Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-439-1:BED7A
HistoryFeb 29, 2016 - 6:43 p.m.

[SECURITY] [DLA 439-1] linux-2.6 security update

2016-02-2918:43:11
lists.debian.org
26

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.054 Low

EPSS

Percentile

93.2%

JSON

Package        : linux-2.6
Version        : 2.6.32-48squeeze20
CVE ID         : CVE-2015-8812 CVE-2016-0774 CVE-2016-2384

This update fixes the CVEs described below.

CVE-2015-8812

A flaw was found in the iw_cxgb3 Infiniband driver.  Whenever it
    could not send a packet because the network was congested, it
    would free the packet buffer but later attempt to send the packet
    again.  This use-after-free could result in a denial of service
    (crash or hang), data loss or privilege escalation.

CVE-2016-0774

It was found that the fix for CVE-2015-1805 in kernel versions
    older than Linux 3.16 did not correctly handle the case of a
    partially failed atomic read.  A local, unprivileged user could
    use this flaw to crash the system or leak kernel memory to user
    space.

CVE-2016-2384

Andrey Konovalov found that a USB MIDI device with an invalid USB
    descriptor could trigger a double-free.  This may be used by a
    physically present user for privilege escalation.

Additionally, it fixes some old security issues with no CVE ID:

Several kernel APIs permitted reading or writing 2 GiB of data or
    more in a single chunk, which could lead to an integer overflow
    when applied to certain filesystems, socket or device types.  The
    full security impact has not been evaluated.

Finally, it fixes a regression in 2.6.32-48squeeze17 that would cause
Samba to hang in some situations.

For the oldoldstable distribution (squeeze), these problems have been
fixed in version 2.6.32-48squeeze20.  This is really the final
update to the linux-2.6 package for squeeze.

For the oldstable distribution (wheezy), the kernel was not affected
by the integer overflow issues and the remaining problems will be
fixed in version 3.2.73-2+deb7u3.

For the stable distribution (jessie), the kernel was not affected by
the integer overflow issues or CVE-2016-0774, and the remaining
problems will be fixed in version 3.16.7-ckt20-1+deb8u4.


Ben Hutchings - Debian developer, member of Linux kernel and LTS teams

Attachment:
signature.asc
Description: This is a digitally signed message part

OSVersionArchitecturePackageVersionFilename
Debian6i386linux-headers-2.6.32-5-common-vserver< 2.6.32-48squeeze20linux-headers-2.6.32-5-common-vserver_2.6.32-48squeeze20_i386.deb
Debian6i386linux-image-2.6.32-5-486< 2.6.32-48squeeze20linux-image-2.6.32-5-486_2.6.32-48squeeze20_i386.deb
Debian6alllinux-doc-2.6.32< 2.6.32-48squeeze20linux-doc-2.6.32_2.6.32-48squeeze20_all.deb
Debian6i386linux-headers-2.6.32-5-686< 2.6.32-48squeeze20linux-headers-2.6.32-5-686_2.6.32-48squeeze20_i386.deb
Debian6amd64linux-headers-2.6.32-5-all-amd64< 2.6.32-48squeeze20linux-headers-2.6.32-5-all-amd64_2.6.32-48squeeze20_amd64.deb
Debian6amd64linux-image-2.6.32-5-vserver-amd64< 2.6.32-48squeeze20linux-image-2.6.32-5-vserver-amd64_2.6.32-48squeeze20_amd64.deb
Debian6i386linux-image-2.6.32-5-xen-686-dbg< 2.6.32-48squeeze20linux-image-2.6.32-5-xen-686-dbg_2.6.32-48squeeze20_i386.deb
Debian6i386linux-headers-2.6.32-5-486< 2.6.32-48squeeze20linux-headers-2.6.32-5-486_2.6.32-48squeeze20_i386.deb
Debian6amd64linux-headers-2.6.32-5-common-vserver< 2.6.32-48squeeze20linux-headers-2.6.32-5-common-vserver_2.6.32-48squeeze20_amd64.deb
Debian6amd64linux-image-2.6.32-5-amd64-dbg< 2.6.32-48squeeze20linux-image-2.6.32-5-amd64-dbg_2.6.32-48squeeze20_amd64.deb
Rows per page:
1-10 of 581

Related

osv 3
openvas 42
nessus 47
suse 15
redhat 10
centos 3
prion 4
cve 4
f5 7
ubuntucve 4
nvd 4
oraclelinux 8
debiancve 4
cvelist 4
fedora 3
veracode 2
android 2
threatpost 3
androidsecurity 1
packetstorm 1
zdt 1
ubuntu 14
exploitpack 1
exploitdb 1
thn 2
seebug 1
debian 4
securityvulns 2
cloudfoundry 1
amazon 1
osv
osv
linux-2.6 - security update
2016-02-29 00:00:00
linux - security update
2016-03-03 00:00:00
linux - security update
2015-06-18 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-439-1)
2023-03-08 00:00:00
Oracle: Security Advisory (ELSA-2016-3528)
2016-03-31 00:00:00
CentOS Update for kernel CESA-2016:0494 centos6
2016-03-24 00:00:00
nessus
nessus
Debian DLA-439-1 : linux-2.6 security update
2016-03-01 00:00:00
CentOS 6 : kernel (CESA-2016:0494)
2016-03-24 00:00:00
F5 Networks BIG-IP : Linux kernel vulnerability (K08440897)
2016-09-02 00:00:00
suse
suse
Security update for Linux Kernel Live Patch 10 (important)
2016-04-15 15:08:00
Security update for Linux Kernel Live Patch 5 (important)
2016-04-15 15:08:50
Security update for Linux Kernel Live Patch 8 (important)
2016-04-14 20:11:21
redhat
redhat
(RHSA-2016:0494) Moderate: kernel security, bug fix, and enhancement update
2016-03-22 00:00:00
(RHSA-2016:0617) Moderate: kernel security and bug fix update
2016-04-12 00:00:00
(RHSA-2016:0103) Important: kernel security, bug fix, and enhancement update
2016-02-02 16:05:39
centos
centos
kernel, perf, python security update
2016-03-23 13:20:33
kernel security update
2015-06-03 01:55:17
kernel, perf, python security update
2015-06-10 09:06:44
prion
prion
Design/Logic Flaw
2016-04-27 17:59:00
Design/Logic Flaw
2016-04-27 17:59:00
Design/Logic Flaw
2015-08-08 10:59:00
cve
cve
CVE-2016-0774
2016-04-27 17:59:06
CVE-2015-8812
2016-04-27 17:59:02
CVE-2016-2384
2016-04-27 17:59:11
f5
f5
K08440897 : Linux kernel vulnerability CVE-2016-0774
2016-07-13 00:00:00
SOL80758444 - Linux kernel vulnerability CVE-2015-8812
2016-06-17 00:00:00
K80758444 : Linux kernel vulnerability CVE-2015-8812
2016-06-17 00:00:00
ubuntucve
ubuntucve
CVE-2016-0774
2016-04-27 00:00:00
CVE-2015-8812
2015-12-31 00:00:00
CVE-2015-1805
2015-06-03 00:00:00
nvd
nvd
CVE-2016-0774
2016-04-27 17:59:06
CVE-2015-8812
2016-04-27 17:59:02
CVE-2015-1805
2015-08-08 10:59:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2016-03-23 00:00:00
kernel security and bug fix update
2015-06-03 00:00:00
kernel security and bug fix update
2015-06-02 00:00:00
debiancve
debiancve
CVE-2016-0774
2016-04-27 17:59:06
CVE-2015-8812
2016-04-27 17:59:02
CVE-2015-1805
2015-08-08 10:59:00
cvelist
cvelist
CVE-2016-0774
2016-04-27 17:00:00
CVE-2015-8812
2016-04-27 17:00:00
CVE-2015-1805
2015-08-08 10:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: kernel-4.4.2-301.fc23
2016-02-28 12:28:05
[SECURITY] Fedora 22 Update: kernel-4.3.6-201.fc22
2016-02-28 08:29:55
[SECURITY] Fedora 22 Update: kernel-4.4.3-201.fc22
2016-03-05 01:20:44
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:06:06
Denial Of Service (DoS)
2019-05-02 05:51:58
android
android
pipe inatomic
2015-06-06 00:00:00
CVE-2015-1805
2016-04-02 00:00:00
threatpost
threatpost
Android Rooting Application Emergency Patch
2016-03-23 07:00:46
April 2016 Google Android Nexus Security Bulletin
2016-04-04 14:00:22
Google Detects and Boots Tizi Spyware Off Google Play
2017-11-28 12:40:09
androidsecurity
androidsecurity
Android Security Advisory&hairsp;—&hairsp;2016-03-18
2016-03-18 00:00:00
packetstorm
packetstorm
Linux Kernel 3.x usb-midi Local Privilege Escalation
2017-05-12 00:00:00
zdt
zdt
Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege
2017-05-14 00:00:00
ubuntu
ubuntu
Linux kernel vulnerability
2016-03-14 00:00:00
Linux kernel (OMAP4) vulnerability
2016-03-14 00:00:00
Linux kernel vulnerabilities
2015-07-23 00:00:00
exploitpack
exploitpack
Linux Kernel 3.x (Ubuntu 14.04 Mint 17.3 Fedora 22) - Double-free usb-midi SMEP Privilege Escalation
2016-02-22 00:00:00
exploitdb
exploitdb
Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Privilege Escalation
2016-02-22 00:00:00
thn
thn
First Android Malware Found Exploiting Dirty COW Linux Flaw to Gain Root Privileges
2017-09-26 02:52:00
This New Android Malware Can Gain Root Access to Your Smartphones
2021-10-29 13:48:00
seebug
seebug
Linux kernel local privilege escalation flaw in n_hdlc(CVE-2017-2636)
2017-03-09 00:00:00
debian
debian
[SECURITY] [DSA 3503-1] linux security update
2016-03-03 20:56:20
[SECURITY] [DSA 3503-1] linux security update
2016-03-03 20:56:20
[SECURITY] [DSA 3290-1] linux security update
2015-06-18 06:58:51
securityvulns
securityvulns
[SECURITY] [DSA 3290-1] linux security update
2015-06-21 00:00:00
Linux kernel security vulnerabilities
2015-06-21 00:00:00
cloudfoundry
cloudfoundry
USN-2949-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
2016-05-06 00:00:00
amazon
amazon
Medium: kernel
2015-07-22 10:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.054 Low

EPSS

Percentile

93.2%

JSON
Related for DEBIAN:DLA-439-1:BED7A
osv3openvas42nessus47suse15redhat10centos3prion4cve4f57ubuntucve4nvd4oraclelinux8debiancve4cvelist4fedora3veracode2android2threatpost3androidsecurity1packetstorm1zdt1ubuntu14exploitpack1exploitdb1thn2seebug1debian4securityvulns2cloudfoundry1amazon1