Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0614 linux security update 9 March 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: linux kernel Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Root Compromise -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-6353 CVE-2017-6348 CVE-2017-6346 CVE-2017-6345 CVE-2017-6214 CVE-2017-5986 CVE-2017-5669 CVE-2017-2636 CVE-2016-9588 Reference: ESB-2017.0542 ESB-2017.0497 Original Bulletin: http://www.debian.org/security/2017/dsa-3804 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3804-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 08, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2016-9588 CVE-2017-2636 CVE-2017-5669 CVE-2017-5986 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348 CVE-2017-6353 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts. CVE-2016-9588 Jim Mattson discovered that the KVM implementation for Intel x86 processors does not properly handle #BP and #OF exceptions in an L2 (nested) virtual machine. A local attacker in an L2 guest VM can take advantage of this flaw to cause a denial of service for the L1 guest VM. CVE-2017-2636 Alexander Popov discovered a race condition flaw in the n_hdlc line discipline that can lead to a double free. A local unprivileged user can take advantage of this flaw for privilege escalation. On systems that do not already have the n_hdlc module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false CVE-2017-5669 Gareth Evans reported that privileged users can map memory at address 0 through the shmat() system call. This could make it easier to exploit other kernel security vulnerabilities via a set-UID program. CVE-2017-5986 Alexander Popov reported a race condition in the SCTP implementation that can be used by local users to cause a denial-of-service (crash). The initial fix for this was incorrect and introduced further security issues (CVE-2017-6353). This update includes a later fix that avoids those. On systems that do not already have the sctp module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-sctp.conf install sctp false CVE-2017-6214 Dmitry Vyukov reported a bug in the TCP implementation's handling of urgent data in the splice() system call. This can be used by a remote attacker for denial-of-service (hang) against applications that read from TCP sockets with splice(). CVE-2017-6345 Andrey Konovalov reported that the LLC type 2 implementation incorrectly assigns socket buffer ownership. This can be used by a local user to cause a denial-of-service (crash). On systems that do not already have the llc2 module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false CVE-2017-6346 Dmitry Vyukov reported a race condition in the raw packet (af_packet) fanout feature. Local users with the CAP_NET_RAW capability (in any user namespace) can use this for denial-of-service and possibly for privilege escalation. CVE-2017-6348 Dmitry Vyukov reported that the general queue implementation in the IrDA subsystem does not properly manage multiple locks, possibly allowing local users to cause a denial-of-service (deadlock) via crafted operations on IrDA devices. For the stable distribution (jessie), these problems have been fixed in version 3.16.39-1+deb8u2. We recommend that you upgrade your linux packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAljAOE9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q3Rg/7BAWcn97hmyotDGbm1LQLrRBiyjW66+aT51IHzbKbY8y+dVUodFDOeVpt EWoisRwmeLj8A79v5GTV9Fdhu86vKt+E7N93KVeNQY8ELLxNEM+v4R0QGFbfzFpz 8CQn3kpZgQP9grMKBiY2quJNgXm18eWBDBdpQwvkOzr5AtKGNnX9nqEx6xWezA79 okdBJM88jETOWWI91njTCJIVYFhJOw1hBV+dYJVZIibR5pvjRLHRkGXhVDvE5erZ m5VehpBlmdJAuK9JoovzKenEWJmAL775nwWKIyau4P+FsQxkPzuk1sk4MrqC9ZML KShQP9FX/YbqhBDtIN/8pTK/r0zqn/L0FZc89woqdTCotzrgoRjiSjgTU37WhU66 YxfDNYzJ7EeAWH68UjiMNcABz4tlEr5U8B+eQLJYzgGeF5s37j3l0UqmWJ/6j8fB gaza8eLvw0/97Cx9Wzp7blbjaQ722z0tfKJ7NiLgGTUJU655R4XtMAcPDc8Dr8mP ocncMDy76L+B9JdTh3+KK0DsMv0YLnOK/d6LzHkGJtap/UubQZTNHIeAd472Sygm iBj/R2ZZhZRoMoWjqlmBf4ZjyVgOpofOYSWPJ/AEdgF8zkCMA1ZBmB/WXqLyvOkh WFR8Cq23dNS+GYtyqqi7jbAhEzqv36fzJ7pymr1/RrikrRwRW3E= =WOjC - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWMCsF4x+lLeg9Ub1AQgQ0g//ek98UhnTZmLOuy1z71Sm9ELICWLlTmku o/ocAXvjTN1n5zOdZJ9tqs7/uALmWGDpKomq5jTubAcEjnVm645VC5ykQR7/dC5a ZeDlPlV2y3w1DrwKGUDqd7ZxBlOObb4g7injORz7cbtH3JzQOun1Tq60BVcM65O5 XO4FLu+RE2Mltc9eRQbKR/uaEvCS9vQ1xkRLg8iy9XAK+gM74mjI5fCbRPo+LnHN rX0R43B39TQdSGywTLCvnrTNuhQQyKJNamD9nL8WNIG1fQ5zXdSr0S8MFNGJBAIN 5/sdbq93cP46Xf32s/mksblFzQt7iLrCkMgclS6mUkRhe/7ApX/MjieqL7ft8QhZ TOpeOzz4AsFyqCUfYhdGuyZAWpGk+TfJX4tvlf8xuyqOA2v8Ji0ssW/CZnhfgjh2 38Zcs/gcBxo37ee/nNt5CUSPrjS1thtpT90Q1pLKoI0ggU+4voTeHUI3PCLF+72C 5y3VSBa1SUlMBT7qzax0TIvSZR/W8h5sW7Idxh5YMEFTlE4vd8rK3mHaieeXMBLJ ZV/67EjEWtQjKLYzx42JethVyAKW8F63dYlpg6WIX4jQ4J0LFjM3wVH33cRQQX9F hdlK4ui8flvikdFghY9jJFUJTdMTAahfqYHiEZ4Y8PDlzld0HfoUlZzcEq2kaK4x W2me4AaWQ8o= =wM2T -----END PGP SIGNATURE-----