blob: 47b393ddb28ff7552de1e7f2e2570fb5ca13b07e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>This update fixes the CVEs described below.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7566">CVE-2015-7566</a>
<p>Ralf Spenneberg of OpenSource Security reported that the visor
driver crashes when a specially crafted USB device without bulk-out
endpoint is detected.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8767">CVE-2015-8767</a>
<p>An SCTP denial-of-service was discovered which can be triggered by a
local attacker during a heartbeat timeout event after the 4-way
handshake.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8785">CVE-2015-8785</a>
<p>It was discovered that local users permitted to write to a file on
a FUSE filesystem could cause a denial of service (unkillable loop
in the kernel).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0723">CVE-2016-0723</a>
<p>A use-after-free vulnerability was discovered in the TIOCGETD ioctl.
A local attacker could use this flaw for denial-of-service.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2069">CVE-2016-2069</a>
<p>Andy Lutomirski discovered a race condition in flushing of the TLB
when switching tasks. On an SMP system this could possibly lead to
a crash, information leak or privilege escalation.</p></li>
</ul>
<p>For the oldoldstable distribution (squeeze), these problems have been
fixed in version 2.6.32-48squeeze19. Additionally, this version
includes upstream stable update 2.6.32.70. This is the final update
to the linux-2.6 package for squeeze.</p>
<p>For the oldstable distribution (wheezy), these problems will be fixed
soon.</p>
<p>For the stable distribution (jessie), <a href="https://security-tracker.debian.org/tracker/CVE-2015-7566">CVE-2015-7566</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-8767">CVE-2015-8767</a> and
<a href="https://security-tracker.debian.org/tracker/CVE-2016-0723">CVE-2016-0723</a> were fixed in linux version 3.16.7-ckt20-1+deb8u3 and
the remaining problems will be fixed soon.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2016/dla-412.data"
# $Id$
|