Debian Security Advisory

DSA-3128-1 linux -- security update

Date Reported:
15 Jan 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2013-6885, CVE-2014-8133, CVE-2014-9419, CVE-2014-9529, CVE-2014-9584.
More information:

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.

  • CVE-2013-6885

    It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.

    For more information please refer to the AMD CPU erratum 793 in

  • CVE-2014-8133

    It was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism.

  • CVE-2014-9419

    It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs.

  • CVE-2014-9529

    It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic).

  • CVE-2014-9584

    It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

For the stable distribution (wheezy), these problems have been fixed in version 3.2.65-1+deb7u1. Additionally this update fixes a suspend/resume regression introduced with 3.2.65.

For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your linux packages.