- -------------------------------------------------------------------------
Debian Security Advisory DSA-3426-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 17, 2015                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2013-7446 CVE-2015-7799 CVE-2015-7833 CVE-2015-8104
                 CVE-2015-8374 CVE-2015-8543

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service, information leak
or data loss.

CVE-2013-7446

    Dmitry Vyukov discovered that a particular sequence of valid
    operations on local (AF_UNIX) sockets can result in a
    use-after-free. This may be used to cause a denial of service
    (crash) or possibly for privilege escalation.

CVE-2015-7799

    It was discovered that a user granted access to /dev/ppp can cause a
    denial of service (crash) by passing invalid parameters to the
    PPPIOCSMAXCID ioctl. This also applies to ISDN PPP device nodes.

CVE-2015-7833

    Sergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a
    flaw in the processing of certain USB device descriptors in the
    usbvision driver. An attacker with physical access to the system can
    use this flaw to crash the system. This was partly fixed by the
    changes listed in DSA 3396-1.

CVE-2015-8104

    Jan Beulich reported a guest to host denial-of-service flaw
    affecting the KVM hypervisor running on AMD processors. A malicious
    guest can trigger an infinite stream of "debug" (#DB) exceptions
    causing the processor microcode to enter an infinite loop where the
    core never receives another interrupt. This leads to a panic of the
    host kernel.

CVE-2015-8374

    It was discovered that Btrfs did not correctly implement truncation
    of compressed inline extents. This could lead to an information
    leak, if a file is truncated and later made readable by other users.
    Additionally, it could cause data loss. This has been fixed for the
    stable distribution (jessie) only.

CVE-2015-8543

    It was discovered that a local user permitted to create raw sockets
    could cause a denial-of-service by specifying an invalid protocol
    number for the socket. The attacker must have the CAP_NET_RAW
    capability in their user namespace. This has been fixed for the
    stable distribution (jessie) only.

For the oldstable distribution (wheezy), these problems have been fixed
in version 3.2.73-2+deb7u1. In addition, this update contains several
changes originally targeted for the upcoming Wheezy point release.

For the stable distribution (jessie), these problems have been fixed in
version 3.16.7-ckt20-1+deb8u1. In addition, this update contains several
changes originally targeted for the upcoming Jessie point release.

We recommend that you upgrade your linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-3426-1: linux security update

December 17, 2015
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss

Summary

CVE-2013-7446

Dmitry Vyukov discovered that a particular sequence of valid
operations on local (AF_UNIX) sockets can result in a
use-after-free. This may be used to cause a denial of service
(crash) or possibly for privilege escalation.

CVE-2015-7799

It was discovered that a user granted access to /dev/ppp can cause a
denial of service (crash) by passing invalid parameters to the
PPPIOCSMAXCID ioctl. This also applies to ISDN PPP device nodes.

CVE-2015-7833

Sergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a
flaw in the processing of certain USB device descriptors in the
usbvision driver. An attacker with physical access to the system can
use this flaw to crash the system. This was partly fixed by the
changes listed in DSA 3396-1.

CVE-2015-8104

Jan Beulich reported a guest to host denial-of-service flaw
affecting the KVM hypervisor running on AMD processors. A malicious
guest can trigger an infinite stream of "debug" (#DB) exceptions
causing the processor microcode to enter an infinite loop where the
core never receives another interrupt. This leads to a panic of the
host kernel.

CVE-2015-8374

It was discovered that Btrfs did not correctly implement truncation
of compressed inline extents. This could lead to an information
leak, if a file is truncated and later made readable by other users.
Additionally, it could cause data loss. This has been fixed for the
stable distribution (jessie) only.

CVE-2015-8543

It was discovered that a local user permitted to create raw sockets
could cause a denial-of-service by specifying an invalid protocol
number for the socket. The attacker must have the CAP_NET_RAW
capability in their user namespace. This has been fixed for the
stable distribution (jessie) only.

For the oldstable distribution (wheezy), these problems have been fixed
in version 3.2.73-2+deb7u1. In addition, this update contains several
changes originally targeted for the upcoming Wheezy point release.

For the stable distribution (jessie), these problems have been fixed in
version 3.16.7-ckt20-1+deb8u1. In addition, this update contains several
changes originally targeted for the upcoming Jessie point release.

We recommend that you upgrade your linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service, information leak
or data loss.

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up