[SECURITY] [DLA 310-1] linux-2.6 security update

2015-09-2121:07:12

lists.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.399 Low

EPSS

Percentile

97.2%

JSON

Package : linux-2.6
Version : 2.6.32-48squeeze14
CVE ID : CVE-2015-0272 CVE-2015-5156 CVE-2015-5364 CVE-2015-5366
CVE-2015-5697 CVE-2015-5707 CVE-2015-6937

This update fixes the CVEs described below.

CVE-2015-0272

It was discovered that NetworkManager would set IPv6 MTUs based on
the values received in IPv6 RAs (Router Advertisements), without
sufficiently validating these values.  A remote attacker could
exploit this attack to disable IPv6 connectivity.  This has been
mitigated by adding validation in the kernel.

CVE-2015-5156

Jason Wang discovered that when a virtio_net device is connected
to a bridge in the same VM, a series of TCP packets forwarded
through the bridge may cause a heap buffer overflow.  A remote
attacker could use this to cause a denial of service (crash) or
possibly for privilege escalation.

CVE-2015-5364

It was discovered that the Linux kernel does not properly handle
invalid UDP checksums. A remote attacker could exploit this flaw to
cause a denial of service using a flood of UDP packets with invalid
checksums.

CVE-2015-5366

It was discovered that the Linux kernel does not properly handle
invalid UDP checksums. A remote attacker can cause a denial of
service against applications that use epoll by injecting a single
packet with an invalid checksum.

CVE-2015-5697

A flaw was discovered in the md driver in the Linux kernel leading
to an information leak.

CVE-2015-5707

An integer overflow in the SCSI generic driver in the Linux kernel
was discovered. A local user with write permission on a SCSI generic
device could potentially exploit this flaw for privilege escalation.

CVE-2015-6937

It was found that the Reliable Datagram Sockets (RDS) protocol
implementation did not verify that an underlying transport exists
when creating a connection.  Depending on how a local RDS
application initialised its sockets, a remote attacker might be
able to cause a denial of service (crash) by sending a crafted
packet.

For the oldoldstable distribution (squeeze), these problems have been
fixed in version 2.6.32-48squeeze14.

For the oldstable distribution (wheezy), these problems have been
fixed in version 3.2.68-1+deb7u4 or earlier.

For the stable distribution (jessie), these problems have been fixed
in version 3.16.7-ckt11-1+deb8u4 or earlier.

–
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams

Attachment:
signature.asc
Description: This is a digitally signed message part

OSVersionArchitecturePackageVersionFilename
Debian8mipselinput-modules-3.16.0-4-loongson-2e-di< 3.16.7-ckt11-1+deb8u2input-modules-3.16.0-4-loongson-2e-di_3.16.7-ckt11-1+deb8u2_mipsel.deb
Debian8amd64jfs-modules-3.16.0-4-amd64-di< 3.16.7-ckt11-1+deb8u2jfs-modules-3.16.0-4-amd64-di_3.16.7-ckt11-1+deb8u2_amd64.deb
Debian7s390linux-headers-3.2.0-4-s390x< 3.2.68-1+deb7u3linux-headers-3.2.0-4-s390x_3.2.68-1+deb7u3_s390.deb
Debian8mipselcdrom-core-modules-3.16.0-4-4kc-malta-di< 3.16.7-ckt11-1+deb8u2cdrom-core-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt11-1+deb8u2_mipsel.deb
Debian8arm64nic-shared-modules-3.16.0-4-arm64-di< 3.16.7-ckt11-1+deb8u2nic-shared-modules-3.16.0-4-arm64-di_3.16.7-ckt11-1+deb8u2_arm64.deb
Debian7armhfmd-modules-3.2.0-4-vexpress-di< 3.2.68-1+deb7u3md-modules-3.2.0-4-vexpress-di_3.2.68-1+deb7u3_armhf.deb
Debian7alllinux< 3.2.68-1+deb7u3linux_3.2.68-1+deb7u3_all.deb
Debian7i386uinput-modules-3.2.0-4-686-pae-di< 3.2.68-1+deb7u3uinput-modules-3.2.0-4-686-pae-di_3.2.68-1+deb7u3_i386.deb
Debian7armhfnbd-modules-3.2.0-4-vexpress-di< 3.2.68-1+deb7u3nbd-modules-3.2.0-4-vexpress-di_3.2.68-1+deb7u3_armhf.deb
Debian8powerpcudf-modules-3.16.0-4-powerpc64-di< 3.16.7-ckt11-1+deb8u2udf-modules-3.16.0-4-powerpc64-di_3.16.7-ckt11-1+deb8u2_powerpc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	mipsel	input-modules-3.16.0-4-loongson-2e-di	< 3.16.7-ckt11-1+deb8u2	input-modules-3.16.0-4-loongson-2e-di_3.16.7-ckt11-1+deb8u2_mipsel.deb
Debian	8	amd64	jfs-modules-3.16.0-4-amd64-di	< 3.16.7-ckt11-1+deb8u2	jfs-modules-3.16.0-4-amd64-di_3.16.7-ckt11-1+deb8u2_amd64.deb
Debian	7	s390	linux-headers-3.2.0-4-s390x	< 3.2.68-1+deb7u3	linux-headers-3.2.0-4-s390x_3.2.68-1+deb7u3_s390.deb
Debian	8	mipsel	cdrom-core-modules-3.16.0-4-4kc-malta-di	< 3.16.7-ckt11-1+deb8u2	cdrom-core-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt11-1+deb8u2_mipsel.deb
Debian	8	arm64	nic-shared-modules-3.16.0-4-arm64-di	< 3.16.7-ckt11-1+deb8u2	nic-shared-modules-3.16.0-4-arm64-di_3.16.7-ckt11-1+deb8u2_arm64.deb
Debian	7	armhf	md-modules-3.2.0-4-vexpress-di	< 3.2.68-1+deb7u3	md-modules-3.2.0-4-vexpress-di_3.2.68-1+deb7u3_armhf.deb
Debian	7	all	linux	< 3.2.68-1+deb7u3	linux_3.2.68-1+deb7u3_all.deb
Debian	7	i386	uinput-modules-3.2.0-4-686-pae-di	< 3.2.68-1+deb7u3	uinput-modules-3.2.0-4-686-pae-di_3.2.68-1+deb7u3_i386.deb
Debian	7	armhf	nbd-modules-3.2.0-4-vexpress-di	< 3.2.68-1+deb7u3	nbd-modules-3.2.0-4-vexpress-di_3.2.68-1+deb7u3_armhf.deb
Debian	8	powerpc	udf-modules-3.16.0-4-powerpc64-di	< 3.16.7-ckt11-1+deb8u2	udf-modules-3.16.0-4-powerpc64-di_3.16.7-ckt11-1+deb8u2_powerpc.deb