Lucene search

DebianDEBIAN:DLA-833-1:91DAA

HistoryFeb 22, 2017 - 7:45 p.m.

[SECURITY] [DLA 833-1] linux security update

2017-02-2219:45:23

lists.debian.org

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Package : linux
Version : 3.2.84-2
CVE ID : CVE-2014-9888 CVE-2014-9895 CVE-2016-6786 CVE-2016-6787
CVE-2016-8405 CVE-2017-5549 CVE-2017-6001 CVE-2017-6074

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or have other
impacts.

CVE-2014-9888

Russell King found that on ARM systems, memory allocated for DMA
buffers was mapped with executable permission.  This made it
easier to exploit other vulnerabilities in the kernel.

CVE-2014-9895

Dan Carpenter found that the MEDIA_IOC_ENUM_LINKS ioctl on media
devices resulted in an information leak.

CVE-2016-6786 / CVE-2016-6787

It was discovered that the performance events subsystem does not
properly manage locks during certain migrations, allowing a local
attacker to escalate privileges.  This can be mitigated by
disabling unprivileged use of performance events:
sysctl kernel.perf_event_paranoid=3

CVE-2016-8405

Peter Pi of Trend Micro discovered that the frame buffer video
subsystem does not properly check bounds while copying color maps to
userspace, causing a heap buffer out-of-bounds read, leading to
information disclosure.

CVE-2017-5549

It was discovered that the KLSI KL5KUSB105 serial USB device
driver could log the contents of uninitialised kernel memory,
resulting in an information leak.

CVE-2017-6001

Di Shen discovered a race condition between concurrent calls to
the performance events subsystem, allowing a local attacker to
escalate privileges. This flaw exists because of an incomplete fix
of CVE-2016-6786.  This can be mitigated by disabling unprivileged
use of performance events: sysctl kernel.perf_event_paranoid=3

CVE-2017-6074

Andrey Konovalov discovered a use-after-free vulnerability in the
DCCP networking code, which could result in denial of service or
local privilege escalation.  On systems that do not already have
the dccp module loaded, this can be mitigated by disabling it:
echo &gt;&gt; /etc/modprobe.d/disable-dccp.conf install dccp false

For Debian 7 "Wheezy", these problems have been fixed in version
3.2.84-2.

For Debian 8 "Jessie", these problems have been fixed in version
3.16.39-1+deb8u1 or earlier.

We recommend that you upgrade your linux packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

–
Ben Hutchings - Debian developer, member of kernel, installer and LTS teamsAttachment:
signature.asc
Description: This is a digitally signed message part

OSVersionArchitecturePackageVersionFilename
Debian7armelnic-shared-modules-3.2.0-4-iop32x-di< 3.2.84-2nic-shared-modules-3.2.0-4-iop32x-di_3.2.84-2_armel.deb
Debian8amd64usb-modules-3.16.0-4-amd64-di< 3.16.39-1+deb8u1usb-modules-3.16.0-4-amd64-di_3.16.39-1+deb8u1_amd64.deb
Debian7i386sata-modules-3.2.0-4-486-di< 3.2.84-2sata-modules-3.2.0-4-486-di_3.2.84-2_i386.deb
Debian8mipselaffs-modules-3.16.0-4-loongson-2e-di< 3.16.39-1+deb8u1affs-modules-3.16.0-4-loongson-2e-di_3.16.39-1+deb8u1_mipsel.deb
Debian8mipselkernel-image-3.16.0-4-sb1-bcm91250a-di< 3.16.39-1+deb8u1kernel-image-3.16.0-4-sb1-bcm91250a-di_3.16.39-1+deb8u1_mipsel.deb
Debian8amd64sound-modules-3.16.0-4-amd64-di< 3.16.39-1+deb8u1sound-modules-3.16.0-4-amd64-di_3.16.39-1+deb8u1_amd64.deb
Debian8amd64linux-libc-dev< 3.16.39-1+deb8u1linux-libc-dev_3.16.39-1+deb8u1_amd64.deb
Debian8ppc64elisofs-modules-3.16.0-4-powerpc64le-di< 3.16.39-1+deb8u1isofs-modules-3.16.0-4-powerpc64le-di_3.16.39-1+deb8u1_ppc64el.deb
Debian8mipselzlib-modules-3.16.0-4-4kc-malta-di< 3.16.39-1+deb8u1zlib-modules-3.16.0-4-4kc-malta-di_3.16.39-1+deb8u1_mipsel.deb
Debian8mipsxfs-modules-3.16.0-4-4kc-malta-di< 3.16.39-1+deb8u1xfs-modules-3.16.0-4-4kc-malta-di_3.16.39-1+deb8u1_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	armel	nic-shared-modules-3.2.0-4-iop32x-di	< 3.2.84-2	nic-shared-modules-3.2.0-4-iop32x-di_3.2.84-2_armel.deb
Debian	8	amd64	usb-modules-3.16.0-4-amd64-di	< 3.16.39-1+deb8u1	usb-modules-3.16.0-4-amd64-di_3.16.39-1+deb8u1_amd64.deb
Debian	7	i386	sata-modules-3.2.0-4-486-di	< 3.2.84-2	sata-modules-3.2.0-4-486-di_3.2.84-2_i386.deb
Debian	8	mipsel	affs-modules-3.16.0-4-loongson-2e-di	< 3.16.39-1+deb8u1	affs-modules-3.16.0-4-loongson-2e-di_3.16.39-1+deb8u1_mipsel.deb
Debian	8	mipsel	kernel-image-3.16.0-4-sb1-bcm91250a-di	< 3.16.39-1+deb8u1	kernel-image-3.16.0-4-sb1-bcm91250a-di_3.16.39-1+deb8u1_mipsel.deb
Debian	8	amd64	sound-modules-3.16.0-4-amd64-di	< 3.16.39-1+deb8u1	sound-modules-3.16.0-4-amd64-di_3.16.39-1+deb8u1_amd64.deb
Debian	8	amd64	linux-libc-dev	< 3.16.39-1+deb8u1	linux-libc-dev_3.16.39-1+deb8u1_amd64.deb
Debian	8	ppc64el	isofs-modules-3.16.0-4-powerpc64le-di	< 3.16.39-1+deb8u1	isofs-modules-3.16.0-4-powerpc64le-di_3.16.39-1+deb8u1_ppc64el.deb
Debian	8	mipsel	zlib-modules-3.16.0-4-4kc-malta-di	< 3.16.39-1+deb8u1	zlib-modules-3.16.0-4-4kc-malta-di_3.16.39-1+deb8u1_mipsel.deb
Debian	8	mips	xfs-modules-3.16.0-4-4kc-malta-di	< 3.16.39-1+deb8u1	xfs-modules-3.16.0-4-4kc-malta-di_3.16.39-1+deb8u1_mips.deb