Debian: DSA-3434-1: linux security update

    Date05 Jan 2016
    CategoryDebian
    50
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3434-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                            Ben Hutchings
    January 05, 2016                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : linux
    CVE ID         : CVE-2015-7513 CVE-2015-7550 CVE-2015-8543 CVE-2015-8550
                     CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575
                     CVE-2015-8709
    Debian Bug     : 808293 808602 808953 808973
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leak.
    
    CVE-2015-7513
    
        It was discovered that a local user permitted to use the x86 KVM
        subsystem could configure the PIT emulation to cause a denial of
        service (crash).
    
    CVE-2015-7550
    
        Dmitry Vyukov discovered a race condition in the keyring subsystem
        that allows a local user to cause a denial of service (crash).
    
    CVE-2015-8543
    
        It was discovered that a local user permitted to create raw sockets
        could cause a denial-of-service by specifying an invalid protocol
        number for the socket. The attacker must have the CAP_NET_RAW
        capability.
    
    CVE-2015-8550
    
        Felix Wilhelm of ERNW discovered that the Xen PV backend drivers
        may read critical data from shared memory multiple times. This
        flaw can be used by a guest kernel to cause a denial of service
        (crash) on the host, or possibly for privilege escalation.
    
    CVE-2015-8551 / CVE-2015-8552
    
        Konrad Rzeszutek Wilk of Oracle discovered that the Xen PCI
        backend driver does not adequately validate the device state when
        a guest configures MSIs. This flaw can be used by a guest kernel
        to cause a denial of service (crash or disk space exhaustion) on
        the host.
    
    CVE-2015-8569
    
        Dmitry Vyukov discovered a flaw in the PPTP sockets implementation
        that leads to an information leak to local users.
    
    CVE-2015-8575
    
        David Miller discovered a flaw in the Bluetooth SCO sockets
        implementation that leads to an information leak to local users.
    
    CVE-2015-8709
    
        Jann Horn discovered a flaw in the permission checks for use of
        the ptrace feature. A local user who has the CAP_SYS_PTRACE
        capability within their own user namespace could use this flaw for
        privilege escalation if a more privileged process ever enters that
        user namespace. This affects at least the LXC system.
    
    In addition, this update fixes some regressions in the previous update:
    
    #808293
    
        A regression in the UDP implementation prevented freeradius and
        some other applications from receiving data.
    
    #808602 / #808953
    
        A regression in the USB XHCI driver prevented use of some devices
        in USB 3 SuperSpeed ports.
    
    #808973
    
        A fix to the radeon driver interacted with an existing bug to
        cause a crash at boot when using some AMD/ATI graphics cards.
        This issue only affects wheezy.
    
    For the oldstable distribution (wheezy), these problems have been fixed
    in version 3.2.73-2+deb7u2. The oldstable distribution (wheezy) is not
    affected by CVE-2015-8709.
    
    For the stable distribution (jessie), these problems have been fixed in
    version 3.16.7-ckt20-1+deb8u2. CVE-2015-8543 was already fixed in
    version 3.16.7-ckt20-1+deb8u1.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 4.3.3-3 or earlier.
    
    We recommend that you upgrade your linux packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.