From 1c1754de09d02095610dec1e8c2013f4693b658c Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sun, 3 Jul 2016 07:25:50 +0000 Subject: Add initial proposed text for 3.16.7-ckt25-2+deb8u3 linux DSA git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4507 e094ebfe-e918-0410-adfb-c712417f3574 --- dsa-texts/3.16.7-ckt25-2+deb8u3 | 59 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 dsa-texts/3.16.7-ckt25-2+deb8u3 (limited to 'dsa-texts/3.16.7-ckt25-2+deb8u3') diff --git a/dsa-texts/3.16.7-ckt25-2+deb8u3 b/dsa-texts/3.16.7-ckt25-2+deb8u3 new file mode 100644 index 00000000..a96bf5df --- /dev/null +++ b/dsa-texts/3.16.7-ckt25-2+deb8u3 @@ -0,0 +1,59 @@ +From: Salvatore Bonaccorso +To: debian-security-announce@lists.debian.org +Subject: [SECURITY] [DSA EMBRGD-linux] linux security update + +------------------------------------------------------------------------- +Debian Security Advisory DSA-EMBRGD-linux security@debian.org +https://www.debian.org/security/ Salvatore Bonaccorso +July 03, 2016 https://www.debian.org/security/faq +------------------------------------------------------------------------- + +Package : linux +CVE ID : CVE-2014-9904 CVE-2016-5728 CVE-2016-5828 CVE-2016-5829 + CVE-2016-6130 +Debian Bug : 828914 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or information +leaks. + +CVE-2014-9904 + + It was discovered that the snd_compress_check_input function used in + the ALSA subsystem does not p roperly check for an interger + overflow, allowing a local user to cause a denial of service. + +CVE-2016-5728 + + Pengfei Wang discovered a race condition in the MIC VOP driver could + allow a local user to obtain sensitive information fr om kernel + memory or cause a denial of service. + +CVE-2016-5828 + + Cyril Bur and Michael Ellerman discovered a flaw in the handling of + Transactional Memory on powerpc systems allowing a local user to + cause a denial of service (kernel crash) by starting a transaction, + suspending it, and then calling any of the exec() class system + calls. + +CVE-2016-5829 + + A heap-based buffer overflow vulnerability was found in the hiddev + driver, allowing a local user to cause a denial of service. + +CVE-2016-6130 + + Pengfei Wang discovered a flaw in the S/390 character device drivers + potentially leading to information leak with /dev/sclp. + +For the stable distribution (jessie), these problems have been fixed in +version 3.16.7-ckt25-2+deb8u3. + +We recommend that you upgrade your linux packages. + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: https://www.debian.org/security/ + +Mailing list: debian-security-announce@lists.debian.org -- cgit v1.2.3