Debian Security Advisory

DLA-439-1 linux-2.6 -- LTS security update

Date Reported:

29 Feb 2016

Affected Packages:

linux-2.6

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-8812, CVE-2016-0774, CVE-2016-2384.

More information:

This update fixes the CVEs described below.

CVE-2015-8812
A flaw was found in the iw_cxgb3 Infiniband driver. Whenever it could not send a packet because the network was congested, it would free the packet buffer but later attempt to send the packet again. This use-after-free could result in a denial of service (crash or hang), data loss or privilege escalation.
CVE-2016-0774
It was found that the fix for CVE-2015-1805 in kernel versions older than Linux 3.16 did not correctly handle the case of a partially failed atomic read. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space.
CVE-2016-2384
Andrey Konovalov found that a USB MIDI device with an invalid USB descriptor could trigger a double-free. This may be used by a physically present user for privilege escalation.

Additionally, it fixes some old security issues with no CVE ID:

Several kernel APIs permitted reading or writing 2 GiB of data or more in a single chunk, which could lead to an integer overflow when applied to certain filesystems, socket or device types. The full security impact has not been evaluated.

Finally, it fixes a regression in 2.6.32-48squeeze17 that would cause Samba to hang in some situations.

For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze20. This is *really* the final update to the linux-2.6 package for squeeze.

For the oldstable distribution (wheezy), the kernel was not affected by the integer overflow issues and the remaining problems will be fixed in version 3.2.73-2+deb7u3.

For the stable distribution (jessie), the kernel was not affected by the integer overflow issues or CVE-2016-0774, and the remaining problems will be fixed in version 3.16.7-ckt20-1+deb8u4.