dd DSA text based on Ben's text for the corresponding DLA in wheezy

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4616 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 38 insertions, 7 deletions

diff --git a/dsa-texts/3.16.36-1+deb8u1 b/dsa-texts/3.16.36-1+deb8u1
index e19dfae2..709ab110 100644
--- a/dsa-texts/3.16.36-1+deb8u1
+++ b/dsa-texts/3.16.36-1+deb8u1
@@ -11,27 +11,58 @@ September 03, 2016                    https://www.debian.org/security/faq
 Package        : linux
 CVE ID         : CVE-2016-5696 CVE-2016-6136 CVE-2016-6480 CVE-2016-6828
 
-
-Brief introduction 
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or have other
+impacts.
 
 CVE-2016-5696
 
-    Description
+    Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V.
+    Krishnamurthy of the University of California, Riverside; and Lisa
+    M. Marvel of the United States Army Research Laboratory discovered
+    that Linux's implementation of the TCP Challenge ACK feature
+    results in a side channel that can be used to find TCP connections
+    between specific IP addresses, and to inject messages into those
+    connections.
+
+    Where a service is made available through TCP, this may allow
+    remote attackers to impersonate another connected user to the
+    server or to impersonate the server to another connected user.  In
+    case the service uses a protocol with message authentication
+    (e.g. TLS or SSH), this vulnerability only allows denial of
+    service (connection failure).  An attack takes tens of seconds, so
+    short-lived TCP connections are also unlikely to be vulnerable.
+
+    This may be mitigated by increasing the rate limit for TCP
+    Challenge ACKs so that it is never exceeded:
+        sysctl net.ipv4.tcp_challenge_ack_limit=1000000000
 
 CVE-2016-6136
 
-    Description
+    Pengfei Wang discovered that the audit subsystem has a
+    'double-fetch' or 'TOCTTOU' bug in its handling of special
+    characters in the name of an executable.  Where audit logging of
+    execve() is enabled, this allows a local user to generate
+    misleading log messages.
 
 CVE-2016-6480
 
-    Description
+    Pengfei Wang discovered that the aacraid driver for Adaptec RAID
+    controllers has a 'double-fetch' or 'TOCTTOU' bug in its
+    validation of 'FIB' messages passed through the ioctl() system
+    call.  This has no practical security impact in current Debian
+    releases.
 
 CVE-2016-6828
 
-    Description
+    Marco Grassi reported a 'use-after-free' bug in the TCP
+    implementation, which can be triggered by local users.  The
+    security impact is unclear, but might include denial of service or
+    privilege escalation.
 
 For the stable distribution (jessie), these problems have been fixed in
-version 3.16.36-1+deb8u1.
+version 3.16.36-1+deb8u1. In addition, this update contains several
+changes originally targeted for the upcoming jessie point release.
 
 We recommend that you upgrade your linux packages.