From 5354e208cc22167ae818e062a2068229e2176bc4 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Wed, 8 Mar 2017 15:28:00 +0000
Subject: Fill in advisory text for most issues fixed in 3.16.39-1+deb8u2

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5060 e094ebfe-e918-0410-adfb-c712417f3574
---
 dsa-texts/3.16.39-1+deb8u2 | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

(limited to 'dsa-texts/3.16.39-1+deb8u2')

diff --git a/dsa-texts/3.16.39-1+deb8u2 b/dsa-texts/3.16.39-1+deb8u2
index 427fac13..8d403dc9 100644
--- a/dsa-texts/3.16.39-1+deb8u2
+++ b/dsa-texts/3.16.39-1+deb8u2
@@ -25,12 +25,47 @@ CVE-2017-2636
     echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false
 
 CVE-2017-5669
+
+    Gareth Evans reported that privileged users can map memory at
+    address 0 through the shmat() system call. This could make it
+    easier to exploit other kernel security vulnerabilities via a
+    set-UID program.
+
 CVE-2017-5986
+
+    Alexander Popov reported a race condition in the SCTP
+    implementation that can be used by local users to cause a
+    denial-of-service (crash). The initial fix for this was incorrect
+    and introduced further security issues (CVE-2017-6353). This
+    update includes a later fix that avoids those. On systems that do
+    not already have the sctp module loaded, this can be mitigated by
+    disabling it:
+    echo >> /etc/modprobe.d/disable-sctp.conf install sctp false
+
 CVE-2017-6214
+
+    Dmitry Vyukov reported a bug in the TCP implementation's handling
+    of urgent data in the splice() system call. This can be used by a
+    remote attacker for denial-of-service (hang) against applications
+    that read from TCP sockets with splice().
+
 CVE-2017-6345
+
+    Andrey Konovalov reported that the LLC type 2 implementation
+    incorrectly assigns socket buffer ownership. This can be used
+    by a local user to cause a denial-of-service (crash). On systems
+    that do not already have the llc2 module loaded, this can be
+    mitigated by disabling it:
+    echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false
+
 CVE-2017-6346
+
+    Dmitry Vyukov reported a race condition in the raw packet (af_packet)
+    fanout feature. Local users with the CAP_NET_RAW capability (in any
+    user namespace) can use this for denial-of-service and possibly for
+    privilege escalation.
+
 CVE-2017-6348
-CVE-2017-6353
 
 For the stable distribution (jessie), these problems have been fixed in
 version 3.16.39-1+deb8u2.
-- 
cgit v1.2.3