKTq9FiLBjZ70R
> TLq8jFGs9mWEh+0C0z4/C8sOMrE9uDujy6kOaBzxfNRvlaXjr9DuusOwCjl+Ygqy
> 8ylhgJ70+31FQst8xsnkOBOUYdZ3yWJ2winjRLiMLmII/haWGGNdhZeVdwNMUAHY
> 0OdVcqUBxsHpXr6tHU9s1fMzhPHzD92ApaCOupTbxroRGgm6wxnXUPZAPYkMFNQa
> 4ouuRAK0QohqIRquuebC
> =Ra/9
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: https://lists.debian.org/E1ZNbvJ-0001ko-UV@master.debian.org
>

Reply to:

Prev by Date: Re: [SECURITY] [DSA 3329-1] linux security update
Next by Date: Re: Bug#794466: Virtualbox might not be suitable for Stretch
Previous by thread: Re: [SECURITY] [DSA 3329-1] linux security update
Next by thread: Re: Bug#794466: Virtualbox might not be suitable for Stretch
Index(es):
- Date
- Thread