blob: 214b316667a2ca4971abc4923c50e86c617ba2b1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
Package : linux
CVE ID : CVE-2016-6786 CVE-2016-6787 CVE-2016-8405 CVE-2016-9191
CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2618
CVE-2017-5549 CVE-2017-5551 CVE-2017-5897 CVE-2017-5970
CVE-2017-6001 CVE-2017-6074
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or have other
impacts.
CVE-2016-6786 / CVE-2016-6787
It was discovered that the performance subsystem does not properly
manage locks during certain migrations, allowing a local attacker to
escalate privileges.
CVE-2016-8405
Peter Pi of Trend Micro discovered that the frame buffer video
subsystem does not properly check bounds while copying color maps to
userspace, causing a heap buffer out-of-bounds read, leading to
information disclosure.
CVE-2016-9191
CAI Qian discovered that reference counting is not properly handled
within proc_sys_readdir in the sysctl implementation, resulting in a
denial of service (system hang).
CVE-2017-2583
CVE-2017-2584
CVE-2017-2596
CVE-2017-2618
It was discovered that an off-by-one in the handling of selinux
attributes in /proc/pid/attr could result in local denial of
service.
CVE-2017-5549
It was discovered that the KLSI KL5KUSB105 serial USB device driver
could leak kernel memory, resulting in an information leak.
CVE-2017-5551
CVE-2017-5897
CVE-2017-5970
CVE-2017-6001
CVE-2017-6074
Andrey Konovalov discovered a use-after-free vulnerability in the DCCP
networking code, which could result in denial of service or local
privilege escalation.
For the stable distribution (jessie), these problems have been fixed in
version 3.16.39-1+deb8u1.
|