linux - security update

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or information leaks.

• CVE-2013-6885
  It was discovered that under specific circumstances, a combination
  of write operations to write-combined memory and locked CPU
  instructions may cause a core hang on AMD 16h 00h through 0Fh
  processors. A local user can use this flaw to mount a denial of
  service (system hang) via a crafted application.

For more information please refer to the AMD CPU erratum 793 in
<http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf&gt;

• CVE-2014-8133
  It was found that the espfix funcionality can be bypassed by
  installing a 16-bit RW data segment into GDT instead of LDT (which
  espfix checks for) and using it for stack. A local unprivileged user
  could potentially use this flaw to leak kernel stack addresses and
  thus allowing to bypass the ASLR protection mechanism.
• CVE-2014-9419
  It was found that on Linux kernels compiled with the 32 bit
  interfaces (CONFIG_X86_32) a malicious user program can do a
  partial ASLR bypass through TLS base addresses leak when attacking
  other programs.
• CVE-2014-9529
  It was discovered that the Linux kernel is affected by a race
  condition flaw when doing key garbage collection, allowing local
  users to cause a denial of service (memory corruption or panic).
• CVE-2014-9584
  It was found that the Linux kernel does not validate a length value
  in the Extensions Reference (ER) System Use Field, which allows
  local users to obtain sensitive information from kernel memory via a
  crafted iso9660 image.

For the stable distribution (wheezy), these problems have been fixed in
version 3.2.65-1+deb7u1. Additionally this update fixes a suspend/resume
regression introduced with 3.2.65.

For the upcoming stable distribution (jessie) and the unstable
distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your linux packages.