[kernel-sec-discuss] r4996 - dsa-texts
Ben Hutchings
benh at moszumanska.debian.org
Wed Feb 22 16:31:24 UTC 2017
Author: benh
Date: 2017-02-22 16:31:24 +0000 (Wed, 22 Feb 2017)
New Revision: 4996
Modified:
dsa-texts/3.16.39-1+deb8u1
Log:
Add mitigations for issues fixed in 3.16.39-1+deb8u1
Modified: dsa-texts/3.16.39-1+deb8u1
===================================================================
--- dsa-texts/3.16.39-1+deb8u1 2017-02-22 16:22:01 UTC (rev 4995)
+++ dsa-texts/3.16.39-1+deb8u1 2017-02-22 16:31:24 UTC (rev 4996)
@@ -12,7 +12,9 @@
It was discovered that the performance events subsystem does not
properly manage locks during certain migrations, allowing a local
- attacker to escalate privileges.
+ attacker to escalate privileges. This can be mitigated by
+ disabling unprivileged use of performance events:
+ sysctl kernel.perf_event_paranoid=3
CVE-2016-8405
@@ -85,13 +87,16 @@
Di Shen discovered a race condition between concurrent calls to
the performance events subsystem, allowing a local attacker to
escalate privileges. This flaw exists because of an incomplete fix
- of CVE-2016-6786.
+ of CVE-2016-6786. This can be mitigated by disabling unprivileged
+ use of performance events: sysctl kernel.perf_event_paranoid=3
CVE-2017-6074
Andrey Konovalov discovered a use-after-free vulnerability in the
DCCP networking code, which could result in denial of service or
- local privilege escalation.
+ local privilege escalation. On systems that do not already have
+ the dccp module loaded, this can be mitigated by disabling it:
+ echo >> /etc/modprobe.d/disable-dccp.conf install dccp false
For the stable distribution (jessie), these problems have been fixed in
version 3.16.39-1+deb8u1.
More information about the kernel-sec-discuss
mailing list