diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2015-04-27 08:50:42 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2015-04-27 08:50:42 +0000 |
commit | 36ce71f40118c2199d15a2eed7ea8eac14875c6d (patch) | |
tree | cdc2e8e99c5d0681574496a26ebe73218a846791 /dsa-texts/3.16.7-ckt9-3~deb8u1 | |
parent | 0c199db164ef004c3aed00e3e1635063c0a65ef3 (diff) |
Add DSA text from DSA-3237-1
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3763 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/3.16.7-ckt9-3~deb8u1')
-rw-r--r-- | dsa-texts/3.16.7-ckt9-3~deb8u1 | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/dsa-texts/3.16.7-ckt9-3~deb8u1 b/dsa-texts/3.16.7-ckt9-3~deb8u1 new file mode 100644 index 00000000..c4eb01ac --- /dev/null +++ b/dsa-texts/3.16.7-ckt9-3~deb8u1 @@ -0,0 +1,127 @@ +From: Ben Hutchings <benh@debian.org> +To: debian-security-announce@lists.debian.org +Subject: [DSA 3237-1] linux security update + +------------------------------------------------------------------------- +Debian Security Advisory DSA-3237-1 security@debian.org +http://www.debian.org/security/ Ben Hutchings +April 26, 2015 http://www.debian.org/security/faq +------------------------------------------------------------------------- + +Package : linux +CVE ID : CVE-2014-8159 CVE-2014-9715 CVE-2015-2041 CVE-2015-2042 + CVE-2015-2150 CVE-2015-2830 CVE-2015-2922 CVE-2015-3331 + CVE-2015-3332 CVE-2015-3339 +Debian Bug : 741667 782515 782561 782698 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or information +leaks. + +CVE-2014-8159 + + It was found that the Linux kernel's InfiniBand/RDMA subsystem did + not properly sanitize input parameters while registering memory + regions from user space via the (u)verbs API. A local user with + access to a /dev/infiniband/uverbsX device could use this flaw to + crash the system or, potentially, escalate their privileges on the + system. + +CVE-2014-9715 + + It was found that the netfilter connection tracking subsystem used + too small a type as an offset within each connection's data + structure, following a bug fix in Linux 3.2.33 and 3.6. In some + configurations, this would lead to memory corruption and crashes + (even without malicious traffic). This could potentially also + result in violation of the netfilter policy or remote code + execution. + + This can be mitigated by disabling connection tracking accounting: + sysctl net.netfilter.nf_conntrack_acct=0 + +CVE-2015-2041 + + Sasha Levin discovered that the LLC subsystem exposed some variables + as sysctls with the wrong type. On a 64-bit kernel, this possibly + allows privilege escalation from a process with CAP_NET_ADMIN + capability; it also results in a trivial information leak. + +CVE-2015-2042 + + Sasha Levin discovered that the RDS subsystem exposed some variables + as sysctls with the wrong type. On a 64-bit kernel, this results in + a trivial information leak. + +CVE-2015-2150 + + Jan Beulich discovered that Xen guests are currently permitted to + modify all of the (writable) bits in the PCI command register of + devices passed through to them. This in particular allows them to + disable memory and I/O decoding on the device unless the device is + an SR-IOV virtual function, which can result in denial of service + to the host. + +CVE-2015-2830 + + Andrew Lutomirski discovered that when a 64-bit task on an amd64 + kernel makes a fork(2) or clone(2) system call using int $0x80, the + 32-bit compatibility flag is set (correctly) but is not cleared on + return. As a result, both seccomp and audit will misinterpret the + following system call by the task(s), possibly leading to a + violation of security policy. + +CVE-2015-2922 + + Modio AB discovered that the IPv6 subsystem would process a router + advertisement that specifies no route but only a hop limit, which + would then be applied to the interface that received it. This can + result in loss of IPv6 connectivity beyond the local network. + + This may be mitigated by disabling processing of IPv6 router + advertisements if they are not needed: + sysctl net.ipv6.conf.default.accept_ra=0 + sysctl net.ipv6.conf.<interface>.accept_ra=0 + +CVE-2015-3331 + + Stephan Mueller discovered that the optimised implementation of + RFC4106 GCM for x86 processors that support AESNI miscalculated + buffer addresses in some cases. If an IPsec tunnel is configured to + use this mode (also known as AES-GCM-ESP) this can lead to memory + corruption and crashes (even without malicious traffic). This could + potentially also result in remote code execution. + +CVE-2015-3332 + + Ben Hutchings discovered that the TCP Fast Open feature regressed + in Linux 3.16.7-ckt9, resulting in a kernel BUG when it is used. + This can be used as a local denial of service. + +CVE-2015-3339 + + It was found that the execve(2) system call can race with inode + attribute changes made by chown(2). Although chown(2) clears the + setuid/setgid bits of a file if it changes the respective owner ID, + this race condition could result in execve(2) setting effective + uid/gid to the new owner ID, a privilege escalation. + +For the oldstable distribution (wheezy), these problems have been fixed +in version 3.2.68-1+deb7u1. The linux package in wheezy is not affected +by CVE-2015-3332. + +For the stable distribution (jessie), these problems have been fixed in +version 3.16.7-ckt9-3~deb8u1 or earlier versions. Additionally, this +version fixes a regression in the xen-netfront driver (#782698). + +For the unstable distribution (sid), these problems have been fixed in +version 3.16.7-ckt9-3 or earlier versions. Additionally, this version +fixes a regression in the xen-netfront driver (#782698). + +We recommend that you upgrade your linux packages. + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: https://www.debian.org/security/ + +Mailing list: debian-security-announce@lists.debian.org |