Debian: DSA-3372-1: linux security update

    Date13 Oct 2015
    CategoryDebian
    43
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification.
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3372-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                            Ben Hutchings
    October 13, 2015                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : linux
    CVE ID         : CVE-2015-2925 CVE-2015-5257 CVE-2015-5283 CVE-2015-7613
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service, unauthorised
    information disclosure or unauthorised information modification.
    
    CVE-2015-2925
    
        Jann Horn discovered that when a subdirectory of a filesystem was
        bind-mounted into a chroot or mount namespace, a user that should
        be confined to that chroot or namespace could access the whole of
        that filesystem if they had write permission on an ancestor of
        the subdirectory.  This is not a common configuration for wheezy,
        and the issue has previously been fixed for jessie.
    
    CVE-2015-5257
    
        Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB
        device could cause a denial of service (crash) by imitating a
        Whiteheat USB serial device but presenting a smaller number of
        endpoints.
    
    CVE-2015-5283
    
        Marcelo Ricardo Leitner discovered that creating multiple SCTP
        sockets at the same time could cause a denial of service (crash)
        if the sctp module had not previously been loaded.  This issue
        only affects jessie.
    
    CVE-2015-7613
    
        Dmitry Vyukov discovered that System V IPC objects (message queues
        and shared memory segments) were made accessible before their
        ownership and other attributes were fully initialised.  If a local
        user can race against another user or service creating a new IPC
        object, this may result in unauthorised information disclosure,
        unauthorised information modification, denial of service and/or
        privilege escalation.
    
        A similar issue existed with System V semaphore arrays, but was
        less severe because they were always cleared before being fully
        initialised.
    
    For the oldstable distribution (wheezy), these problems have been fixed
    in version 3.2.68-1+deb7u5.
    
    For the stable distribution (jessie), these problems have been fixed in
    version 3.16.7-ckt11-1+deb8u5.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 4.2.3-1 or earlier versions.
    
    We recommend that you upgrade your linux packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.