diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2016-07-03 07:25:50 +0000 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2016-07-03 07:25:50 +0000 |
| commit | 1c1754de09d02095610dec1e8c2013f4693b658c (patch) | |
| tree | 918bddb0de3fcbeae16145384bceb132347e5d49 /dsa-texts/3.16.7-ckt25-2+deb8u3 | |
| parent | 07cfa74c66770a53c9b8d0de7e58e09d3dcbddaa (diff) | |
Add initial proposed text for 3.16.7-ckt25-2+deb8u3 linux DSA
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4507 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/3.16.7-ckt25-2+deb8u3')
| -rw-r--r-- | dsa-texts/3.16.7-ckt25-2+deb8u3 | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/dsa-texts/3.16.7-ckt25-2+deb8u3 b/dsa-texts/3.16.7-ckt25-2+deb8u3 new file mode 100644 index 00000000..a96bf5df --- /dev/null +++ b/dsa-texts/3.16.7-ckt25-2+deb8u3 @@ -0,0 +1,59 @@ +From: Salvatore Bonaccorso <carnil@debian.org> +To: debian-security-announce@lists.debian.org +Subject: [SECURITY] [DSA EMBRGD-linux] linux security update + +------------------------------------------------------------------------- +Debian Security Advisory DSA-EMBRGD-linux security@debian.org +https://www.debian.org/security/ Salvatore Bonaccorso +July 03, 2016 https://www.debian.org/security/faq +------------------------------------------------------------------------- + +Package : linux +CVE ID : CVE-2014-9904 CVE-2016-5728 CVE-2016-5828 CVE-2016-5829 + CVE-2016-6130 +Debian Bug : 828914 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or information +leaks. + +CVE-2014-9904 + + It was discovered that the snd_compress_check_input function used in + the ALSA subsystem does not p roperly check for an interger + overflow, allowing a local user to cause a denial of service. + +CVE-2016-5728 + + Pengfei Wang discovered a race condition in the MIC VOP driver could + allow a local user to obtain sensitive information fr om kernel + memory or cause a denial of service. + +CVE-2016-5828 + + Cyril Bur and Michael Ellerman discovered a flaw in the handling of + Transactional Memory on powerpc systems allowing a local user to + cause a denial of service (kernel crash) by starting a transaction, + suspending it, and then calling any of the exec() class system + calls. + +CVE-2016-5829 + + A heap-based buffer overflow vulnerability was found in the hiddev + driver, allowing a local user to cause a denial of service. + +CVE-2016-6130 + + Pengfei Wang discovered a flaw in the S/390 character device drivers + potentially leading to information leak with /dev/sclp. + +For the stable distribution (jessie), these problems have been fixed in +version 3.16.7-ckt25-2+deb8u3. + +We recommend that you upgrade your linux packages. + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: https://www.debian.org/security/ + +Mailing list: debian-security-announce@lists.debian.org |