Lucene search

K
osvGoogleOSV:DSA-3696-1
HistoryOct 19, 2016 - 12:00 a.m.

linux - security update

2016-10-1900:00:00
Google
osv.dev
29

0.879 High

EPSS

Percentile

98.7%

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

  • CVE-2015-8956
    It was discovered that missing input sanitising in RFCOMM Bluetooth
    socket handling may result in denial of service or information leak.
  • CVE-2016-5195
    It was discovered that a race condition in the memory management
    code can be used for local privilege escalation.
  • CVE-2016-7042
    Ondrej Kozina discovered that incorrect buffer allocation in the
    proc_keys_show() function may result in local denial of service.
  • CVE-2016-7425
    Marco Grassi discovered a buffer overflow in the arcmsr SCSI driver
    which may result in local denial of service, or potentially,
    arbitrary code execution.

Additionally this update fixes a regression introduced in DSA-3616-1
causing iptables performance issues (cf. Debian Bug #831014).

For the stable distribution (jessie), these problems have been fixed in
version 3.16.36-1+deb8u2.

We recommend that you upgrade your linux packages.