[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 310-1] linux-2.6 security update



Package        : linux-2.6
Version        : 2.6.32-48squeeze14
CVE ID         : CVE-2015-0272 CVE-2015-5156 CVE-2015-5364 CVE-2015-5366 
                 CVE-2015-5697 CVE-2015-5707 CVE-2015-6937

This update fixes the CVEs described below.

CVE-2015-0272

    It was discovered that NetworkManager would set IPv6 MTUs based on
    the values received in IPv6 RAs (Router Advertisements), without
    sufficiently validating these values.  A remote attacker could
    exploit this attack to disable IPv6 connectivity.  This has been
    mitigated by adding validation in the kernel.

CVE-2015-5156

    Jason Wang discovered that when a virtio_net device is connected
    to a bridge in the same VM, a series of TCP packets forwarded
    through the bridge may cause a heap buffer overflow.  A remote
    attacker could use this to cause a denial of service (crash) or
    possibly for privilege escalation.

CVE-2015-5364

    It was discovered that the Linux kernel does not properly handle
    invalid UDP checksums. A remote attacker could exploit this flaw to
    cause a denial of service using a flood of UDP packets with invalid
    checksums.

CVE-2015-5366

    It was discovered that the Linux kernel does not properly handle
    invalid UDP checksums. A remote attacker can cause a denial of
    service against applications that use epoll by injecting a single
    packet with an invalid checksum.

CVE-2015-5697

    A flaw was discovered in the md driver in the Linux kernel leading
    to an information leak.

CVE-2015-5707

    An integer overflow in the SCSI generic driver in the Linux kernel
    was discovered. A local user with write permission on a SCSI generic
    device could potentially exploit this flaw for privilege escalation.

CVE-2015-6937

    It was found that the Reliable Datagram Sockets (RDS) protocol
    implementation did not verify that an underlying transport exists
    when creating a connection.  Depending on how a local RDS
    application initialised its sockets, a remote attacker might be
    able to cause a denial of service (crash) by sending a crafted
    packet.

For the oldoldstable distribution (squeeze), these problems have been
fixed in version 2.6.32-48squeeze14.

For the oldstable distribution (wheezy), these problems have been
fixed in version 3.2.68-1+deb7u4 or earlier.

For the stable distribution (jessie), these problems have been fixed
in version 3.16.7-ckt11-1+deb8u4 or earlier.

-- 
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams


Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: