This update fixes the CVEs described below.
A further issue, CVE-2014-9419, was considered, but appears to require
extensive changes with a consequent high risk of regression. It is
now unlikely to be fixed in squeeze-lts.
- CVE-2013-6885
It was discovered that under specific circumstances, a combination
of write operations to write-combined memory and locked CPU
instructions may cause a core hang on AMD 16h 00h through 0Fh
processors. A local user can use this flaw to mount a denial of
service (system hang) via a crafted application.
For more information please refer to the AMD CPU erratum 793 in
<http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf>
- CVE-2014-7822
It was found that the splice() system call did not validate the
given file offset and length. A local unprivileged user can use
this flaw to cause filesystem corruption on ext4 filesystems, or
possibly other effects.
- CVE-2014-8133
It was found that the espfix functionality can be bypassed by
installing a 16-bit RW data segment into GDT instead of LDT (which
espfix checks for) and using it for stack. A local unprivileged user
could potentially use this flaw to leak kernel stack addresses.
- CVE-2014-8134
It was found that the espfix functionality is wrongly disabled in
a 32-bit KVM guest. A local unprivileged user could potentially
use this flaw to leak kernel stack addresses.
- CVE-2014-8160
It was found that a netfilter (iptables or ip6tables) rule
accepting packets to a specific SCTP, DCCP, GRE or UDPlite
port/endpoint could result in incorrect connection tracking state.
If only the generic connection tracking module (nf_conntrack) was
loaded, and not the protocol-specific connection tracking module,
this would allow access to any port/endpoint of the specified
protocol.
- CVE-2014-9420
It was found that the ISO-9660 filesystem implementation (isofs)
follows arbitrarily long chains, including loops, of Continuation
Entries (CEs). This allows local users to mount a denial of
service via a crafted disc image.
- CVE-2014-9584
It was found that the ISO-9660 filesystem implementation (isofs)
does not validate a length value in the Extensions Reference (ER)
System Use Field, which allows local users to obtain sensitive
information from kernel memory via a crafted disc image.
- CVE-2014-9585
It was discovered that address randomisation for the vDSO in
64-bit processes is extremely biassed. A local unprivileged user
could potentially use this flaw to bypass the ASLR protection
mechanism.
- CVE-2015-1421
It was found that the SCTP implementation could free
authentication state while it was still in use, resulting in heap
corruption. This could allow remote users to cause a denial of
service or privilege escalation.
- CVE-2015-1593
It was found that address randomisation for the initial stack in
64-bit processes was limited to 20 rather than 22 bits of entropy.
A local unprivileged user could potentially use this flaw to
bypass the ASLR protection mechanism.
For Debian 6 Squeeze, these issues have been fixed in linux-2.6 version 2.6.32-48squeeze11