Debian DLA-155-1 : linux-2.6 security update

Critical Nessus Plugin ID 82138

Synopsis

The remote Debian host is missing a security update.

Description

This update fixes the CVEs described below.

A further issue, CVE-2014-9419, was considered, but appears to require extensive changes with a consequent high risk of regression. It is now unlikely to be fixed in squeeze-lts.

CVE-2013-6885

It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.

For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.
pdf

CVE-2014-7822

It was found that the splice() system call did not validate the given file offset and length. A local unprivileged user can use this flaw to cause filesystem corruption on ext4 filesystems, or possibly other effects.

CVE-2014-8133

It was found that the espfix functionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses.

CVE-2014-8134

It was found that the espfix functionality is wrongly disabled in a 32-bit KVM guest. A local unprivileged user could potentially use this flaw to leak kernel stack addresses.

CVE-2014-8160

It was found that a netfilter (iptables or ip6tables) rule accepting packets to a specific SCTP, DCCP, GRE or UDPlite port/endpoint could result in incorrect connection tracking state. If only the generic connection tracking module (nf_conntrack) was loaded, and not the protocol-specific connection tracking module, this would allow access to any port/endpoint of the specified protocol.

CVE-2014-9420

It was found that the ISO-9660 filesystem implementation (isofs) follows arbitrarily long chains, including loops, of Continuation Entries (CEs). This allows local users to mount a denial of service via a crafted disc image.

CVE-2014-9584

It was found that the ISO-9660 filesystem implementation (isofs) does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted disc image.

CVE-2014-9585

It was discovered that address randomisation for the vDSO in 64-bit processes is extremely biassed. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism.

CVE-2015-1421

It was found that the SCTP implementation could free authentication state while it was still in use, resulting in heap corruption. This could allow remote users to cause a denial of service or privilege escalation.

CVE-2015-1593

It was found that address randomisation for the initial stack in 64-bit processes was limited to 20 rather than 22 bits of entropy. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected packages.

See Also

http://www.nessus.org/u?d5360cb0

https://lists.debian.org/debian-lts-announce/2015/02/msg00009.html

https://packages.debian.org/source/squeeze-lts/linux-2.6

Plugin Details

Severity: Critical

ID: 82138

File Name: debian_DLA-155.nasl

Version: 1.11

Type: local

Agent: unix

Published: 2015/03/26

Updated: 2019/07/15

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:firmware-linux-free, p-cpe:/a:debian:debian_linux:linux-base, p-cpe:/a:debian:debian_linux:linux-doc-2.6.32, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-486, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686-bigmem, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-amd64, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-i386, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-amd64, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-openvz, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-vserver, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-xen, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-686, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-amd64, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686-bigmem, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-amd64, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-686, p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-amd64, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-486, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem-dbg, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686-dbg, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem-dbg, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686-dbg, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64, p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-libc-dev, p-cpe:/a:debian:debian_linux:linux-manual-2.6.32, p-cpe:/a:debian:debian_linux:linux-patch-debian-2.6.32, p-cpe:/a:debian:debian_linux:linux-source-2.6.32, p-cpe:/a:debian:debian_linux:linux-support-2.6.32-5, p-cpe:/a:debian:debian_linux:linux-tools-2.6.32, p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-686, p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-amd64, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/02/18

Vulnerability Publication Date: 2013/11/28

Reference Information

CVE: CVE-2013-6885, CVE-2014-7822, CVE-2014-8133, CVE-2014-8134, CVE-2014-8160, CVE-2014-9420, CVE-2014-9584, CVE-2014-9585, CVE-2015-1421, CVE-2015-1593

BID: 63983, 71650, 71684, 71717, 71883, 71990, 72061, 72347, 72356, 72607