Home / vulnerabilitiesPDF  

Debian Security Advisory 3170-1

Posted on 27 February 2015
Source : packetstormsecurity.org Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3160-1 security@debian.org
http://www.debian.org/security/ Ben Hutchings
February 23, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2013-7421 CVE-2014-7822 CVE-2014-8160 CVE-2014-8559
CVE-2014-9585 CVE-2014-9644 CVE-2014-9683 CVE-2015-0239
CVE-2015-1420 CVE-2015-1421 CVE-2015-1593

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, information leaks or privilege
escalation.

CVE-2013-7421 / CVE-2014-9644

It was discovered that the Crypto API allowed unprivileged users
to load arbitrary kernel modules. A local user can use this flaw
to exploit vulnerabilities in modules that would not normally be
loaded.

CVE-2014-7822

Akira Fujita found that the splice() system call did not validate
the given file offset and length. A local unprivileged user can use
this flaw to cause filesystem corruption on ext4 filesystems, or
possibly other effects.

CVE-2014-8160

Florian Westphal discovered that a netfilter (iptables/ip6tables) rule
accepting packets to a specific SCTP, DCCP, GRE or UDPlite
port/endpoint could result in incorrect connection tracking state.
If only the generic connection tracking module (nf_conntrack) was
loaded, and not the protocol-specific connection tracking module,
this would allow access to any port/endpoint of the specified
protocol.

CVE-2014-8559

It was found that kernel functions that iterate over a directory
tree can dead-lock or live-lock in case some of the directory
entries were recently deleted or dropped from the cache. A local
unprivileged user can use this flaw for denial of service.

CVE-2014-9585

Andy Lutomirski discovered that address randomisation for the vDSO
in 64-bit processes is extremely biased. A local unprivileged user
could potentially use this flaw to bypass the ASLR protection
mechanism.

CVE-2014-9683

Dmitry Chernenkov discovered that eCryptfs writes past the end of
the allocated buffer during encrypted filename decoding, resulting
in local denial of service.

CVE-2015-0239

It was found that KVM did not correctly emulate the x86 SYSENTER
instruction. An unprivileged user within a guest system that has
not enabled SYSENTER, for example because the emulated CPU vendor
is AMD, could potentially use this flaw to cause a denial of
service or privilege escalation in that guest.

CVE-2015-1420

It was discovered that the open_by_handle_at() system call reads
the handle size from user memory a second time after validating
it. A local user with the CAP_DAC_READ_SEARCH capability could use
this flaw for privilege escalation.

CVE-2015-1421

It was found that the SCTP implementation could free an
authentication state while it was still in use, resulting in heap
corruption. This could allow remote users to cause a denial of
service or privilege escalation.

CVE-2015-1593

It was found that address randomisation for the initial stack in
64-bit processes was limited to 20 rather than 22 bits of entropy.
A local unprivileged user could potentially use this flaw to
bypass the ASLR protection mechanism.

For the stable distribution (wheezy), these problems have been fixed in
version 3.2.65-1+deb7u2. Additionally this update fixes regressions
introduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.

For the upcoming stable distribution (jessie), these problems will be fixed
soon (a subset is fixed already).

For the unstable distribution (sid), these problems will be fixed soon
(a subset is fixed already).

We recommend that you upgrade your linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJU62ZxAAoJEBDCk7bDfE42ii8P/0HlB7eLQP9bg46DAQfg6mzi
QrLP3IbL/T3xtE9mbNDYSJ+5ndKdDEwZ73iFt+2lWsBu9Xmyyq0866NWc054jIV7
hXrHb4gohrl1ZsShfPrq0ZwcMpg+nc9lLMTson2VXHDFV9LViI7NV1cjykQv+/FV
9n5sfzDhsSPaI8tjzy6AU0ThKTfGFDXK64zBHuKRRO1WSQwcFtdFs05R6BS5VWrT
wA/TT319syn9FCacMmnGkre00nCZyHsws4B2TAsiVdXPVeaOpHOxmRJIF+P6FOqE
kkj7uxdyc2xPCupVmQghv37cgI4hnEBiAMyr4GtyDqnSEKpLgDGtLmkzd1dxyh3t
teMIqbbvKpVqCeXnBbzWZzQBMNM8E9cx7tM0zxflc6GLMhenlTWqyDqLUPVxNnCW
j0M3nI55a7Tcn3cTOce5+HOGUUfMyHnM81tUP8akr9EkzL3PKDbE5099yD2USa3W
g4OLs6sm4YSrp0nGVvuFT5J/avrL3RtEojCc6oiHpKagjDj42B3hLPnea4fusdzd
Me0m3HSkOSi5Y/9Bi7imLIGwmDpb+p/OKXGWwKwEQc8yH/cx30my6VSX0V+3meNN
qv/aKaTZOEI35pS3qrC0EyP+J3bJbq0oKM/wce/lykXgeCQ+5yYZlN5wYbdelKiC
lP51Rd4fMF4PWh9NyqxG
=ICMx
-----END PGP SIGNATURE-----

 

TOP