Debian: DSA-3170-1: linux security update

    Date23 Feb 2015
    CategoryDebian
    29
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation.
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3160-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Ben Hutchings
    February 23, 2015                      http://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : linux
    CVE ID         : CVE-2013-7421 CVE-2014-7822 CVE-2014-8160 CVE-2014-8559 
                     CVE-2014-9585 CVE-2014-9644 CVE-2014-9683 CVE-2015-0239
                     CVE-2015-1420 CVE-2015-1421 CVE-2015-1593
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a denial of service, information leaks or privilege
    escalation.
    
    CVE-2013-7421 / CVE-2014-9644
    
        It was discovered that the Crypto API allowed unprivileged users
        to load arbitrary kernel modules. A local user can use this flaw
        to exploit vulnerabilities in modules that would not normally be
        loaded.
    
    CVE-2014-7822
    
        Akira Fujita found that the splice() system call did not validate
        the given file offset and length. A local unprivileged user can use
        this flaw to cause filesystem corruption on ext4 filesystems, or
        possibly other effects.
    
    CVE-2014-8160
    
        Florian Westphal discovered that a netfilter (iptables/ip6tables) rule
        accepting packets to a specific SCTP, DCCP, GRE or UDPlite
        port/endpoint could result in incorrect connection tracking state.
        If only the generic connection tracking module (nf_conntrack) was
        loaded, and not the protocol-specific connection tracking module,
        this would allow access to any port/endpoint of the specified
        protocol.
    
    CVE-2014-8559
    
        It was found that kernel functions that iterate over a directory
        tree can dead-lock or live-lock in case some of the directory
        entries were recently deleted or dropped from the cache. A local
        unprivileged user can use this flaw for denial of service.
    
    CVE-2014-9585
    
        Andy Lutomirski discovered that address randomisation for the vDSO
        in 64-bit processes is extremely biased. A local unprivileged user
        could potentially use this flaw to bypass the ASLR protection
        mechanism.
    
    CVE-2014-9683
    
        Dmitry Chernenkov discovered that eCryptfs writes past the end of
        the allocated buffer during encrypted filename decoding, resulting
        in local denial of service.
    
    CVE-2015-0239
    
        It was found that KVM did not correctly emulate the x86 SYSENTER
        instruction. An unprivileged user within a guest system that has
        not enabled SYSENTER, for example because the emulated CPU vendor
        is AMD, could potentially use this flaw to cause a denial of
        service or privilege escalation in that guest.
    
    CVE-2015-1420
    
        It was discovered that the open_by_handle_at() system call reads
        the handle size from user memory a second time after validating
        it. A local user with the CAP_DAC_READ_SEARCH capability could use
        this flaw for privilege escalation.
    
    CVE-2015-1421
    
        It was found that the SCTP implementation could free an
        authentication state while it was still in use, resulting in heap
        corruption. This could allow remote users to cause a denial of
        service or privilege escalation.
    
    CVE-2015-1593
    
        It was found that address randomisation for the initial stack in
        64-bit processes was limited to 20 rather than 22 bits of entropy.
        A local unprivileged user could potentially use this flaw to
        bypass the ASLR protection mechanism.
    
    For the stable distribution (wheezy), these problems have been fixed in
    version 3.2.65-1+deb7u2. Additionally this update fixes regressions
    introduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.
    
    For the upcoming stable distribution (jessie), these problems will be fixed
    soon (a subset is fixed already).
    
    For the unstable distribution (sid), these problems will be fixed soon
    (a subset is fixed already).
    
    We recommend that you upgrade your linux packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.