[kernel-sec-discuss] r5060 - dsa-texts
Ben Hutchings
benh at moszumanska.debian.org
Wed Mar 8 15:28:00 UTC 2017
Author: benh
Date: 2017-03-08 15:28:00 +0000 (Wed, 08 Mar 2017)
New Revision: 5060
Modified:
dsa-texts/3.16.39-1+deb8u2
Log:
Fill in advisory text for most issues fixed in 3.16.39-1+deb8u2
Modified: dsa-texts/3.16.39-1+deb8u2
===================================================================
--- dsa-texts/3.16.39-1+deb8u2 2017-03-08 14:58:18 UTC (rev 5059)
+++ dsa-texts/3.16.39-1+deb8u2 2017-03-08 15:28:00 UTC (rev 5060)
@@ -25,12 +25,47 @@
echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false
CVE-2017-5669
+
+ Gareth Evans reported that privileged users can map memory at
+ address 0 through the shmat() system call. This could make it
+ easier to exploit other kernel security vulnerabilities via a
+ set-UID program.
+
CVE-2017-5986
+
+ Alexander Popov reported a race condition in the SCTP
+ implementation that can be used by local users to cause a
+ denial-of-service (crash). The initial fix for this was incorrect
+ and introduced further security issues (CVE-2017-6353). This
+ update includes a later fix that avoids those. On systems that do
+ not already have the sctp module loaded, this can be mitigated by
+ disabling it:
+ echo >> /etc/modprobe.d/disable-sctp.conf install sctp false
+
CVE-2017-6214
+
+ Dmitry Vyukov reported a bug in the TCP implementation's handling
+ of urgent data in the splice() system call. This can be used by a
+ remote attacker for denial-of-service (hang) against applications
+ that read from TCP sockets with splice().
+
CVE-2017-6345
+
+ Andrey Konovalov reported that the LLC type 2 implementation
+ incorrectly assigns socket buffer ownership. This can be used
+ by a local user to cause a denial-of-service (crash). On systems
+ that do not already have the llc2 module loaded, this can be
+ mitigated by disabling it:
+ echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false
+
CVE-2017-6346
+
+ Dmitry Vyukov reported a race condition in the raw packet (af_packet)
+ fanout feature. Local users with the CAP_NET_RAW capability (in any
+ user namespace) can use this for denial-of-service and possibly for
+ privilege escalation.
+
CVE-2017-6348
-CVE-2017-6353
For the stable distribution (jessie), these problems have been fixed in
version 3.16.39-1+deb8u2.
More information about the kernel-sec-discuss
mailing list