-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.0496
                           linux security update
                             23 February 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Increased Privileges     -- Existing Account
                   Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-6074 CVE-2017-6001 CVE-2017-5970
                   CVE-2017-5897 CVE-2017-5551 CVE-2017-5549
                   CVE-2017-2618 CVE-2017-2596 CVE-2017-2584
                   CVE-2017-2583 CVE-2016-9191 CVE-2016-8405
                   CVE-2016-6787 CVE-2016-6786 

Reference:         ESB-2017.0486
                   ESB-2017.0475
                   ESB-2017.0468

Original Bulletin: 
   http://www.debian.org/security/2017/dsa-3791

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3791-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 22, 2017                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2016-6786 CVE-2016-6787 CVE-2016-8405 CVE-2016-9191
                 CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2618
                 CVE-2017-5549 CVE-2017-5551 CVE-2017-5897 CVE-2017-5970
                 CVE-2017-6001 CVE-2017-6074

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or have other
impacts.

CVE-2016-6786 / CVE-2016-6787

    It was discovered that the performance events subsystem does not
    properly manage locks during certain migrations, allowing a local
    attacker to escalate privileges.  This can be mitigated by
    disabling unprivileged use of performance events:
    sysctl kernel.perf_event_paranoid=3

CVE-2016-8405

    Peter Pi of Trend Micro discovered that the frame buffer video
    subsystem does not properly check bounds while copying color maps to
    userspace, causing a heap buffer out-of-bounds read, leading to
    information disclosure.

CVE-2016-9191

    CAI Qian discovered that reference counting is not properly handled
    within proc_sys_readdir in the sysctl implementation, allowing a
    local denial of service (system hang) or possibly privilege
    escalation.

CVE-2017-2583

    Xiaohan Zhang reported that KVM for amd64 does not correctly
    emulate loading of a null stack selector.  This can be used by a
    user in a guest VM for denial of service (on an Intel CPU) or to
    escalate privileges within the VM (on an AMD CPU).

CVE-2017-2584

    Dmitry Vyukov reported that KVM for x86 does not correctly emulate
    memory access by the SGDT and SIDT instructions, which can result
    in a use-after-free and information leak.

CVE-2017-2596

    Dmitry Vyukov reported that KVM leaks page references when
    emulating a VMON for a nested hypervisor.  This can be used by a
    privileged user in a guest VM for denial of service or possibly
    to gain privileges in the host.

CVE-2017-2618

    It was discovered that an off-by-one in the handling of SELinux
    attributes in /proc/pid/attr could result in local denial of
    service.

CVE-2017-5549

    It was discovered that the KLSI KL5KUSB105 serial USB device
    driver could log the contents of uninitialised kernel memory,
    resulting in an information leak.

CVE-2017-5551

    Jan Kara found that changing the POSIX ACL of a file on tmpfs never
    cleared its set-group-ID flag, which should be done if the user
    changing it is not a member of the group-owner. In some cases, this
    would allow the user-owner of an executable to gain the privileges
    of the group-owner.

CVE-2017-5897

    Andrey Konovalov discovered an out-of-bounds read flaw in the
    ip6gre_err function in the IPv6 networking code.

CVE-2017-5970

    Andrey Konovalov discovered a denial-of-service flaw in the IPv4
    networking code.  This can be triggered by a local or remote
    attacker if a local UDP or raw socket has the IP_RETOPTS option
    enabled.

CVE-2017-6001

    Di Shen discovered a race condition between concurrent calls to
    the performance events subsystem, allowing a local attacker to
    escalate privileges. This flaw exists because of an incomplete fix
    of CVE-2016-6786.  This can be mitigated by disabling unprivileged
    use of performance events: sysctl kernel.perf_event_paranoid=3

CVE-2017-6074

    Andrey Konovalov discovered a use-after-free vulnerability in the
    DCCP networking code, which could result in denial of service or
    local privilege escalation.  On systems that do not already have
    the dccp module loaded, this can be mitigated by disabling it:
    echo >> /etc/modprobe.d/disable-dccp.conf install dccp false

For the stable distribution (jessie), these problems have been fixed in
version 3.16.39-1+deb8u1.

We recommend that you upgrade your linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlit3fFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RyhA/+JW0SzLC04cq+WNLAqpfaxpThY34zIyQJlzHYYhYCOIkuUftbDKe47oNz
IKSQcmoIWv0S50yB5GwWB4iE6kBjOYPEDd91AVXjNHTZwyxIwzDxmKKBHZtAzEp/
xQGTvcK0Y6fO9DBsitLLGykCaodCeMkse9pZSpWVDk9dLqyu+UIrdS49Fsz15fyf
AmBA8L7456pGFjh0zQ96mgG1sLgPDiXDTO49h8ORBZPuZxTPR/k9ff8f2piZaPx8
OZBUsOEp/cQyxoFG8yPQusnTzZvv4Pi4Ugoh+3QLhPlSJFP3et09N0kvNZ3yQZC/
oBDjCm2vH+JrujUpVDNv+l8wgoCbtcsS6Y5HoCgBicK914fKqgyU5VmB98q5914J
MpWYvaLC3HpoQ5JIkUGNkblxX9ETtGzRO5r361HaSJkH20LClEW7Fe/ZcdVdQrtN
QB1FiGVec72Ox+/Ih2LwtZPZmxnAYQ7zQOgFFmadV5j9knUqaiZ519wSdusf3T83
uKvF/jRRkLszsaFwOT61O9/P4Ni5CfeZmytQ2jeLbCUOd5TxLeGQiUNAw7Ii6/fZ
ayFIPVOm9fFwMQ1cuwrS0qBWZEwBu4BjgxNiXiwwxHskLRES5bZnA8Tqv0PJAwNd
RqRR023yxKYLavEesBOy3fDcQkKHBWYTqe96Cb1qOJ7ynzcJ6DA=
=Hp/U
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWK5ZEIx+lLeg9Ub1AQjZkg/8DemYnVysT47gEUsDmgrAFs56gEVcTWD5
yTohzavJlzuowex14oDIPJW9fog+1Ra5seXt7bFxKJ+drzkPrTU4kTYto1eynJwN
97T0JblERtZbIFL/GLTTnrNNTBAVQ2Hg7chOSnjGg2K0VGGoW1tjmUljIvZbGL3z
I6EycfYoWsy34xPR3L6cGZocC1ceCCfoCJ5mOGnW4NstIza4HPHVtqlsy++rAoRn
96yV+oB0vKcYEKDHSt/G7ia3za01RJkrusJGUOAc+rjS16J1tmyyf2stPNumAdDP
ogbVQo6W5hICr4EBkitq+tHeQXkUvvi0IQDRJHAGvIYr/KO3kLZLcwxi+lYfwyXH
6o711JFgVVAXPw82gdEWCiLkqngOqTUGryO9v54j9zlC7IT7447ZxdJSSUNyXZOO
grTeoaNjDYEk7KaaUHb5SxyIHSnKa2zRg5x8H6MO762o9F6ooIHQeV8lT+mQB1g6
/gF8AaBZSWpydSQAKVWyH8YltRgliw2Ypnp9nKycDkkghNcP/Kv8vXlg4lbJY6ZD
zbvrXdOwyEiV0UVFj4FiXVyCLuelbI97n/BBoZ924S26L07sfzuKRkHsLMYpL8OU
FZg19XZmB8pIyL8N4wCp9UfiaTE33HAeVEKJEmWFzCTR17CsQFCh8cHlpdcQugEY
zOVB3dA85Bo=
=B89/
-----END PGP SIGNATURE-----