- Home
- CVEs with nessus.description==This+update+fixes+the+CVEs+described+below.%0A%0ACVE-2016-3857%0A%0AChiachih+Wu+reported+two+bugs+in+the+ARM+OABI+compatibility+layer+that+can+be+used+by+local+users+for+privilege+escalation.+The+OABI+compatibility+layer+is+enabled+in+all+kernel+flavours+for+armel+and+armhf.%0A%0ACVE-2016-4470%0A%0AWade+Mealing+of+the+Red+Hat+Product+Security+Team+reported+that+in+some+error+cases+the+KEYS+subsystem+will+dereference+an+uninitialised+pointer.+A+local+user+can+use+the+keyctl%28%29+system+call+for+denial+of+service+%28crash%29+or+possibly+for+privilege+escalation.%0A%0ACVE-2016-5696%0A%0AYue+Cao%2C+Zhiyun+Qian%2C+Zhongjie+Wang%2C+Tuan+Dao%2C+and+Srikanth+V.%0AKrishnamurthy+of+the+University+of+California%2C+Riverside%3B+and+Lisa+M.%0AMarvel+of+the+United+States+Army+Research+Laboratory+discovered+that+Linux%27s+implementation+of+the+TCP+Challenge+ACK+feature+results+in+a+side+channel+that+can+be+used+to+find+TCP+connections+between+specific+IP+addresses%2C+and+to+inject+messages+into+those+connections.%0A%0AWhere+a+service+is+made+available+through+TCP%2C+this+may+allow+remote+attackers+to+impersonate+another+connected+user+to+the+server+or+to+impersonate+the+server+to+another+connected+user.+In+case+the+service+uses+a+protocol+with+message+authentication+%28e.g.+TLS+or+SSH%29%2C+this+vulnerability+only+allows+denial+of+service+%28connection+failure%29.+An+attack+takes+tens+of+seconds%2C+so+short-lived+TCP+connections+are+also+unlikely+to+be+vulnerable.%0A%0AThis+may+be+mitigated+by+increasing+the+rate+limit+for+TCP+Challenge+ACKs+so+that+it+is+never+exceeded%3A+sysctl+net.ipv4.tcp_challenge_ack_limit%3D1000000000%0A%0ACVE-2016-5829%0A%0ASeveral+heap-based+buffer+overflow+vulnerabilities+were+found+in+the+hiddev+driver%2C+allowing+a+local+user+with+access+to+a+HID+device+to+cause+a+denial+of+service+or+potentially+escalate+their+privileges.%0A%0ACVE-2016-6136%0A%0APengfei+Wang+discovered+that+the+audit+subsystem+has+a+%27double-fetch%27+or+%27TOCTTOU%27+bug+in+its+handling+of+special+characters+in+the+name+of+an+executable.+Where+audit+logging+of+execve%28%29+is+enabled%2C+this+allows+a+local+user+to+generate+misleading+log+messages.%0A%0ACVE-2016-6480%0A%0APengfei+Wang+discovered+that+the+aacraid+driver+for+Adaptec+RAID+controllers+has+a+%27double-fetch%27+or+%27TOCTTOU%27+bug+in+its+validation+of+%27FIB%27+messages+passed+through+the+ioctl%28%29+system+call.+This+has+no+practical+security+impact+in+current+Debian+releases.%0A%0ACVE-2016-6828%0A%0AMarco+Grassi+reported+a+%27use-after-free%27+bug+in+the+TCP+implementation%2C+which+can+be+triggered+by+local+users.+The+security+impact+is+unclear%2C+but+might+include+denial+of+service+or+privilege+escalation.%0A%0ACVE-2016-7118%0A%0AMarcin+Szewczyk+reported+that+calling+fcntl%28%29+on+a+file+descriptor+for+a+directory+on+an+aufs+filesystem+would+result+in+am+%27oops%27.+This+allows+local+users+to+cause+a+denial+of+service.+This+is+a+Debian-specific+regression+introduced+in+version+3.2.81-1.%0A%0AFor+Debian+7+%27Wheezy%27%2C+these+problems+have+been+fixed+in+version+3.2.81-2.+This+version+also+fixes+a+build+failure+%28bug+%23827561%29+for+custom+kernels+with+CONFIG_MODULES+disabled%2C+a+regression+in+version+3.2.81-1.+It+also+updates+the+PREEMPT_RT+featureset+to+version+3.2.81-rt117.%0A%0AFor+Debian+8+%27Jessie%27%2C+CVE-2016-3857+has+no+impact%3B+CVE-2016-4470+and+CVE-2016-5829+were+fixed+in+linux+version+3.16.7-ckt25-2%2Bdeb8u3+or+earlier%3B+and+the+remaining+issues+are+fixed+in+version+3.16.36-1%2Bdeb8u1.%0A%0AWe+recommend+that+you+upgrade+your+linux+packages.%0A%0ANOTE%3A+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+DLA+security+advisory.+Tenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top