dsa-texts/3.16.39-1+deb8u1


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

Package        : linux
CVE ID         : CVE-2016-6786 CVE-2016-6787 CVE-2016-8405 CVE-2016-9191
                 CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2618
                 CVE-2017-5549 CVE-2017-5551 CVE-2017-5897 CVE-2017-5970
                 CVE-2017-6001 CVE-2017-6074

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or have other
impacts.

CVE-2016-6786 / CVE-2016-6787

    It was discovered that the performance subsystem does not properly
    manage locks during certain migrations, allowing a local attacker to
    escalate privileges.

CVE-2016-8405

    Peter Pi of Trend Micro discovered that the frame buffer video
    subsystem does not properly check bounds while copying color maps to
    userspace, causing a heap buffer out-of-bounds read, leading to
    information disclosure.

CVE-2016-9191

    CAI Qian discovered that reference counting is not properly handled
    within proc_sys_readdir in the sysctl implementation, resulting in a
    denial of service (system hang).

CVE-2017-2583
CVE-2017-2584
CVE-2017-2596
CVE-2017-2618

    It was discovered that an off-by-one in the handling of selinux
    attributes in /proc/pid/attr could result in local denial of
    service.

CVE-2017-5549

    It was discovered that the KLSI KL5KUSB105 serial USB device driver
    could leak kernel memory, resulting in an information leak.

CVE-2017-5551

    Jan Kara found that changing the POSIX ACL of a file on tmpfs never
    cleared its set-group-ID flag, which should be done if the user
    changing it is not a member of the group-owner. In some cases, this
    would allow the user-owner of an executable to gain the privileges
    of the group-owner.

CVE-2017-5897

    Andrey Konovalov discovered an out-of-bounds access flaw in the
    ip6gre_err function in the IPv6 networking code.

CVE-2017-5970

    Andrey Konovalov discovered a denial-of-service flaw in the IPv4
    networking code, triggerable by sending bad IP options on a socket.

CVE-2017-6001
CVE-2017-6074

    Andrey Konovalov discovered a use-after-free vulnerability in the
    DCCP networking code, which could result in denial of service or
    local privilege escalation.

For the stable distribution (jessie), these problems have been fixed in
version 3.16.39-1+deb8u1.