Debian: DSA-3373-1 Critical System Libraries: Privilege Escalation and DoS
debian
October 13, 2015
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised inf...
Summary
CVE-2015-2925
Jann Horn discovered that when a subdirectory of a filesystem was
bind-mounted into a chroot or mount namespace, a user that should
be confined to that chroot or namespace could access the whole of
that filesystem if they had write permission on an ancestor of
the subdirectory. This is not a common configuration for wheezy,
and the issue has previously been fixed for jessie.
CVE-2015-5257
Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB
device could cause a denial of service (crash) by imitating a
Whiteheat USB serial device but presenting a smaller number of
endpoints.
CVE-2015-5283
Marcelo Ricardo Leitner discovered that creating multiple SCTP
sockets at the same time could cause a denial of service (crash)
if the sctp module had not previously been loaded. This issue
only affects jessie.
CVE-2015-7613
Dmitry Vyukov discovered that System V IPC objects (message queues
and shared memory segments) were made...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux
CVE ID: CVE-2015-2925 CVE-2015-5257 CVE-2015-5283 CVE-2015-7613
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!