ESB-2017.2075 - [Debian] Linux kernel: Multiple vulnerabilities 2017-08-18

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2075
                           linux security update
                              18 August 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux kernel
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Root Compromise          -- Existing Account
                   Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-1000365 CVE-2017-1000363 CVE-2017-11176
                   CVE-2017-10911 CVE-2017-9605 CVE-2017-7889
                   CVE-2017-7542 CVE-2017-7541 CVE-2017-7533
                   CVE-2017-7482 CVE-2017-7346 CVE-2014-9940

Reference:         ESB-2017.2033.2
                   ESB-2017.1981
                   ESB-2017.1639
                   ESB-2017.1548

Original Bulletin: 
   http://www.debian.org/security/2017/dsa-3945

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3945-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
August 17, 2017                       https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2014-9940 CVE-2017-7346 CVE-2017-7482 CVE-2017-7533
                 CVE-2017-7541 CVE-2017-7542 CVE-2017-7889 CVE-2017-9605
                 CVE-2017-10911 CVE-2017-11176 CVE-2017-1000363
                 CVE-2017-1000365

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2014-9940

    A use-after-free flaw in the voltage and current regulator driver
    could allow a local user to cause a denial of service or potentially
    escalate privileges.

CVE-2017-7346

    Li Qiang discovered that the DRM driver for VMware virtual GPUs does
    not properly check user-controlled values in the
    vmw_surface_define_ioctl() functions for upper limits. A local user
    can take advantage of this flaw to cause a denial of service.

CVE-2017-7482

    Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does
    not properly verify metadata, leading to information disclosure,
    denial of service or potentially execution of arbitrary code.

CVE-2017-7533

    Fan Wu and Shixiong Zhao discovered a race condition between inotify
    events and VFS rename operations allowing an unprivileged local
    attacker to cause a denial of service or escalate privileges.

CVE-2017-7541

    A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN
    driver could allow a local user to cause kernel memory corruption,
    leading to a denial of service or potentially privilege escalation.

CVE-2017-7542

    An integer overflow vulnerability in the ip6_find_1stfragopt()
    function was found allowing a local attacker with privileges to open
    raw sockets to cause a denial of service.

CVE-2017-7889

    Tommi Rantala and Brad Spengler reported that the mm subsystem does
    not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,
    allowing a local attacker with access to /dev/mem to obtain
    sensitive information or potentially execute arbitrary code.

CVE-2017-9605

    Murray McAllister discovered that the DRM driver for VMware virtual
    GPUs does not properly initialize memory, potentially allowing a
    local attacker to obtain sensitive information from uninitialized
    kernel memory via a crafted ioctl call.

CVE-2017-10911 / XSA-216

    Anthony Perard of Citrix discovered an information leak flaw in Xen
    blkif response handling, allowing a malicious unprivileged guest to
    obtain sensitive information from the host or other guests.

CVE-2017-11176

    It was discovered that the mq_notify() function does not set the
    sock pointer to NULL upon entry into the retry logic. An attacker
    can take advantage of this flaw during a userspace close of a
    Netlink socket to cause a denial of service or potentially cause
    other impact.

CVE-2017-1000363

    Roee Hay reported that the lp driver does not properly bounds-check
    passed arguments, allowing a local attacker with write access to the
    kernel command line arguments to execute arbitrary code.

CVE-2017-1000365

    It was discovered that argument and environment pointers are not
    taken properly into account to the imposed size restrictions on
    arguments and environmental strings passed through
    RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of
    this flaw in conjunction with other flaws to execute arbitrary code.

For the oldstable distribution (jessie), these problems have been fixed
in version 3.16.43-2+deb8u3.

We recommend that you upgrade your linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmV4s9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SZMhAAhBfaeydc3sP6ce4m24nh4FJRrkZudj04Z1Kloq5+diW3zc1ZzQV6+75x
QZTCmQKqFL7ueLb+jB3whCfg4BHbeTygu3+6eIAYyWFDpmfFRIAjVtLE6HAwC5cr
MM1DyA0AhxtcquoBiCvsmIxKRq5akVn0vSBL4qg3+DXTmjrV1ZGNmECLa5SUO7MF
idIUyvEMOX1TmMAEZBaQqslg4o4lgXXiL9GgB2rbFnPDzHQENZ1li/jkP5iFhSGH
s4mFj0pkwlVYoIa6xdC69kQI49USbpUv5okdthsuDKmm2oj/TuozOIAdcsNFTfts
wYLRic8OrhSYD1ZeXdy6FVzMb5s1alm2zcmDu7xQwSKy5TtVJII+DPWn9EonQaK9
OfazCvQBJ4Tip6CEBl0NFACIO9Y6+ExF2Ens/jJwAWDYOWkGGLTjsWf6TlxAGshl
c8TLvDfZW7hFcs8fPc9YFQQA1OyUA1GCPlLhXltGV2kwIN+iaR3vk/DrJ0kEaaZz
/rklgqvhfYmtx0Hp3pmwJkHCj/S3zIfK8AvZ+SU2hYw9TUxm02JHig/GSbF3eiwL
DvP1PVbXwT9n6ePw0yMkkfaEZBCGFWFnvT2kTBQhSYBfUVLo1KVOJ5gmPdxHda0b
lgtZszmHa+bj5C6DN/OMGBZC/7wgbt7jEyZht3Ke+20z2n+z/yE=
=Dibe
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWZZKeYx+lLeg9Ub1AQg3cA/+MTB4y5KSQ82bzeXeq8Jh9zP71/67oaO8
H+nBt9NQP26Evm5godEZftfS/PYQiDVeWSWyay14yVAaCoRilqiuiC29cp6xaUWp
Ryhwy9ukC0KudnqMRa/nzWoGTFmsnFjT5HRouWt7FQZupU0Sx5iYCnsVR9Hs8RPd
FfKfCKIMGfhGZCJBfcyeYIiXYRfj+G33RtEAWwN/BnetyRiVaqgLPTGpf2sRvb0N
+voVRU9SYOFtLqVlkJ4SuGOplzLqeI7m/2x/dmyj5DEWaYbsralcdpmJToJS5dRy
Xs8pZaDwH/5vWmI1IYPI2h+KRHy3xPZQsY6Cuq/ywQkvEdFJtAx4VK96Q8hOb5Eo
ZFby1kzGaqXpku/FSfSakmljfFEFsTj3SEAVawhH4LkeZeLgLMlbr9XBC/9RcLDi
F91m9qvdpX5LoqKb23o89BaaO7zX8S3HaIyeUmk9c8sqD4eBjHzUkZtvW0LU84o6
rSsgzx9MKWDr0rBZtfEDlyOb0ioVeboafJovT4uQUVNn6tOia615pARAahGH64Yp
uY3rP0NlE9k2xBujVEz3SQTeu065jcdvrr+08BYVCJw990CjEL5nl0/zSogbDqUN
qSWKP0DN7jYqNTeKSMy9mQnd3cNFrSRGVbj2hToflSYpGOPiWnHUNIfT0lMxLAYC
EC2lyXzK1CA=
=vNjP
-----END PGP SIGNATURE-----

« Back to bulletins