[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3372-1] linux security update

Greetings all.

What is the most secure build of all-signed Debian packages currently?

What is also viewed by the community to be the most secure linux builds?


> Hash: SHA512
> -
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3372-1                   security@debian.org
> https://www.debian.org/security/                            Ben Hutchings
> October 13, 2015                      https://www.debian.org/security/faq
> -
> -------------------------------------------------------------------------
> Package        : linux
> CVE ID         : CVE-2015-2925 CVE-2015-5257 CVE-2015-5283 CVE-2015-7613
> Several vulnerabilities have been discovered in the Linux kernel that
> may lead to a privilege escalation, denial of service, unauthorised
> information disclosure or unauthorised information modification.
> CVE-2015-2925
>     Jann Horn discovered that when a subdirectory of a filesystem was
>     bind-mounted into a chroot or mount namespace, a user that should
>     be confined to that chroot or namespace could access the whole of
>     that filesystem if they had write permission on an ancestor of
>     the subdirectory.  This is not a common configuration for wheezy,
>     and the issue has previously been fixed for jessie.
> CVE-2015-5257
>     Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB
>     device could cause a denial of service (crash) by imitating a
>     Whiteheat USB serial device but presenting a smaller number of
>     endpoints.
> CVE-2015-5283
>     Marcelo Ricardo Leitner discovered that creating multiple SCTP
>     sockets at the same time could cause a denial of service (crash)
>     if the sctp module had not previously been loaded.  This issue
>     only affects jessie.
> CVE-2015-7613
>     Dmitry Vyukov discovered that System V IPC objects (message queues
>     and shared memory segments) were made accessible before their
>     ownership and other attributes were fully initialised.  If a local
>     user can race against another user or service creating a new IPC
>     object, this may result in unauthorised information disclosure,
>     unauthorised information modification, denial of service and/or
>     privilege escalation.
>     A similar issue existed with System V semaphore arrays, but was
>     less severe because they were always cleared before being fully
>     initialised.
> For the oldstable distribution (wheezy), these problems have been fixed
> in version 3.2.68-1+deb7u5.
> For the stable distribution (jessie), these problems have been fixed in
> version 3.16.7-ckt11-1+deb8u5.
> For the unstable distribution (sid), these problems have been fixed in
> version 4.2.3-1 or earlier versions.
> We recommend that you upgrade your linux packages.
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> Mailing list: debian-security-announce@lists.debian.org
> Version: GnuPG v1
> CKjb8XvYmEm8174E1XcaEQ+ZWiQdpFwe7VABsIhVfD2G2QqXHoIiLFjjnuyiN6qw
> ZU/69j1nTfimoyoMyXThsAb93rWQii7/8baQ5LRVHXhipJeudq0mbAKY0GSFAXQa
> b6ZmFzXx9/XTLkXGl5m/XFddbEaBo5UGTx1L5GDvjgb4iaQPih8df58aV4GLNGq9
> cyjZpZKSuhj2CNPK84fqUo+LlX867NdyC2e3M8uf7S9KYCWsqbl8qByiGLIebYOl
> yS0rXVret4Fa+9UqvuNSbp2iIx4g3vu/awUKOs9/nlz/OCBlFpQMbypeRUJi+eu5
> 99gDNAwZgym/77qnQKBVy2mWuDoYWn3eqg3JluwSZyDV8G+5QhEEesOcsF5U21rA
> 2RcTRpP6byh6m8IZQ6hDssoG0z8fuVIhwVo8yJ6P4dLf2rMbi/RNmxY6AYEFWYwW
> 3mTF6hwXG7J7qIMFIXy4Fuh/ea7AqYQtGfpvcnclSPd8BGESS/ySp+jMcOVQnOM/
> dis38moi1fYpPAtgz2X9w3FexSy2+fMb/15xgBW0aay0isoqK5GwE1Am3Ed5LO54
> Q7gz4VJxXxGKu6+N6nbg
> =Hht/

Reply to: