Add DSA text for jessie update (3.16.51-3+deb8u1)

1 files changed, 140 insertions, 0 deletions

diff --git a/dsa-texts/3.16.51-3+deb8u1 b/dsa-texts/3.16.51-3+deb8u1
new file mode 100644
index 00000000..604c7616
--- /dev/null
+++ b/dsa-texts/3.16.51-3+deb8u1
@@ -0,0 +1,140 @@
+Package        : linux
+CVE ID         : CVE-2017-5754 CVE-2017-8824 CVE-2017-15868 CVE-2017-16538
+                 CVE-2017-16939 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450
+                 CVE-2017-17558 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806
+                 CVE-2017-17807 CVE-2017-1000407 CVE-2017-1000410
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2017-5754
+
+    Multiple researchers have discovered a vulnerability in Intel
+    processors, enabling an attacker controlling an unprivileged
+    process to read memory from arbitrary addresses, including from
+    the kernel and all other processes running on the system.
+
+    This specific attack has been named Meltdown and is addressed in
+    the Linux kernel for the Intel x86-64 architecture by a patch set
+    named Kernel Page Table Isolation, enforcing a near complete
+    separation of the kernel and userspace address maps and preventing
+    the attack. This solution might have a performance impact, and can
+    be disabled at boot time by passing `pti=off' to the kernel
+    command line.
+
+CVE-2017-8824
+
+    Mohamed Ghannam discovered that the DCCP implementation did not
+    correctly manage resources when a socket is disconnected and
+    reconnected, potentially leading to a use-after-free.  A local
+    user could use this for denial of service (crash or data
+    corruption) or possibly for privilege escalation.  On systems that
+    do not already have the dccp module loaded, this can be mitigated
+    by disabling it:
+    echo >> /etc/modprobe.d/disable-dccp.conf install dccp false
+
+CVE-2017-15868
+
+    Al Viro found that the Bluebooth Network Encapsulation Protocol
+    (BNEP) implementation did not validate the type of the second
+    socket passed to the BNEPCONNADD ioctl(), which could lead to
+    memory corruption.  A local user with the CAP_NET_ADMIN capability
+    can use this for denial of service (crash or data corruption) or
+    possibly for privilege escalation.
+
+CVE-2017-16538
+
+    Andrey Konovalov reported that the dvb-usb-lmedm04 media driver
+    did not correctly handle some error conditions during
+    initialisation.  A physically present user with a specially
+    designed USB device can use this to cause a denial of service
+    (crash).
+
+CVE-2017-16939
+
+    Mohamed Ghannam reported (through Beyond Security's SecuriTeam
+    Secure Disclosure program) that the IPsec (xfrm) implementation
+    did not correctly handle some failure cases when dumping policy
+    information through netlink.  A local user with the CAP_NET_ADMIN
+    capability can use this for denial of service (crash or data
+    corruption) or possibly for privilege escalation.
+
+CVE-2017-17448
+
+    Kevin Cernekee discovered that the netfilter subsystem allowed
+    users with the CAP_NET_ADMIN capability in any user namespace, not
+    just the root namespace, to enable and disable connection tracking
+    helpers.  This could lead to denial of service, violation of
+    network security policy, or have other impact.
+
+CVE-2017-17449
+
+    Kevin Cernekee discovered that the netlink subsystem allowed
+    users with the CAP_NET_ADMIN capability in any user namespace
+    to monitor netlink traffic in all net namespaces, not just
+    those owned by that user namespace.  This could lead to
+    exposure of sensitive information.
+
+CVE-2017-17450
+
+    Kevin Cernekee discovered that the xt_osf module allowed users
+    with the CAP_NET_ADMIN capability in any user namespace to modify
+    the global OS fingerprint list.
+
+CVE-2017-17558
+
+    Andrey Konovalov reported that that USB core did not correctly
+    handle some error conditions during initialisation.  A physically
+    present user with a specially designed USB device can use this to
+    cause a denial of service (crash or memory corruption), or
+    possibly for privilege escalation.
+
+CVE-2017-17741
+
+    Dmitry Vyukov reported that the KVM implementation for x86 would
+    over-read data from memory when emulating an MMIO write if the
+    kvm_mmio tracepoint was enabled.  A guest virtual machine might be
+    able to use this to cause a denial of service (crash).
+
+CVE-2017-17805
+
+    Dmitry Vyukov reported that the KVM implementation for x86 would
+    over-read data from memory when emulating an MMIO write if the
+    kvm_mmio tracepoint was enabled.  A guest virtual machine might be
+    able to use this to cause a denial of service (crash).
+
+CVE-2017-17806
+
+    It was discovered that the HMAC implementation could be used with
+    an underlying hash algorithm that requires a key, which was not
+    intended.  A local user could use this to cause a denial of
+    service (crash or memory corruption), or possibly for privilege
+    escalation.
+
+CVE-2017-17807
+
+    Eric Biggers discovered that the KEYS subsystem lacked a check for
+    write permission when adding keys to a process's default keyring.
+    A local user could use this to cause a denial of service or to
+    obtain sensitive information.
+
+CVE-2017-1000407
+
+    Andrew Honig reported that the KVM implementation for Intel
+    processors allowed direct access to host I/O port 0x80, which
+    is not generally safe.  On some systems this allows a guest
+    VM to cause a denial of service (crash) of the host.
+
+CVE-2017-1000410
+
+    Ben Seri reported that the Bluetooth subsystem did not correctly
+    handle short EFS information elements in L2CAP messages.  An
+    attacker able to communicate over Bluetooth could use this to
+    obtain sensitive information from the kernel.
+
+For the oldstable distribution (jessie), these problem have been fixed in
+version 3.16.51-3+deb8u1.
+
+For the stable distribution (stretch), these problems have been fixed in
+version 4.9.65-3+deb9u2 or were fixed in an earlier version.