Debian: DSA-3804-1: linux security update

    Date08 Mar 2017
    CategoryDebian
    59
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3804-1                   security@debian.org
    https://www.debian.org/security/                     Salvatore Bonaccorso
    March 08, 2017                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : linux
    CVE ID         : CVE-2016-9588 CVE-2017-2636 CVE-2017-5669 CVE-2017-5986 
                     CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348 
                     CVE-2017-6353
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or have other
    impacts.
    
    CVE-2016-9588
    
        Jim Mattson discovered that the KVM implementation for Intel x86
        processors does not properly handle #BP and #OF exceptions in an
        L2 (nested) virtual machine. A local attacker in an L2 guest VM
        can take advantage of this flaw to cause a denial of service for
        the L1 guest VM.
    
    CVE-2017-2636
    
        Alexander Popov discovered a race condition flaw in the n_hdlc
        line discipline that can lead to a double free. A local
        unprivileged user can take advantage of this flaw for privilege
        escalation. On systems that do not already have the n_hdlc module
        loaded, this can be mitigated by disabling it:
        echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false
    
    CVE-2017-5669
    
        Gareth Evans reported that privileged users can map memory at
        address 0 through the shmat() system call. This could make it
        easier to exploit other kernel security vulnerabilities via a
        set-UID program.
    
    CVE-2017-5986
    
        Alexander Popov reported a race condition in the SCTP
        implementation that can be used by local users to cause a
        denial-of-service (crash). The initial fix for this was incorrect
        and introduced further security issues (CVE-2017-6353). This
        update includes a later fix that avoids those. On systems that do
        not already have the sctp module loaded, this can be mitigated by
        disabling it:
        echo >> /etc/modprobe.d/disable-sctp.conf install sctp false
    
    CVE-2017-6214
    
        Dmitry Vyukov reported a bug in the TCP implementation's handling
        of urgent data in the splice() system call. This can be used by a
        remote attacker for denial-of-service (hang) against applications
        that read from TCP sockets with splice().
    
    CVE-2017-6345
    
        Andrey Konovalov reported that the LLC type 2 implementation
        incorrectly assigns socket buffer ownership. This can be used
        by a local user to cause a denial-of-service (crash). On systems
        that do not already have the llc2 module loaded, this can be
        mitigated by disabling it:
        echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false
    
    CVE-2017-6346
    
        Dmitry Vyukov reported a race condition in the raw packet (af_packet)
        fanout feature. Local users with the CAP_NET_RAW capability (in any
        user namespace) can use this for denial-of-service and possibly for
        privilege escalation.
    
    CVE-2017-6348
    
        Dmitry Vyukov reported that the general queue implementation in
        the IrDA subsystem does not properly manage multiple locks,
        possibly allowing local users to cause a denial-of-service
        (deadlock) via crafted operations on IrDA devices.
    
    For the stable distribution (jessie), these problems have been fixed in
    version 3.16.39-1+deb8u2.
    
    We recommend that you upgrade your linux packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.