[SECURITY] [DLA 439-1] linux-2.6 security update

2016-02-29T19:24:36
ID DEBIAN:DLA-439-1:BED7A
Type debian
Reporter Debian
Modified 2016-02-29T19:24:36

Description

Package        : linux-2.6 Version        : 2.6.32-48squeeze20 CVE ID         : CVE-2015-8812 CVE-2016-0774 CVE-2016-2384

This update fixes the CVEs described below.

CVE-2015-8812

A flaw was found in the iw_cxgb3 Infiniband driver.  Whenever it     could not send a packet because the network was congested, it     would free the packet buffer but later attempt to send the packet     again.  This use-after-free could result in a denial of service     (crash or hang), data loss or privilege escalation.

CVE-2016-0774

It was found that the fix for CVE-2015-1805 in kernel versions     older than Linux 3.16 did not correctly handle the case of a     partially failed atomic read.  A local, unprivileged user could     use this flaw to crash the system or leak kernel memory to user     space.

CVE-2016-2384

Andrey Konovalov found that a USB MIDI device with an invalid USB     descriptor could trigger a double-free.  This may be used by a     physically present user for privilege escalation.

Additionally, it fixes some old security issues with no CVE ID:

Several kernel APIs permitted reading or writing 2 GiB of data or     more in a single chunk, which could lead to an integer overflow     when applied to certain filesystems, socket or device types.  The     full security impact has not been evaluated.

Finally, it fixes a regression in 2.6.32-48squeeze17 that would cause Samba to hang in some situations.

For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze20.  This is really the final update to the linux-2.6 package for squeeze.

For the oldstable distribution (wheezy), the kernel was not affected by the integer overflow issues and the remaining problems will be fixed in version 3.2.73-2+deb7u3.

For the stable distribution (jessie), the kernel was not affected by the integer overflow issues or CVE-2016-0774, and the remaining problems will be fixed in version 3.16.7-ckt20-1+deb8u4.

-- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams