linux - security update

This update fixes the CVEs described below.

• CVE-2016-0821
  Solar Designer noted that the list poisoning feature, intended
  to mitigate the effects of bugs in list manipulation in the
  kernel, used poison values within the range of virtual addresses
  that can be allocated by user processes.
• CVE-2016-1583
  Jann Horn of Google Project Zero reported that the eCryptfs
  filesystem could be used together with the proc filesystem to
  cause a kernel stack overflow. If the ecryptfs-utils package was
  installed, local users could exploit this, via the
  mount.ecryptfs_private program, for denial of service (crash) or
  possibly for privilege escalation.
• CVE-2016-2184 /
  CVE-2016-2185 /
  CVE-2016-2186 /
  CVE-2016-2187 /
  CVE-2016-3136 /
  CVE-2016-3137 /
  CVE-2016-3138 /
  CVE-2016-3140
  Ralf Spenneberg of OpenSource Security reported that various USB
  drivers do not sufficiently validate USB descriptors. This
  allowed a physically present user with a specially designed USB
  device to cause a denial of service (crash). Not all the drivers
  have yet been fixed.
• CVE-2016-3134
  The Google Project Zero team found that the netfilter subsystem
  does not sufficiently validate filter table entries. A user with
  the CAP_NET_ADMIN capability could use this for denial of service
  (crash) or possibly for privilege escalation.
• CVE-2016-3157 / XSA-171

Andy Lutomirski discovered that the x86_64 (amd64) task switching
implementation did not correctly update the I/O permission level
when running as a Xen paravirtual (PV) guest. In some
configurations this would allow local users to cause a denial of
service (crash) or to escalate their privileges within the guest.

• CVE-2016-3672
  Hector Marco and Ismael Ripoll noted that it was still possible to
  disable Address Space Layout Randomisation (ASLR) for x86_32
  (i386) programs by removing the stack resource limit. This made
  it easier for local users to exploit security flaws in programs
  that have the setuid or setgid flag set.
• CVE-2016-3951
  It was discovered that the cdc_ncm driver would free memory
  prematurely if certain errors occurred during its initialisation.
  This allowed a physically present user with a specially designed
  USB device to cause a denial of service (crash) or possibly to
  escalate their privileges.
• CVE-2016-3955
  Ignat Korchagin reported that the usbip subsystem did not check
  the length of data received for a USB buffer. This allowed denial
  of service (crash) or privilege escalation on a system configured
  as a usbip client, by the usbip server or by an attacker able to
  impersonate it over the network. A system configured as a usbip
  server might be similarly vulnerable to physically present users.
• CVE-2016-3961 / XSA-174

Vitaly Kuznetsov of Red Hat discovered that Linux allowed use of
hugetlbfs on x86 (i386 and amd64) systems even when running as a
Xen paravirtualised (PV) guest, although Xen does not support huge
pages. This allowed users with access to /dev/hugepages to cause
a denial of service (crash) in the guest.

• CVE-2016-4482 /
  CVE-2016-4485 /
  CVE-2016-4486 /
  CVE-2016-4569 /
  CVE-2016-4578 /
  CVE-2016-4580 /
  CVE-2016-5243 /
  CVE-2016-5244
  Kangjie Lu reported that the USB devio, llc, rtnetlink, ALSA
  timer, x25, tipc, and rds facilities leaked information from the
  kernel stack.
• CVE-2016-4565
  Jann Horn of Google Project Zero reported that various components
  in the InfiniBand stack implemented unusual semantics for the
  write() operation. On a system with InfiniBand drivers loaded,
  local users could use this for denial of service or privilege
  escalation.
• CVE-2016-4913
  Al Viro found that the ISO9660 filesystem implementation did not
  correctly count the length of certain invalid name entries.
  Reading a directory containing such name entries would leak
  information from kernel memory. Users permitted to mount disks or
  disk images could use this to obtain sensitive information.

For Debian 7 Wheezy, these problems have been fixed in version
3.2.81-1.

This update also fixes bug #627782, which caused data corruption in
some applications running on an aufs filesystem, and includes many
other bug fixes from upstream stable updates 3.2.79, 3.2.80 and
3.2.81.

For Debian 8 Jessie, these problems will be fixed soon.

We recommend that you upgrade your linux packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS&gt;