KernelCare Blog

Debian 7 & 8 kernels patched to latest with KernelCare

Debian 7 & 8 kernels patched to latest with KernelCare

Debian 7 kernels updated to linux-3.2.73-2+deb7u3

Debian 8 kernels updated to linux-3.16.7-ckt20-1+deb8u4
 
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare. conf will automatically update, and no action is needed for them.

You can manually update the server by running:

# /usr/bin/kcarectl --update
Changelog:
debian7:
  CVE-2015-7566: Ralf Spenneberg of OpenSource Security reported that the visor driver
    crashes when a specially crafted USB device without bulk-out endpoint is detected.
  CVE-2015-8767: An SCTP denial-of-service was discovered which can be triggered by
    a local attacker during a heartbeat timeout event after the 4-way handshake.
  CVE-2015-8785: It was discovered that local users permitted to write to a file on
    a FUSE filesystem could cause a denial of service (unkillable loop in the kernel).
  CVE-2015-8812: A flaw was found in the iw_cxgb3 Infiniband driver. Whenever it could
    not send a packet because the network was congested, it would free the packet
    buffer but later attempt to send the packet again. This use-after-free could result
    in a denial of service (crash or hang), data loss or privilege escalation.
  CVE-2016-0723: A use-after-free vulnerability was discovered in the TIOCGETD ioctl.
    A local attacker could use this flaw for denial-of-service.
  CVE-2016-0774: It was found that the fix for CVE-2015-1805 in kernel versions older
    than Linux 3.16 did not correctly handle the case of a partially failed atomic
    read. A local, unprivileged user could use this flaw to crash the system or leak
    kernel memory to user space.
  CVE-2016-2069: Andy Lutomirski discovered a race condition in flushing of the TLB
    when switching tasks on an x86 system. On an SMP system this could possibly lead
    to a crash, information leak or privilege escalation.
  CVE-2016-2384: Andrey Konovalov found that a crafted USB MIDI device with an invalid
    USB descriptor could trigger a double-free. This may be used by a physically present
    user for privilege escalation.
  CVE-2016-2543: Dmitry Vyukov found that the core sound sequencer driver (snd-seq)
    lacked a necessary check for a null pointer, allowing a user with access to a
    sound sequencer device to cause a denial-of-service (crash).
  CVE-2016-2544: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2545: Dmitry Vyukov found a flaw in list manipulation in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use this
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2546: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2547: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2548: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2549: Dmitry Vyukov found a potential deadlock in the sound subsystem (ALSA)'s
    use of high resolution timers. A user with access to sound devices could use this
    to cause a denial-of-service (hang).
  cvelist: [CVE-2015-7566, CVE-2015-8767, CVE-2015-8785, CVE-2015-8812, CVE-2016-0723,
    CVE-2016-0774, CVE-2016-2069, CVE-2016-2384, CVE-2016-2543, CVE-2016-2544, CVE-2016-2545,
    CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549]
debian8:
  CVE-2015-8785: It was discovered that local users permitted to write to a file on
    a FUSE filesystem could cause a denial of service (unkillable loop in the kernel).
  CVE-2015-8812: A flaw was found in the iw_cxgb3 Infiniband driver. Whenever it could
    not send a packet because the network was congested, it would free the packet
    buffer but later attempt to send the packet again. This use-after-free could result
    in a denial of service (crash or hang), data loss or privilege escalation.
  CVE-2015-8830: Ben Hawkes of Google Project Zero reported that the AIO interface
    permitted reading or writing 2 GiB of data or more in a single chunk, which could
    lead to an integer overflow when applied to certain filesystems, socket or device
    types. The full security impact has not been evaluated.
  CVE-2016-2069: Andy Lutomirski discovered a race condition in flushing of the TLB
    when switching tasks on an x86 system. On an SMP system this could possibly lead
    to a crash, information leak or privilege escalation.
  CVE-2016-2384: Andrey Konovalov found that a crafted USB MIDI device with an invalid
    USB descriptor could trigger a double-free. This may be used by a physically present
    user for privilege escalation.
  CVE-2016-2543: Dmitry Vyukov found that the core sound sequencer driver (snd-seq)
    lacked a necessary check for a null pointer, allowing a user with access to a
    sound sequencer device to cause a denial-of-service (crash).
  CVE-2016-2544: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2545: Dmitry Vyukov found a flaw in list manipulation in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use this
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2546: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2547: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2548: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2549: Dmitry Vyukov found a potential deadlock in the sound subsystem (ALSA)'s
    use of high resolution timers. A user with access to sound devices could use this
    to cause a denial-of-service (hang).
  cvelist: [CVE-2015-8785, CVE-2015-8812, CVE-2015-8830, CVE-2016-2069, CVE-2016-2384,
    CVE-2016-2543, CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548,
    CVE-2016-2549]

Topic: KernelCare Blog

2960 people viewed this

Comments

 
No comments yet

Leave your comment

Guest, Thursday, 13 December 2018

Captcha Image