Debian: DSA-3791-1: linux security update

    Date22 Feb 2017
    CategoryDebian
    33
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3791-1                   security@debian.org
    https://www.debian.org/security/                     Salvatore Bonaccorso
    February 22, 2017                     https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : linux
    CVE ID         : CVE-2016-6786 CVE-2016-6787 CVE-2016-8405 CVE-2016-9191
                     CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2618
                     CVE-2017-5549 CVE-2017-5551 CVE-2017-5897 CVE-2017-5970
                     CVE-2017-6001 CVE-2017-6074
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or have other
    impacts.
    
    CVE-2016-6786 / CVE-2016-6787
    
        It was discovered that the performance events subsystem does not
        properly manage locks during certain migrations, allowing a local
        attacker to escalate privileges.  This can be mitigated by
        disabling unprivileged use of performance events:
        sysctl kernel.perf_event_paranoid=3
    
    CVE-2016-8405
    
        Peter Pi of Trend Micro discovered that the frame buffer video
        subsystem does not properly check bounds while copying color maps to
        userspace, causing a heap buffer out-of-bounds read, leading to
        information disclosure.
    
    CVE-2016-9191
    
        CAI Qian discovered that reference counting is not properly handled
        within proc_sys_readdir in the sysctl implementation, allowing a
        local denial of service (system hang) or possibly privilege
        escalation.
    
    CVE-2017-2583
    
        Xiaohan Zhang reported that KVM for amd64 does not correctly
        emulate loading of a null stack selector.  This can be used by a
        user in a guest VM for denial of service (on an Intel CPU) or to
        escalate privileges within the VM (on an AMD CPU).
    
    CVE-2017-2584
    
        Dmitry Vyukov reported that KVM for x86 does not correctly emulate
        memory access by the SGDT and SIDT instructions, which can result
        in a use-after-free and information leak.
    
    CVE-2017-2596
    
        Dmitry Vyukov reported that KVM leaks page references when
        emulating a VMON for a nested hypervisor.  This can be used by a
        privileged user in a guest VM for denial of service or possibly
        to gain privileges in the host.
    
    CVE-2017-2618
    
        It was discovered that an off-by-one in the handling of SELinux
        attributes in /proc/pid/attr could result in local denial of
        service.
    
    CVE-2017-5549
    
        It was discovered that the KLSI KL5KUSB105 serial USB device
        driver could log the contents of uninitialised kernel memory,
        resulting in an information leak.
    
    CVE-2017-5551
    
        Jan Kara found that changing the POSIX ACL of a file on tmpfs never
        cleared its set-group-ID flag, which should be done if the user
        changing it is not a member of the group-owner. In some cases, this
        would allow the user-owner of an executable to gain the privileges
        of the group-owner.
    
    CVE-2017-5897
    
        Andrey Konovalov discovered an out-of-bounds read flaw in the
        ip6gre_err function in the IPv6 networking code.
    
    CVE-2017-5970
    
        Andrey Konovalov discovered a denial-of-service flaw in the IPv4
        networking code.  This can be triggered by a local or remote
        attacker if a local UDP or raw socket has the IP_RETOPTS option
        enabled.
    
    CVE-2017-6001
    
        Di Shen discovered a race condition between concurrent calls to
        the performance events subsystem, allowing a local attacker to
        escalate privileges. This flaw exists because of an incomplete fix
        of CVE-2016-6786.  This can be mitigated by disabling unprivileged
        use of performance events: sysctl kernel.perf_event_paranoid=3
    
    CVE-2017-6074
    
        Andrey Konovalov discovered a use-after-free vulnerability in the
        DCCP networking code, which could result in denial of service or
        local privilege escalation.  On systems that do not already have
        the dccp module loaded, this can be mitigated by disabling it:
        echo >> /etc/modprobe.d/disable-dccp.conf install dccp false
    
    For the stable distribution (jessie), these problems have been fixed in
    version 3.16.39-1+deb8u1.
    
    We recommend that you upgrade your linux packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.