[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3448-1] linux security update



Hi again,

Are the "Wheezy" Linux kernels affected as well, or are they currently okay as far as you know?

Many thanks in advance, and kindest regards,
Bjoern.

On 19/01/16 20:40, Salvatore Bonaccorso wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3448-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
January 19, 2016                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2013-4312 CVE-2015-7566 CVE-2015-8767 CVE-2016-0723
                  CVE-2016-0728

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation or denial-of-service.

CVE-2013-4312

     Tetsuo Handa discovered that it is possible for a process to open
     far more files than the process' limit leading to denial-of-service
     conditions.

CVE-2015-7566

     Ralf Spenneberg of OpenSource Security reported that the visor
     driver crashes when a specially crafted USB device without bulk-out
     endpoint is detected.

CVE-2015-8767

     An SCTP denial-of-service was discovered which can be triggered by a
     local attacker during a heartbeat timeout event after the 4-way
     handshake.

CVE-2016-0723

     A use-after-free vulnerability was discovered in the TIOCGETD ioctl.
     A local attacker could use this flaw for denial-of-service.

CVE-2016-0728

     The Perception Point research team discovered a use-after-free
     vulnerability in the keyring facility, possibly leading to local
     privilege escalation.

For the stable distribution (jessie), these problems have been fixed in
version 3.16.7-ckt20-1+deb8u3.

We recommend that you upgrade your linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWni1mAAoJEAVMuPMTQ89EYvkP/Rmqrwxv1M+z4qj3OmfF81Q+
zj5Kd9nrvolH/asFac3URBHurSQby3JRgwxtqJuTrc68xBn147CQWaDM5nU9/HBi
Dt3eceDxsGBo9W8FJEpE6Yk4a3NyNiEOnT7gLFfSjFkmyGr3a6+7b1VPAEcsDeBV
FbA40UhrDnZYoeqqBFOGqedzFBioSafd+AQOYNqCjNByNq5i3SxMgS3XCECrruUr
yGfR+0RD5EibvcUddzduuGOvjmaW+mPK6OTVir2f6AwJFdSOJEegkSZRkLeBJgYL
Lfk131dlJ6gwelAaGOJA9wAqSPVIFe9h+jFh2DTQ6q5Lrg5dchkibbb2eSuoqRO1
Fa1cXW33k8YSilTzvy7pO1Snrp2YhGKK3RPo5PNAsdmOiuzSkI9PUw+khz/TtJ9N
XSKmOGd3ZT3R81UuEiXTdJVzVsRS+jLpgQ2jjOlvDb5ldQgn9tirL36/isSRcM64
IGnJlLHxhzBv+GQyziVDy37ois2dYT3in6ls2tI7rHoYhaEyOwPyCn98/IJqPxea
SIeLGxStaaCGqgDaFqCJbRuAZGFqpwZLKSd9/HycA7jTJbfrdzD74eDFc8LvGYly
Il1vpT8Ekfxh9L4o+HkzVkme7dkYt5SmLGvN1euTUdjsuo87r3OwN0OKVhXrFoAV
qaetOmH+fJB1/jo9jPLH
=fylF
-----END PGP SIGNATURE-----



Reply to: