Debian Security Advisory
DLA-325-1 linux-2.6 -- LTS security update
- Date Reported:
- 12 Oct 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-2925, CVE-2015-5257, CVE-2015-7613.
- More information:
This update fixes the CVEs described below.
Jann Horn discovered that when a subdirectory of a filesystem was bind-mounted into a chroot or mount namespace, a user that should be confined to that chroot or namespace could access the whole of that filesystem if they had write permission on an ancestor of the subdirectory. This is not a common configuration for this kernel version.
Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB device could cause a denial of service (crash) by imitating a Whiteheat USB serial device but presenting a smaller number of endpoints.
Dmitry Vyukov discovered that System V IPC objects (message queues and shared memory segments) were made accessible before their ownership and other attributes were fully initialised. If a local user can race against another user or service creating a new IPC object, this may result in unauthorised information disclosure, unauthorised information modification, denial of service and/or privilege escalation.
A similar issue existed with System V semaphore arrays, but was less severe because they were always cleared before being fully initialised.
For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze16.
For the oldstable distribution (wheezy), these problems will be fixed in version 3.2.68-1+deb7u5.
For the stable distribution (jessie), these problems will be fixed in version 3.16.7-ckt11-1+deb8u5 or have been fixed earlier.