[kernel-sec-discuss] r4507 - dsa-texts
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Jul 3 07:25:50 UTC 2016
Author: carnil
Date: 2016-07-03 07:25:50 +0000 (Sun, 03 Jul 2016)
New Revision: 4507
Added:
dsa-texts/3.16.7-ckt25-2+deb8u3
Log:
Add initial proposed text for 3.16.7-ckt25-2+deb8u3 linux DSA
Added: dsa-texts/3.16.7-ckt25-2+deb8u3
===================================================================
--- dsa-texts/3.16.7-ckt25-2+deb8u3 (rev 0)
+++ dsa-texts/3.16.7-ckt25-2+deb8u3 2016-07-03 07:25:50 UTC (rev 4507)
@@ -0,0 +1,59 @@
+From: Salvatore Bonaccorso <carnil at debian.org>
+To: debian-security-announce at lists.debian.org
+Subject: [SECURITY] [DSA EMBRGD-linux] linux security update
+
+-------------------------------------------------------------------------
+Debian Security Advisory DSA-EMBRGD-linux security at debian.org
+https://www.debian.org/security/ Salvatore Bonaccorso
+July 03, 2016 https://www.debian.org/security/faq
+-------------------------------------------------------------------------
+
+Package : linux
+CVE ID : CVE-2014-9904 CVE-2016-5728 CVE-2016-5828 CVE-2016-5829
+ CVE-2016-6130
+Debian Bug : 828914
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2014-9904
+
+ It was discovered that the snd_compress_check_input function used in
+ the ALSA subsystem does not p roperly check for an interger
+ overflow, allowing a local user to cause a denial of service.
+
+CVE-2016-5728
+
+ Pengfei Wang discovered a race condition in the MIC VOP driver could
+ allow a local user to obtain sensitive information fr om kernel
+ memory or cause a denial of service.
+
+CVE-2016-5828
+
+ Cyril Bur and Michael Ellerman discovered a flaw in the handling of
+ Transactional Memory on powerpc systems allowing a local user to
+ cause a denial of service (kernel crash) by starting a transaction,
+ suspending it, and then calling any of the exec() class system
+ calls.
+
+CVE-2016-5829
+
+ A heap-based buffer overflow vulnerability was found in the hiddev
+ driver, allowing a local user to cause a denial of service.
+
+CVE-2016-6130
+
+ Pengfei Wang discovered a flaw in the S/390 character device drivers
+ potentially leading to information leak with /dev/sclp.
+
+For the stable distribution (jessie), these problems have been fixed in
+version 3.16.7-ckt25-2+deb8u3.
+
+We recommend that you upgrade your linux packages.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: https://www.debian.org/security/
+
+Mailing list: debian-security-announce at lists.debian.org
More information about the kernel-sec-discuss
mailing list