CloudLinux - CloudLinux Blog - Debian 7 & 8 kernels patched to latest with KernelCare
KernelCare Blog

Debian 7 & 8 kernels patched to latest with KernelCare

Debian 7 & 8 kernels patched to latest with KernelCare

Debian 7 kernels updated to linux-3.2.73-2+deb7u3

Debian 8 kernels updated to linux-3.16.7-ckt20-1+deb8u4
 
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare. conf will automatically update, and no action is needed for them.

You can manually update the server by running:

# /usr/bin/kcarectl --update
Changelog:
debian7:
  CVE-2015-7566: Ralf Spenneberg of OpenSource Security reported that the visor driver
    crashes when a specially crafted USB device without bulk-out endpoint is detected.
  CVE-2015-8767: An SCTP denial-of-service was discovered which can be triggered by
    a local attacker during a heartbeat timeout event after the 4-way handshake.
  CVE-2015-8785: It was discovered that local users permitted to write to a file on
    a FUSE filesystem could cause a denial of service (unkillable loop in the kernel).
  CVE-2015-8812: A flaw was found in the iw_cxgb3 Infiniband driver. Whenever it could
    not send a packet because the network was congested, it would free the packet
    buffer but later attempt to send the packet again. This use-after-free could result
    in a denial of service (crash or hang), data loss or privilege escalation.
  CVE-2016-0723: A use-after-free vulnerability was discovered in the TIOCGETD ioctl.
    A local attacker could use this flaw for denial-of-service.
  CVE-2016-0774: It was found that the fix for CVE-2015-1805 in kernel versions older
    than Linux 3.16 did not correctly handle the case of a partially failed atomic
    read. A local, unprivileged user could use this flaw to crash the system or leak
    kernel memory to user space.
  CVE-2016-2069: Andy Lutomirski discovered a race condition in flushing of the TLB
    when switching tasks on an x86 system. On an SMP system this could possibly lead
    to a crash, information leak or privilege escalation.
  CVE-2016-2384: Andrey Konovalov found that a crafted USB MIDI device with an invalid
    USB descriptor could trigger a double-free. This may be used by a physically present
    user for privilege escalation.
  CVE-2016-2543: Dmitry Vyukov found that the core sound sequencer driver (snd-seq)
    lacked a necessary check for a null pointer, allowing a user with access to a
    sound sequencer device to cause a denial-of-service (crash).
  CVE-2016-2544: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2545: Dmitry Vyukov found a flaw in list manipulation in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use this
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2546: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2547: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2548: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2549: Dmitry Vyukov found a potential deadlock in the sound subsystem (ALSA)'s
    use of high resolution timers. A user with access to sound devices could use this
    to cause a denial-of-service (hang).
  cvelist: [CVE-2015-7566, CVE-2015-8767, CVE-2015-8785, CVE-2015-8812, CVE-2016-0723,
    CVE-2016-0774, CVE-2016-2069, CVE-2016-2384, CVE-2016-2543, CVE-2016-2544, CVE-2016-2545,
    CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549]
debian8:
  CVE-2015-8785: It was discovered that local users permitted to write to a file on
    a FUSE filesystem could cause a denial of service (unkillable loop in the kernel).
  CVE-2015-8812: A flaw was found in the iw_cxgb3 Infiniband driver. Whenever it could
    not send a packet because the network was congested, it would free the packet
    buffer but later attempt to send the packet again. This use-after-free could result
    in a denial of service (crash or hang), data loss or privilege escalation.
  CVE-2015-8830: Ben Hawkes of Google Project Zero reported that the AIO interface
    permitted reading or writing 2 GiB of data or more in a single chunk, which could
    lead to an integer overflow when applied to certain filesystems, socket or device
    types. The full security impact has not been evaluated.
  CVE-2016-2069: Andy Lutomirski discovered a race condition in flushing of the TLB
    when switching tasks on an x86 system. On an SMP system this could possibly lead
    to a crash, information leak or privilege escalation.
  CVE-2016-2384: Andrey Konovalov found that a crafted USB MIDI device with an invalid
    USB descriptor could trigger a double-free. This may be used by a physically present
    user for privilege escalation.
  CVE-2016-2543: Dmitry Vyukov found that the core sound sequencer driver (snd-seq)
    lacked a necessary check for a null pointer, allowing a user with access to a
    sound sequencer device to cause a denial-of-service (crash).
  CVE-2016-2544: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2545: Dmitry Vyukov found a flaw in list manipulation in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use this
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2546: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2547: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2548: Dmitry Vyukov found various race conditions in the sound subsystem
    (ALSA)'s management of timers. A user with access to sound devices could use these
    to cause a denial-of-service (crash or hang) or possibly for privilege escalation.
  CVE-2016-2549: Dmitry Vyukov found a potential deadlock in the sound subsystem (ALSA)'s
    use of high resolution timers. A user with access to sound devices could use this
    to cause a denial-of-service (hang).
  cvelist: [CVE-2015-8785, CVE-2015-8812, CVE-2015-8830, CVE-2016-2069, CVE-2016-2384,
    CVE-2016-2543, CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548,
    CVE-2016-2549]
KernelCare supports many distributions, but does i...
KernelCare prevents from attacks fast - releases p...
 

By accepting you will be accessing a service provided by a third-party external to https://www.cloudlinux.com/

EU e-Privacy Directive

This website uses cookies to ensure you get the best experience using our website and services. If you prefer we don’t use cookies, please disable them in your browser.

You have declined cookies. This decision can be reversed.

You have allowed cookies to be placed on your computer. This decision can be reversed.