Debian Long Term Support / LTS Security Information / 2014 / Security Information -- DLA-118-1 linux-2.6

Debian Security Advisory

DLA-118-1 linux-2.6 -- LTS security update

Date Reported:

21 Dec 2014

Affected Packages:

linux-2.6

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-3185, CVE-2014-3687, CVE-2014-3688, CVE-2014-6410, CVE-2014-7841, CVE-2014-8709, CVE-2014-8884.

More information:

Non-maintainer upload by the Squeeze LTS and Kernel Teams.

New upstream stable release 2.6.32.65, see http://lkml.org/lkml/2014/12/13/81 for more information.

The stable release 2.6.32.65 includes the following new commits compared to the previous 2.6.32-48squeeze9 package:

• USB: whiteheat: Added bounds checking for bulk command response (CVE-2014-3185)
• net: sctp: fix panic on duplicate ASCONF chunks (CVE-2014-3687)
• net: sctp: fix remote memory pressure from excessive queueing (CVE-2014-3688)
• udf: Avoid infinite loop when processing indirect ICBs (CVE-2014-6410)
• net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (CVE-2014-7841)
• mac80211: fix fragmentation code, particularly for encryption (CVE-2014-8709)
• ttusb-dec: buffer overflow in ioctl (CVE-2014-8884)

We recommend that you upgrade your linux-2.6 packages.

We apologize for a minor cosmetic glitch:

The following commits were already included in 2.6.32-48squeeze9 despite claims in debian/changelog they were only fixed in 2.6.32-48squeez10:

• vlan: Don't propagate flag changes on down interfaces.
• sctp: Fix double-free introduced by bad backport in 2.6.32.62
• md/raid6: Fix misapplied backport in 2.6.32.64
• block: add missing blk_queue_dead() checks
• block: Fix blk_execute_rq_nowait() dead queue handling
• proc connector: Delete spurious memset in proc_exit_connector()