linux - security update

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service, unauthorised
information disclosure or unauthorised information modification.

• CVE-2015-2925
  Jann Horn discovered that when a subdirectory of a filesystem was
  bind-mounted into a chroot or mount namespace, a user that should
  be confined to that chroot or namespace could access the whole of
  that filesystem if they had write permission on an ancestor of
  the subdirectory. This is not a common configuration for wheezy,
  and the issue has previously been fixed for jessie.
• CVE-2015-5257
  Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB
  device could cause a denial of service (crash) by imitating a
  Whiteheat USB serial device but presenting a smaller number of
  endpoints.
• CVE-2015-5283
  Marcelo Ricardo Leitner discovered that creating multiple SCTP
  sockets at the same time could cause a denial of service (crash)
  if the sctp module had not previously been loaded. This issue
  only affects jessie.
• CVE-2015-7613
  Dmitry Vyukov discovered that System V IPC objects (message queues
  and shared memory segments) were made accessible before their
  ownership and other attributes were fully initialised. If a local
  user can race against another user or service creating a new IPC
  object, this may result in unauthorised information disclosure,
  unauthorised information modification, denial of service and/or
  privilege escalation.

A similar issue existed with System V semaphore arrays, but was
less severe because they were always cleared before being fully
initialised.

For the oldstable distribution (wheezy), these problems have been fixed
in version 3.2.68-1+deb7u5.

For the stable distribution (jessie), these problems have been fixed in
version 3.16.7-ckt11-1+deb8u5.

For the unstable distribution (sid), these problems have been fixed in
version 4.2.3-1 or earlier versions.

We recommend that you upgrade your linux packages.