From c337bef0bb69b724124506d0481703c1dd28078a Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 9 Jan 2018 01:52:18 +0000 Subject: Add DSA text for jessie update (3.16.51-3+deb8u1) --- dsa-texts/3.16.51-3+deb8u1 | 140 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 dsa-texts/3.16.51-3+deb8u1 (limited to 'dsa-texts/3.16.51-3+deb8u1') diff --git a/dsa-texts/3.16.51-3+deb8u1 b/dsa-texts/3.16.51-3+deb8u1 new file mode 100644 index 00000000..604c7616 --- /dev/null +++ b/dsa-texts/3.16.51-3+deb8u1 @@ -0,0 +1,140 @@ +Package : linux +CVE ID : CVE-2017-5754 CVE-2017-8824 CVE-2017-15868 CVE-2017-16538 + CVE-2017-16939 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 + CVE-2017-17558 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 + CVE-2017-17807 CVE-2017-1000407 CVE-2017-1000410 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or information +leaks. + +CVE-2017-5754 + + Multiple researchers have discovered a vulnerability in Intel + processors, enabling an attacker controlling an unprivileged + process to read memory from arbitrary addresses, including from + the kernel and all other processes running on the system. + + This specific attack has been named Meltdown and is addressed in + the Linux kernel for the Intel x86-64 architecture by a patch set + named Kernel Page Table Isolation, enforcing a near complete + separation of the kernel and userspace address maps and preventing + the attack. This solution might have a performance impact, and can + be disabled at boot time by passing `pti=off' to the kernel + command line. + +CVE-2017-8824 + + Mohamed Ghannam discovered that the DCCP implementation did not + correctly manage resources when a socket is disconnected and + reconnected, potentially leading to a use-after-free. A local + user could use this for denial of service (crash or data + corruption) or possibly for privilege escalation. On systems that + do not already have the dccp module loaded, this can be mitigated + by disabling it: + echo >> /etc/modprobe.d/disable-dccp.conf install dccp false + +CVE-2017-15868 + + Al Viro found that the Bluebooth Network Encapsulation Protocol + (BNEP) implementation did not validate the type of the second + socket passed to the BNEPCONNADD ioctl(), which could lead to + memory corruption. A local user with the CAP_NET_ADMIN capability + can use this for denial of service (crash or data corruption) or + possibly for privilege escalation. + +CVE-2017-16538 + + Andrey Konovalov reported that the dvb-usb-lmedm04 media driver + did not correctly handle some error conditions during + initialisation. A physically present user with a specially + designed USB device can use this to cause a denial of service + (crash). + +CVE-2017-16939 + + Mohamed Ghannam reported (through Beyond Security's SecuriTeam + Secure Disclosure program) that the IPsec (xfrm) implementation + did not correctly handle some failure cases when dumping policy + information through netlink. A local user with the CAP_NET_ADMIN + capability can use this for denial of service (crash or data + corruption) or possibly for privilege escalation. + +CVE-2017-17448 + + Kevin Cernekee discovered that the netfilter subsystem allowed + users with the CAP_NET_ADMIN capability in any user namespace, not + just the root namespace, to enable and disable connection tracking + helpers. This could lead to denial of service, violation of + network security policy, or have other impact. + +CVE-2017-17449 + + Kevin Cernekee discovered that the netlink subsystem allowed + users with the CAP_NET_ADMIN capability in any user namespace + to monitor netlink traffic in all net namespaces, not just + those owned by that user namespace. This could lead to + exposure of sensitive information. + +CVE-2017-17450 + + Kevin Cernekee discovered that the xt_osf module allowed users + with the CAP_NET_ADMIN capability in any user namespace to modify + the global OS fingerprint list. + +CVE-2017-17558 + + Andrey Konovalov reported that that USB core did not correctly + handle some error conditions during initialisation. A physically + present user with a specially designed USB device can use this to + cause a denial of service (crash or memory corruption), or + possibly for privilege escalation. + +CVE-2017-17741 + + Dmitry Vyukov reported that the KVM implementation for x86 would + over-read data from memory when emulating an MMIO write if the + kvm_mmio tracepoint was enabled. A guest virtual machine might be + able to use this to cause a denial of service (crash). + +CVE-2017-17805 + + Dmitry Vyukov reported that the KVM implementation for x86 would + over-read data from memory when emulating an MMIO write if the + kvm_mmio tracepoint was enabled. A guest virtual machine might be + able to use this to cause a denial of service (crash). + +CVE-2017-17806 + + It was discovered that the HMAC implementation could be used with + an underlying hash algorithm that requires a key, which was not + intended. A local user could use this to cause a denial of + service (crash or memory corruption), or possibly for privilege + escalation. + +CVE-2017-17807 + + Eric Biggers discovered that the KEYS subsystem lacked a check for + write permission when adding keys to a process's default keyring. + A local user could use this to cause a denial of service or to + obtain sensitive information. + +CVE-2017-1000407 + + Andrew Honig reported that the KVM implementation for Intel + processors allowed direct access to host I/O port 0x80, which + is not generally safe. On some systems this allows a guest + VM to cause a denial of service (crash) of the host. + +CVE-2017-1000410 + + Ben Seri reported that the Bluetooth subsystem did not correctly + handle short EFS information elements in L2CAP messages. An + attacker able to communicate over Bluetooth could use this to + obtain sensitive information from the kernel. + +For the oldstable distribution (jessie), these problem have been fixed in +version 3.16.51-3+deb8u1. + +For the stable distribution (stretch), these problems have been fixed in +version 4.9.65-3+deb9u2 or were fixed in an earlier version. -- cgit v1.2.3