blob: 174faae1717038bb9328d51e4b38358baf041fc8 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>This update fixes the CVEs described below.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7550">CVE-2015-7550</a>
<p>Dmitry Vyukov discovered a race condition in the keyring subsystem
that allows a local user to cause a denial of service (crash).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8543">CVE-2015-8543</a>
<p>It was discovered that a local user permitted to create raw sockets
could cause a denial-of-service by specifying an invalid protocol
number for the socket. The attacker must have the CAP_NET_RAW
capability.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8575">CVE-2015-8575</a>
<p>David Miller discovered a flaw in the Bluetooth SCO sockets
implementation that leads to an information leak to local users.</p></li>
</ul>
<p>In addition, this update fixes a regression in the previous update:</p>
<ul>
<li>#808293
<p>A regression in the UDP implementation prevented freeradius and
some other applications from receiving data.</p></li>
</ul>
<p>For the oldoldstable distribution (squeeze), these problems have been
fixed in version 2.6.32-48squeeze18.</p>
<p>For the oldstable distribution (wheezy), these problems have been
fixed in version 3.2.73-2+deb7u2.</p>
<p>For the stable distribution (jessie), these problems have been fixed
in version 3.16.7-ckt20-1+deb8u2 or earlier.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2016/dla-378.data"
# $Id$
|