[kernel-sec-discuss] r5060 - dsa-texts

Ben Hutchings benh at moszumanska.debian.org
Wed Mar 8 15:28:00 UTC 2017 

Author: benh
Date: 2017-03-08 15:28:00 +0000 (Wed, 08 Mar 2017)
New Revision: 5060

Modified:
   dsa-texts/3.16.39-1+deb8u2
Log:
Fill in advisory text for most issues fixed in 3.16.39-1+deb8u2

Modified: dsa-texts/3.16.39-1+deb8u2
===================================================================
--- dsa-texts/3.16.39-1+deb8u2	2017-03-08 14:58:18 UTC (rev 5059)
+++ dsa-texts/3.16.39-1+deb8u2	2017-03-08 15:28:00 UTC (rev 5060)
@@ -25,12 +25,47 @@
     echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false
 
 CVE-2017-5669
+
+    Gareth Evans reported that privileged users can map memory at
+    address 0 through the shmat() system call. This could make it
+    easier to exploit other kernel security vulnerabilities via a
+    set-UID program.
+
 CVE-2017-5986
+
+    Alexander Popov reported a race condition in the SCTP
+    implementation that can be used by local users to cause a
+    denial-of-service (crash). The initial fix for this was incorrect
+    and introduced further security issues (CVE-2017-6353). This
+    update includes a later fix that avoids those. On systems that do
+    not already have the sctp module loaded, this can be mitigated by
+    disabling it:
+    echo >> /etc/modprobe.d/disable-sctp.conf install sctp false
+
 CVE-2017-6214
+
+    Dmitry Vyukov reported a bug in the TCP implementation's handling
+    of urgent data in the splice() system call. This can be used by a
+    remote attacker for denial-of-service (hang) against applications
+    that read from TCP sockets with splice().
+
 CVE-2017-6345
+
+    Andrey Konovalov reported that the LLC type 2 implementation
+    incorrectly assigns socket buffer ownership. This can be used
+    by a local user to cause a denial-of-service (crash). On systems
+    that do not already have the llc2 module loaded, this can be
+    mitigated by disabling it:
+    echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false
+
 CVE-2017-6346
+
+    Dmitry Vyukov reported a race condition in the raw packet (af_packet)
+    fanout feature. Local users with the CAP_NET_RAW capability (in any
+    user namespace) can use this for denial-of-service and possibly for
+    privilege escalation.
+
 CVE-2017-6348
-CVE-2017-6353
 
 For the stable distribution (jessie), these problems have been fixed in
 version 3.16.39-1+deb8u2.

More information about the kernel-sec-discuss mailing list