diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2016-09-03 13:07:02 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2016-09-03 13:07:02 +0000 |
commit | 34ee9f2e47ae66fc4b09383c37a2b454ea63ebbf (patch) | |
tree | 18b6e5a4adaf7b08231acb3940ebac8a1222314f /dsa-texts/3.16.36-1+deb8u1 | |
parent | c27cd685fced244de75a8ef438894243c6de56d8 (diff) |
dd DSA text based on Ben's text for the corresponding DLA in wheezy
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4616 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/3.16.36-1+deb8u1')
-rw-r--r-- | dsa-texts/3.16.36-1+deb8u1 | 45 |
1 files changed, 38 insertions, 7 deletions
diff --git a/dsa-texts/3.16.36-1+deb8u1 b/dsa-texts/3.16.36-1+deb8u1 index e19dfae2..709ab110 100644 --- a/dsa-texts/3.16.36-1+deb8u1 +++ b/dsa-texts/3.16.36-1+deb8u1 @@ -11,27 +11,58 @@ September 03, 2016 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2016-5696 CVE-2016-6136 CVE-2016-6480 CVE-2016-6828 - -Brief introduction +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or have other +impacts. CVE-2016-5696 - Description + Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V. + Krishnamurthy of the University of California, Riverside; and Lisa + M. Marvel of the United States Army Research Laboratory discovered + that Linux's implementation of the TCP Challenge ACK feature + results in a side channel that can be used to find TCP connections + between specific IP addresses, and to inject messages into those + connections. + + Where a service is made available through TCP, this may allow + remote attackers to impersonate another connected user to the + server or to impersonate the server to another connected user. In + case the service uses a protocol with message authentication + (e.g. TLS or SSH), this vulnerability only allows denial of + service (connection failure). An attack takes tens of seconds, so + short-lived TCP connections are also unlikely to be vulnerable. + + This may be mitigated by increasing the rate limit for TCP + Challenge ACKs so that it is never exceeded: + sysctl net.ipv4.tcp_challenge_ack_limit=1000000000 CVE-2016-6136 - Description + Pengfei Wang discovered that the audit subsystem has a + 'double-fetch' or 'TOCTTOU' bug in its handling of special + characters in the name of an executable. Where audit logging of + execve() is enabled, this allows a local user to generate + misleading log messages. CVE-2016-6480 - Description + Pengfei Wang discovered that the aacraid driver for Adaptec RAID + controllers has a 'double-fetch' or 'TOCTTOU' bug in its + validation of 'FIB' messages passed through the ioctl() system + call. This has no practical security impact in current Debian + releases. CVE-2016-6828 - Description + Marco Grassi reported a 'use-after-free' bug in the TCP + implementation, which can be triggered by local users. The + security impact is unclear, but might include denial of service or + privilege escalation. For the stable distribution (jessie), these problems have been fixed in -version 3.16.36-1+deb8u1. +version 3.16.36-1+deb8u1. In addition, this update contains several +changes originally targeted for the upcoming jessie point release. We recommend that you upgrade your linux packages. |