copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2016.0026 - [Debian] kernel: Multiple vulnerabilities

Date: 06 January 2016
References: ESB-2015.3170  ESB-2016.0717  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.0026
                           linux security update
                              6 January 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
                   Debian GNU/Linux 8
Impact/Access:     Root Compromise          -- Existing Account
                   Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-8709 CVE-2015-8575 CVE-2015-8569
                   CVE-2015-8552 CVE-2015-8551 CVE-2015-8550
                   CVE-2015-8543 CVE-2015-7550 CVE-2015-7513

Reference:         ESB-2015.3170

Original Bulletin: 
   http://www.debian.org/security/2016/dsa-3434

Comment: This advisory references vulnerabilities in the Linux kernel that 
         also affect distributions other than Debian. It is recommended that
         administrators running Linux check for an updated version of the 
         kernel for their system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3434-1                   security@debian.org
https://www.debian.org/security/                            Ben Hutchings
January 05, 2016                      https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2015-7513 CVE-2015-7550 CVE-2015-8543 CVE-2015-8550
                 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575
                 CVE-2015-8709
Debian Bug     : 808293 808602 808953 808973

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leak.

CVE-2015-7513

    It was discovered that a local user permitted to use the x86 KVM
    subsystem could configure the PIT emulation to cause a denial of
    service (crash).

CVE-2015-7550

    Dmitry Vyukov discovered a race condition in the keyring subsystem
    that allows a local user to cause a denial of service (crash).

CVE-2015-8543

    It was discovered that a local user permitted to create raw sockets
    could cause a denial-of-service by specifying an invalid protocol
    number for the socket. The attacker must have the CAP_NET_RAW
    capability.

CVE-2015-8550

    Felix Wilhelm of ERNW discovered that the Xen PV backend drivers
    may read critical data from shared memory multiple times. This
    flaw can be used by a guest kernel to cause a denial of service
    (crash) on the host, or possibly for privilege escalation.

CVE-2015-8551 / CVE-2015-8552

    Konrad Rzeszutek Wilk of Oracle discovered that the Xen PCI
    backend driver does not adequately validate the device state when
    a guest configures MSIs. This flaw can be used by a guest kernel
    to cause a denial of service (crash or disk space exhaustion) on
    the host.

CVE-2015-8569

    Dmitry Vyukov discovered a flaw in the PPTP sockets implementation
    that leads to an information leak to local users.

CVE-2015-8575

    David Miller discovered a flaw in the Bluetooth SCO sockets
    implementation that leads to an information leak to local users.

CVE-2015-8709

    Jann Horn discovered a flaw in the permission checks for use of
    the ptrace feature. A local user who has the CAP_SYS_PTRACE
    capability within their own user namespace could use this flaw for
    privilege escalation if a more privileged process ever enters that
    user namespace. This affects at least the LXC system.

In addition, this update fixes some regressions in the previous update:

#808293

    A regression in the UDP implementation prevented freeradius and
    some other applications from receiving data.

#808602 / #808953

    A regression in the USB XHCI driver prevented use of some devices
    in USB 3 SuperSpeed ports.

#808973

    A fix to the radeon driver interacted with an existing bug to
    cause a crash at boot when using some AMD/ATI graphics cards.
    This issue only affects wheezy.

For the oldstable distribution (wheezy), these problems have been fixed
in version 3.2.73-2+deb7u2. The oldstable distribution (wheezy) is not
affected by CVE-2015-8709.

For the stable distribution (jessie), these problems have been fixed in
version 3.16.7-ckt20-1+deb8u2. CVE-2015-8543 was already fixed in
version 3.16.7-ckt20-1+deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 4.3.3-3 or earlier.

We recommend that you upgrade your linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWjBbGAAoJEAVMuPMTQ89El7kP/3TOtmjdyNYTa1z0twoANq1k
b2S0mI5AH4DtDJ8o8HuXIEZNo+wxTmNsGDtJllqIjeP3lZkb3abDHDEbKcMRfOoH
GE0nQZU8u9TCcvGJkxn+KIYOw2Gtt5LE3o2aNS1Y4ZX1zPEuHl0YO37AdeAVCvT4
gGev9KSn9U3eAQL9QMyqMWRjtN93ORZTFCPXVeeN3+BVYITIDhd57oNvtU5YSn30
vPIMHMzcQ6FTg9WbLtu4pV3pI9wHyQYJJWcfWJLimW51nEd6RHoNNGOFOqstYZtg
92VvkSlYBhDX9exdZVg3bYPe4YkBDPc1OY4gXQtpEHjMvZGFwHlvCm+CmCh6Vm6P
rzMchvGtQhwGD8LMz5opIYorG9EGQ7FX+63smNAQv6Z6xNaFeuJWA5i2mJmp4pjE
3sqG3gYtOnocWbkTlbu4nzHRJzrktJLtPGGQUZbSKL8BXHWsJ1CZ1JAjk2AeM7Z+
Abo5WvnxjNLZkZkke3pJ4wnSKTlH+EVaRlsWH/R4sffFIoFvCPQfei0qlMg8aibl
8W8p3hqa6sWCdCef9r178Xkvn6ncYstKUKIoARtTw42+Z20l1XtK9IZHkwlN9VF1
zFukobVRpLiOuxjULiiNq05FYYl6fazVKeOr1lnQ4Hr4yjiNViEWhpUnq0+WeYW+
dpdyXxOHx3Ku/AHah94F
=vJT4
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVoxnmX6ZAP0PgtI9AQLKShAAokUtzUWcQZiESLKNgwrK9WgQTu+lKb++
TUyWXWppSkFED690AtnBdazjo4jWPX1QNUq5xRfgavIKIcX25v/jW3E3YDmGH2Zf
ZhYAcZmZpTF0qSf9RxLyK2H7VOPAushdrwA3ItWBSRK1mX1aTOXeosfME1H+pKbq
KGXz9mia0bAUud0tEkepfoVHUCexZQh3ABGGk6lZiccMaRxH+qlFK1Nqi13R6z+F
w9VIFX84EpPC4xGwOdXwzyk3j/2y3ocnfCYxD03CuhmhSNrx9Y5G5no4NnywR0k6
NIHC47OQIJroNTnPL7HINnZgbsyuMc17vNZ983SKtyByht8/jFxs6wklVjex07Sn
SpSgP9QTLxwOF8Lfv2iKPAN5YD5SXVyoHoE45eLyBDBhSBlOTdiQhPMEhuo0ZdlC
Ck17vz4Kgp/sTVVkMqdwXWl4if/hzxTz5ZSb12J4EcvlbNGeIsZ6T+8zn5u4yj8P
MbBMXucbpzPckLabXsWTzS8RTN625CeR3d0FDuDW+caMaL+prUuA7fXQNIEKC+se
Icj9SMvdQj6Jb0cyvUOFSok4J0DZ2ICMl2ZKY1Ac0VfIY+jW2l/sDFUMqAReaqwq
JoShXbKw4CgooaBat67GHqgq5gcCkjO59xXLmnUiudpZ3guJr5XqbkocWCWVRpg4
6IjlH1CeCAc=
=lrXi
-----END PGP SIGNATURE-----