Debian DLA-378-1 : linux-2.6 security update
Medium Nessus Plugin ID 87738
SynopsisThe remote Debian host is missing a security update.
DescriptionThis update fixes the CVEs described below.
Dmitry Vyukov discovered a race condition in the keyring subsystem that allows a local user to cause a denial of service (crash).
It was discovered that a local user permitted to create raw sockets could cause a denial of service by specifying an invalid protocol number for the socket. The attacker must have the CAP_NET_RAW capability.
David Miller discovered a flaw in the Bluetooth SCO sockets implementation that leads to an information leak to local users.
In addition, this update fixes a regression in the previous update :
A regression in the UDP implementation prevented freeradius and some other applications from receiving data.
For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze18.
For the oldstable distribution (wheezy), these problems have been fixed in version 3.2.73-2+deb7u2.
For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt20-1+deb8u2 or earlier.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.