-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.2086
                           linux security update
                             5 September 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux kernel
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Root Compromise                -- Existing Account      
                   Denial of Service              -- Remote/Unauthenticated
                   Provide Misleading Information -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-6828 CVE-2016-6480 CVE-2016-6136
                   CVE-2016-5696  

Reference:         ESB-2016.2027
                   ESB-2016.1997

Original Bulletin: 
   http://www.debian.org/security/2016/dsa-3659

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3659-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 04, 2016                    https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2016-5696 CVE-2016-6136 CVE-2016-6480 CVE-2016-6828

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or have other
impacts.

CVE-2016-5696

    Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V.
    Krishnamurthy of the University of California, Riverside; and Lisa
    M. Marvel of the United States Army Research Laboratory discovered
    that Linux's implementation of the TCP Challenge ACK feature
    results in a side channel that can be used to find TCP connections
    between specific IP addresses, and to inject messages into those
    connections.

    Where a service is made available through TCP, this may allow
    remote attackers to impersonate another connected user to the
    server or to impersonate the server to another connected user.  In
    case the service uses a protocol with message authentication
    (e.g. TLS or SSH), this vulnerability only allows denial of
    service (connection failure).  An attack takes tens of seconds, so
    short-lived TCP connections are also unlikely to be vulnerable.

    This may be mitigated by increasing the rate limit for TCP
    Challenge ACKs so that it is never exceeded:
        sysctl net.ipv4.tcp_challenge_ack_limit=1000000000

CVE-2016-6136

    Pengfei Wang discovered that the audit subsystem has a
    'double-fetch' or 'TOCTTOU' bug in its handling of special
    characters in the name of an executable.  Where audit logging of
    execve() is enabled, this allows a local user to generate
    misleading log messages.

CVE-2016-6480

    Pengfei Wang discovered that the aacraid driver for Adaptec RAID
    controllers has a 'double-fetch' or 'TOCTTOU' bug in its
    validation of 'FIB' messages passed through the ioctl() system
    call.  This has no practical security impact in current Debian
    releases.

CVE-2016-6828

    Marco Grassi reported a 'use-after-free' bug in the TCP
    implementation, which can be triggered by local users.  The
    security impact is unclear, but might include denial of service or
    privilege escalation.

For the stable distribution (jessie), these problems have been fixed in
version 3.16.36-1+deb8u1. In addition, this update contains several
changes originally targeted for the upcoming jessie point release.

We recommend that you upgrade your linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXzFXRAAoJEAVMuPMTQ89E+dIP/jfMi3ybmcKI4vHK5UP3SOqw
94zb7ixu7x6hsSKhLPtB+CFq0lq9il3fkhB4BwCt6Q5McwMnkHR5QVO2bnaifFOJ
bk/gdEm7al6qr+YmXcTsH5xjTBWg0FhbLWDtk1y6xWtzjYoX81g4Gm9NKMjOO8a/
00tKMXxbTDR+Xxqffw51ZoDIq3MEsQ5kNUzLTOIeKrUzqOV57PRFgiRYio+HZQTu
qr+7O1a0/DvZBXOZ0EzDODEscCZjLFZOyQcF6NHRUdp2z4THZT2DZi9Lym8HLOia
QRBvpwvZw3TWMawuN50vUYm3uwWj0tDegV+Jle7guiCToqxOewkGq7us3uMAy1Lu
WnIFso1Mh0fpV2KQWy9cKOQklFNp+Nvtd/BwnIMDfUNH+VP84HiaFy4fcnKw4e8+
zHRhRxSIDwVZHpb+DpT9Nyaxh7oN2EhyBkbVtCmLndEy3ST83BjUvjPmCogsyKMP
PJTt26neVvQBh+EPxAb/3bgP3np+AYu16i/MVXsuCki2xoj90q9Meose37L16Wux
WZechpqVnCn2M7P55hYyiwYxr8EChZOspW8a7yFaSmaoZZOtle3GcpTnkzbxUWAK
ESfx1/di+9f1rDK/tY95ITnJ7GXhtjFuBJUlqXhcR1SiI62/4v6sd5yg6wdkqAJv
fO1mPLrl4MbpN7Z0zm7e
=bM3O
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV8zmSox+lLeg9Ub1AQhRmxAAhyXsOsBkyneVHwgRaL3KlgaZui7djB/V
UUr62ojLcC8JvcQzrMmF+pJBroCYkT9rFjD6yGsYZSMt9n+fgY/1pVJiMYrwHwae
sCvbYSqD52vRUzDaOwvACcjHc+8so1GIZ6B5PPMz+fyjK6mUGTDObXp5acFwV+4W
kNdKUT7brMJjc581NTKe+tgM3xvWjNALYe/lQ8T+Byxe2ENY2m7sU6+VS69wmZb5
ydt+6F1o8ugZ2/JcihFGYXXPz0DtFdT7dBvoSLYs2d7S0elxvYWqhtqBfkTaRB06
eTfa6pPhNRII/zWKLuzfASfkv+HAFTKGnZIHcmTPX8lGTrml+ulNBAVuDkhXaQnd
PcqyDIfNqi3Sw3C1wk2Q/Pt3WUlHqMQT/MSbBlHzIR7KEOQkWi90UQ1nVOnCTOcm
U78FSm737Agt6uL6NM5pvdhb7RB2Lq45GbZ7/dMlKx4GDkxAWBJ2MqEDnFaaArxb
fHl2J8DbFXQUuLSr0HknKyLiK9JtkeAM8VDlqsDCCszR6cSlJEnKYJA+04Oq+sXO
oIV+qvScfUW5D0X5QAHmF+I3j1mUrBZY5I10cfZWFXYz51ZsBYZj6lUt/fOWSecI
eG7NeqIpqKDB2KAV7/4FWUCCitfdLycRSVDoJ+vrdYi/eu+jU1VFcNggHUVLHO4p
k+S7YUp9Z8o=
=D/6S
-----END PGP SIGNATURE-----