[kernel-sec-discuss] r3694 - dsa-texts

Ben Hutchings benh at moszumanska.debian.org
Sun Feb 22 22:49:59 UTC 2015


Author: benh
Date: 2015-02-22 22:49:59 +0000 (Sun, 22 Feb 2015)
New Revision: 3694

Added:
   dsa-texts/3.2.65-1+deb7u2
Log:
Add DSA text for 3.2.65-1+deb7u2

Added: dsa-texts/3.2.65-1+deb7u2
===================================================================
--- dsa-texts/3.2.65-1+deb7u2	                        (rev 0)
+++ dsa-texts/3.2.65-1+deb7u2	2015-02-22 22:49:59 UTC (rev 3694)
@@ -0,0 +1,102 @@
+----------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1                security at debian.org
+http://www.debian.org/security/                          Ben Hutchings
+February XX, 2015                   http://www.debian.org/security/faq
+----------------------------------------------------------------------
+
+Package        : linux
+CVE ID         : CVE-2013-7421 CVE-2014-7822 CVE-2014-8160 CVE-2014-8559
+                 CVE-2014-9585 CVE-2014-9644 CVE-2014-9683 CVE-2015-0239
+                 CVE-2015-1420 CVE-2015-1421 CVE-2015-1593
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a denial of service, information leak or privilege
+escalation.
+
+CVE-2013-7421, CVE-2014-9644
+
+    It was discovered that the Crypto API allowed unprivileged users
+    to load arbitrary kernel modules. A local user can use this flaw
+    to exploit vulnerabilities in modules that would not normally be
+    loaded.
+
+CVE-2014-7822
+
+    It was found that the splice() system call did not validate the
+    given file offset and length. A local unprivileged user can use
+    this flaw to cause filesystem corruption on ext4 filesystems, or
+    possibly other effects.
+
+CVE-2014-8160
+
+    It was found that a netfilter (iptables or ip6tables) rule
+    accepting packets to a specific SCTP, DCCP, GRE or UDPlite
+    port/endpoint could result in incorrect connection tracking state.
+    If only the generic connection tracking module (nf_conntrack) was
+    loaded, and not the protocol-specific connection tracking module,
+    this would allow access to any port/endpoint of the specified
+    protocol.
+
+CVE-2014-8559
+
+    It was found that kernel functions that iterate over a directory
+    tree can dead-lock or live-lock in case some of the directory
+    entries were recently deleted or dropped from the cache. A local
+    unprivileged user can use this flaw for denial of service.
+
+CVE-2014-9585
+
+    It was discovered that address randomisation for the vDSO in
+    64-bit processes is extremely biassed. A local unprivileged user
+    could potentially use this flaw to bypass the ASLR protection
+    mechanism.
+
+CVE-2014-9683
+
+    Dmitry Chernenkov used KASAN to discover that eCryptfs writes past
+    the end of the allocated buffer during encrypted filename
+    decoding.
+
+CVE-2015-0239
+
+    It was found that KVM did not correctly emulate the x86 SYSENTER
+    instruction. An unprivileged user within a guest system that has
+    not enabled SYSENTER, for example because the emulated CPU vendor
+    is AMD, could potentially use this flaw to cause a denial of
+    service or privilege escalation in that guest.
+
+CVE-2015-1420
+
+    It was discovered that the open_by_handle_at() system call reads
+    the handle size from user memory a second time after validating
+    it. A local user with the CAP_DAC_READ_SEARCH capability could use
+    this flaw for privilege escalation.
+
+CVE-2015-1421
+
+    It was found that the SCTP implementation could free
+    authentication state while it was still in use, resulting in heap
+    corruption. This could allow remote users to cause a denial of
+    service or privilege escalation.
+
+CVE-2015-1593
+
+    It was found that address randomisation for the initial stack in
+    64-bit processes was limited to 20 rather than 22 bits of entropy.
+    A local unprivileged user could potentially use this flaw to
+    bypass the ASLR protection mechanism.
+
+For the stable distribution (wheezy), these issues have been fixed in
+version 3.2.65-1+deb7u2. Additionally this update fixes regressions
+introduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.
+
+For the upcoming stable distribution (jessie) and the unstable
+distribution (sid), these problems will be fixed soon.
+
+We recommend that you upgrade your linux packages.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: https://www.debian.org/security/
+
+Mailing list: debian-security-announce at lists.debian.org




More information about the kernel-sec-discuss mailing list