linux-2.6 - security update


This update fixes the CVEs described below. * [CVE-2013-7446](https://security-tracker.debian.org/tracker/CVE-2013-7446) Dmitry Vyukov discovered that a particular sequence of valid operations on local (AF\_UNIX) sockets can result in a use-after-free. This may be used to cause a denial of service (crash) or possibly for privilege escalation. * [CVE-2015-7799](https://security-tracker.debian.org/tracker/CVE-2015-7799) 郭永刚 discovered that a user granted access to /dev/ppp can cause a denial of service (crash) by passing invalid parameters to the PPPIOCSMAXCID ioctl. This also applies to ISDN PPP device nodes. * [CVE-2015-7833](https://security-tracker.debian.org/tracker/CVE-2015-7833) Sergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a flaw in the processing of certain USB device descriptors in the usbvision driver. An attacker with physical access to the system can use this flaw to crash the system. * [CVE-2015-7990](https://security-tracker.debian.org/tracker/CVE-2015-7990) It was discovered that the fix for [CVE-2015-6937](https://security-tracker.debian.org/tracker/CVE-2015-6937) was incomplete. A race condition when sending a message on unbound socket can still cause a NULL pointer dereference. A remote attacker might be able to cause a denial of service (crash) by sending a crafted packet. * [CVE-2015-8324](https://security-tracker.debian.org/tracker/CVE-2015-8324) Valintinr reported that an attempt to mount a corrupted ext4 filesystem may result in a kernel panic. A user permitted to mount filesystems could use this flaw to crash the system. For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze17. We recommend that you upgrade your linux-2.6 packages. For the oldstable (wheezy) and stable (jessie) distributions, [CVE-2015-7833](https://security-tracker.debian.org/tracker/CVE-2015-7833), [CVE-2015-7990](https://security-tracker.debian.org/tracker/CVE-2015-7990) and [CVE-2015-8324](https://security-tracker.debian.org/tracker/CVE-2015-8324) have been fixed and the other issues will be fixed soon.

Affected Software

CPE Name Name Version
linux-2.6 2.6.32-48squeeze16
linux-2.6 2.6.32-48
linux-2.6 2.6.32-30
linux-2.6 2.6.32-48squeeze10
linux-2.6 2.6.32-39
linux-2.6 2.6.32-32
linux-2.6 2.6.32-41squeeze2
linux-2.6 2.6.32-41
linux-2.6 2.6.32-43
linux-2.6 2.6.32-48squeeze13
linux-2.6 2.6.32-44
linux-2.6 2.6.32-36
linux-2.6 2.6.32-48squeeze14
linux-2.6 2.6.32-48squeeze4
linux-2.6 2.6.32-38
linux-2.6 2.6.32-47
linux-2.6 2.6.32-40
linux-2.6 2.6.32-48squeeze5
linux-2.6 2.6.32-48squeeze11
linux-2.6 2.6.32-46
linux-2.6 2.6.32-48squeeze9
linux-2.6 2.6.32-34
linux-2.6 2.6.32-35squeeze1
linux-2.6 2.6.32-45
linux-2.6 2.6.32-35
linux-2.6 2.6.32-48squeeze1
linux-2.6 2.6.32-46squeeze1
linux-2.6 2.6.32-39squeeze1
linux-2.6 2.6.32-48squeeze3
linux-2.6 2.6.32-35~bpo50+1
linux-2.6 2.6.32-48squeeze6
linux-2.6 2.6.32-34squeeze1
linux-2.6 2.6.32-35squeeze2
linux-2.6 2.6.32-31~bpo50+1
linux-2.6 2.6.32-31
linux-2.6 2.6.32-37
linux-2.6 2.6.32-33
linux-2.6 2.6.32-48squeeze7
linux-2.6 2.6.32-48squeeze8
linux-2.6 2.6.32-48squeeze12
linux-2.6 2.6.32-30+m68k.5
linux-2.6 2.6.32-42