Re: [SECURITY] [DSA 3372-1] linux security update
Greetings all.
What is the most secure build of all-signed Debian packages currently?
What is also viewed by the community to be the most secure linux builds?
Kyle
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> -
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3372-1 security@debian.org
> https://www.debian.org/security/ Ben Hutchings
> October 13, 2015 https://www.debian.org/security/faq
> -
> -------------------------------------------------------------------------
>
> Package : linux
> CVE ID : CVE-2015-2925 CVE-2015-5257 CVE-2015-5283 CVE-2015-7613
>
> Several vulnerabilities have been discovered in the Linux kernel that
> may lead to a privilege escalation, denial of service, unauthorised
> information disclosure or unauthorised information modification.
>
> CVE-2015-2925
>
> Jann Horn discovered that when a subdirectory of a filesystem was
> bind-mounted into a chroot or mount namespace, a user that should
> be confined to that chroot or namespace could access the whole of
> that filesystem if they had write permission on an ancestor of
> the subdirectory. This is not a common configuration for wheezy,
> and the issue has previously been fixed for jessie.
>
> CVE-2015-5257
>
> Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB
> device could cause a denial of service (crash) by imitating a
> Whiteheat USB serial device but presenting a smaller number of
> endpoints.
>
> CVE-2015-5283
>
> Marcelo Ricardo Leitner discovered that creating multiple SCTP
> sockets at the same time could cause a denial of service (crash)
> if the sctp module had not previously been loaded. This issue
> only affects jessie.
>
> CVE-2015-7613
>
> Dmitry Vyukov discovered that System V IPC objects (message queues
> and shared memory segments) were made accessible before their
> ownership and other attributes were fully initialised. If a local
> user can race against another user or service creating a new IPC
> object, this may result in unauthorised information disclosure,
> unauthorised information modification, denial of service and/or
> privilege escalation.
>
> A similar issue existed with System V semaphore arrays, but was
> less severe because they were always cleared before being fully
> initialised.
>
> For the oldstable distribution (wheezy), these problems have been fixed
> in version 3.2.68-1+deb7u5.
>
> For the stable distribution (jessie), these problems have been fixed in
> version 3.16.7-ckt11-1+deb8u5.
>
> For the unstable distribution (sid), these problems have been fixed in
> version 4.2.3-1 or earlier versions.
>
> We recommend that you upgrade your linux packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCgAGBQJWHNTSAAoJEAVMuPMTQ89E7EsP/Rm9NNOIoIh+TY4TnKwPJmKa
> tuGLWWOZ/yI90MR7wl9JLWSDBT0DD4fV5LKNp2p3ClV+1nMIbEEkcSOMgWyVtsHT
> CKjb8XvYmEm8174E1XcaEQ+ZWiQdpFwe7VABsIhVfD2G2QqXHoIiLFjjnuyiN6qw
> ZU/69j1nTfimoyoMyXThsAb93rWQii7/8baQ5LRVHXhipJeudq0mbAKY0GSFAXQa
> b6ZmFzXx9/XTLkXGl5m/XFddbEaBo5UGTx1L5GDvjgb4iaQPih8df58aV4GLNGq9
> cyjZpZKSuhj2CNPK84fqUo+LlX867NdyC2e3M8uf7S9KYCWsqbl8qByiGLIebYOl
> yS0rXVret4Fa+9UqvuNSbp2iIx4g3vu/awUKOs9/nlz/OCBlFpQMbypeRUJi+eu5
> 99gDNAwZgym/77qnQKBVy2mWuDoYWn3eqg3JluwSZyDV8G+5QhEEesOcsF5U21rA
> 2RcTRpP6byh6m8IZQ6hDssoG0z8fuVIhwVo8yJ6P4dLf2rMbi/RNmxY6AYEFWYwW
> 3mTF6hwXG7J7qIMFIXy4Fuh/ea7AqYQtGfpvcnclSPd8BGESS/ySp+jMcOVQnOM/
> dis38moi1fYpPAtgz2X9w3FexSy2+fMb/15xgBW0aay0isoqK5GwE1Am3Ed5LO54
> Q7gz4VJxXxGKu6+N6nbg
> =Hht/
> -----END PGP SIGNATURE-----
>
>
Reply to: