Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.0614
linux security update
9 March 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux kernel
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Root Compromise -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2017-6353 CVE-2017-6348 CVE-2017-6346
CVE-2017-6345 CVE-2017-6214 CVE-2017-5986
CVE-2017-5669 CVE-2017-2636 CVE-2016-9588
Reference: ESB-2017.0542
ESB-2017.0497
Original Bulletin:
http://www.debian.org/security/2017/dsa-3804
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3804-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 08, 2017 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2016-9588 CVE-2017-2636 CVE-2017-5669 CVE-2017-5986
CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348
CVE-2017-6353
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or have other
impacts.
CVE-2016-9588
Jim Mattson discovered that the KVM implementation for Intel x86
processors does not properly handle #BP and #OF exceptions in an
L2 (nested) virtual machine. A local attacker in an L2 guest VM
can take advantage of this flaw to cause a denial of service for
the L1 guest VM.
CVE-2017-2636
Alexander Popov discovered a race condition flaw in the n_hdlc
line discipline that can lead to a double free. A local
unprivileged user can take advantage of this flaw for privilege
escalation. On systems that do not already have the n_hdlc module
loaded, this can be mitigated by disabling it:
echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false
CVE-2017-5669
Gareth Evans reported that privileged users can map memory at
address 0 through the shmat() system call. This could make it
easier to exploit other kernel security vulnerabilities via a
set-UID program.
CVE-2017-5986
Alexander Popov reported a race condition in the SCTP
implementation that can be used by local users to cause a
denial-of-service (crash). The initial fix for this was incorrect
and introduced further security issues (CVE-2017-6353). This
update includes a later fix that avoids those. On systems that do
not already have the sctp module loaded, this can be mitigated by
disabling it:
echo >> /etc/modprobe.d/disable-sctp.conf install sctp false
CVE-2017-6214
Dmitry Vyukov reported a bug in the TCP implementation's handling
of urgent data in the splice() system call. This can be used by a
remote attacker for denial-of-service (hang) against applications
that read from TCP sockets with splice().
CVE-2017-6345
Andrey Konovalov reported that the LLC type 2 implementation
incorrectly assigns socket buffer ownership. This can be used
by a local user to cause a denial-of-service (crash). On systems
that do not already have the llc2 module loaded, this can be
mitigated by disabling it:
echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false
CVE-2017-6346
Dmitry Vyukov reported a race condition in the raw packet (af_packet)
fanout feature. Local users with the CAP_NET_RAW capability (in any
user namespace) can use this for denial-of-service and possibly for
privilege escalation.
CVE-2017-6348
Dmitry Vyukov reported that the general queue implementation in
the IrDA subsystem does not properly manage multiple locks,
possibly allowing local users to cause a denial-of-service
(deadlock) via crafted operations on IrDA devices.
For the stable distribution (jessie), these problems have been fixed in
version 3.16.39-1+deb8u2.
We recommend that you upgrade your linux packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAljAOE9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Q3Rg/7BAWcn97hmyotDGbm1LQLrRBiyjW66+aT51IHzbKbY8y+dVUodFDOeVpt
EWoisRwmeLj8A79v5GTV9Fdhu86vKt+E7N93KVeNQY8ELLxNEM+v4R0QGFbfzFpz
8CQn3kpZgQP9grMKBiY2quJNgXm18eWBDBdpQwvkOzr5AtKGNnX9nqEx6xWezA79
okdBJM88jETOWWI91njTCJIVYFhJOw1hBV+dYJVZIibR5pvjRLHRkGXhVDvE5erZ
m5VehpBlmdJAuK9JoovzKenEWJmAL775nwWKIyau4P+FsQxkPzuk1sk4MrqC9ZML
KShQP9FX/YbqhBDtIN/8pTK/r0zqn/L0FZc89woqdTCotzrgoRjiSjgTU37WhU66
YxfDNYzJ7EeAWH68UjiMNcABz4tlEr5U8B+eQLJYzgGeF5s37j3l0UqmWJ/6j8fB
gaza8eLvw0/97Cx9Wzp7blbjaQ722z0tfKJ7NiLgGTUJU655R4XtMAcPDc8Dr8mP
ocncMDy76L+B9JdTh3+KK0DsMv0YLnOK/d6LzHkGJtap/UubQZTNHIeAd472Sygm
iBj/R2ZZhZRoMoWjqlmBf4ZjyVgOpofOYSWPJ/AEdgF8zkCMA1ZBmB/WXqLyvOkh
WFR8Cq23dNS+GYtyqqi7jbAhEzqv36fzJ7pymr1/RrikrRwRW3E=
=WOjC
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWMCsF4x+lLeg9Ub1AQgQ0g//ek98UhnTZmLOuy1z71Sm9ELICWLlTmku
o/ocAXvjTN1n5zOdZJ9tqs7/uALmWGDpKomq5jTubAcEjnVm645VC5ykQR7/dC5a
ZeDlPlV2y3w1DrwKGUDqd7ZxBlOObb4g7injORz7cbtH3JzQOun1Tq60BVcM65O5
XO4FLu+RE2Mltc9eRQbKR/uaEvCS9vQ1xkRLg8iy9XAK+gM74mjI5fCbRPo+LnHN
rX0R43B39TQdSGywTLCvnrTNuhQQyKJNamD9nL8WNIG1fQ5zXdSr0S8MFNGJBAIN
5/sdbq93cP46Xf32s/mksblFzQt7iLrCkMgclS6mUkRhe/7ApX/MjieqL7ft8QhZ
TOpeOzz4AsFyqCUfYhdGuyZAWpGk+TfJX4tvlf8xuyqOA2v8Ji0ssW/CZnhfgjh2
38Zcs/gcBxo37ee/nNt5CUSPrjS1thtpT90Q1pLKoI0ggU+4voTeHUI3PCLF+72C
5y3VSBa1SUlMBT7qzax0TIvSZR/W8h5sW7Idxh5YMEFTlE4vd8rK3mHaieeXMBLJ
ZV/67EjEWtQjKLYzx42JethVyAKW8F63dYlpg6WIX4jQ4J0LFjM3wVH33cRQQX9F
hdlK4ui8flvikdFghY9jJFUJTdMTAahfqYHiEZ4Y8PDlzld0HfoUlZzcEq2kaK4x
W2me4AaWQ8o=
=wM2T
-----END PGP SIGNATURE-----