[kernel-sec-discuss] r4507 - dsa-texts

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Jul 3 07:25:50 UTC 2016 

Author: carnil
Date: 2016-07-03 07:25:50 +0000 (Sun, 03 Jul 2016)
New Revision: 4507

Added:
   dsa-texts/3.16.7-ckt25-2+deb8u3
Log:
Add initial proposed text for 3.16.7-ckt25-2+deb8u3 linux DSA

Added: dsa-texts/3.16.7-ckt25-2+deb8u3
===================================================================
--- dsa-texts/3.16.7-ckt25-2+deb8u3	                        (rev 0)
+++ dsa-texts/3.16.7-ckt25-2+deb8u3	2016-07-03 07:25:50 UTC (rev 4507)
@@ -0,0 +1,59 @@
+From: Salvatore Bonaccorso <carnil at debian.org>
+To: debian-security-announce at lists.debian.org
+Subject: [SECURITY] [DSA EMBRGD-linux] linux security update
+
+-------------------------------------------------------------------------
+Debian Security Advisory DSA-EMBRGD-linux                   security at debian.org
+https://www.debian.org/security/                     Salvatore Bonaccorso
+July 03, 2016                         https://www.debian.org/security/faq
+-------------------------------------------------------------------------
+
+Package        : linux
+CVE ID         : CVE-2014-9904 CVE-2016-5728 CVE-2016-5828 CVE-2016-5829
+                 CVE-2016-6130
+Debian Bug     : 828914
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2014-9904
+
+    It was discovered that the snd_compress_check_input function used in
+    the ALSA subsystem does not p roperly check for an interger
+    overflow, allowing a local user to cause a denial of service.
+
+CVE-2016-5728
+
+    Pengfei Wang discovered a race condition in the MIC VOP driver could
+    allow a local user to obtain sensitive information fr om kernel
+    memory or cause a denial of service.
+
+CVE-2016-5828
+
+    Cyril Bur and Michael Ellerman discovered a flaw in the handling of
+    Transactional Memory on powerpc systems allowing a local user to
+    cause a denial of service (kernel crash) by starting a transaction,
+    suspending it, and then calling any of the exec() class system
+    calls.
+
+CVE-2016-5829
+
+    A heap-based buffer overflow vulnerability was found in the hiddev
+    driver, allowing a local user to cause a denial of service.
+
+CVE-2016-6130
+
+    Pengfei Wang discovered a flaw in the S/390 character device drivers
+    potentially leading to information leak with /dev/sclp.
+
+For the stable distribution (jessie), these problems have been fixed in
+version 3.16.7-ckt25-2+deb8u3.
+
+We recommend that you upgrade your linux packages.
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: https://www.debian.org/security/
+
+Mailing list: debian-security-announce at lists.debian.org

More information about the kernel-sec-discuss mailing list