LiteHawk QUATTRO NEON Quadcopter Drone Review @ ModSynergy.com

[news 28]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3426-1 security ( -at -) debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

December 17, 2015 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux

CVE ID : CVE-2013-7446 CVE-2015-7799 CVE-2015-7833 CVE-2015-8104

CVE-2015-8374 CVE-2015-8543

 

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a privilege escalation, denial of service, information leak

or data loss.

 

CVE-2013-7446

 

Dmitry Vyukov discovered that a particular sequence of valid

operations on local (AF_UNIX) sockets can result in a

use-after-free. This may be used to cause a denial of service

(crash) or possibly for privilege escalation.

 

CVE-2015-7799

 

It was discovered that a user granted access to /dev/ppp can cause a

denial of service (crash) by passing invalid parameters to the

PPPIOCSMAXCID ioctl. This also applies to ISDN PPP device nodes.

 

CVE-2015-7833

 

Sergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a

flaw in the processing of certain USB device descriptors in the

usbvision driver. An attacker with physical access to the system can

use this flaw to crash the system. This was partly fixed by the

changes listed in DSA 3396-1.

 

CVE-2015-8104

 

Jan Beulich reported a guest to host denial-of-service flaw

affecting the KVM hypervisor running on AMD processors. A malicious

guest can trigger an infinite stream of "debug" (#DB) exceptions

causing the processor microcode to enter an infinite loop where the

core never receives another interrupt. This leads to a panic of the

host kernel.

 

CVE-2015-8374

 

It was discovered that Btrfs did not correctly implement truncation

of compressed inline extents. This could lead to an information

leak, if a file is truncated and later made readable by other users.

Additionally, it could cause data loss. This has been fixed for the

stable distribution (jessie) only.

 

CVE-2015-8543

 

It was discovered that a local user permitted to create raw sockets

could cause a denial-of-service by specifying an invalid protocol

number for the socket. The attacker must have the CAP_NET_RAW

capability in their user namespace. This has been fixed for the

stable distribution (jessie) only.

 

For the oldstable distribution (wheezy), these problems have been fixed

in version 3.2.73-2+deb7u1. In addition, this update contains several

changes originally targeted for the upcoming Wheezy point release.

 

For the stable distribution (jessie), these problems have been fixed in

version 3.16.7-ckt20-1+deb8u1. In addition, this update contains several

changes originally targeted for the upcoming Jessie point release.

 

We recommend that you upgrade your linux packages.

 

Further information about Debian Security Advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://www.debian.org/security/