Debian DSA-3426-1 : Linux Security Update

high Nessus Plugin ID 92679
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

The remote Debian host is running a version of the Linux kernel prior to 3.2.73-2+deb7u1 on Debian 7 or is running a version of the Linux kernel prior to 3.16.7-ckt20-1+deb8u1 on Debian 8. It is, therefore, affected by the following vulnerabilities :

- A use-after-free error exists in the unix_dgram_poll() function within file net/unix/af_unix.c. A local attacker can exploit this, via specially crafted epoll_ctl calls, to cause a denial of service condition or bypass AF_UNIX socket permissions. (CVE-2013-7446)

- A NULL pointer dereference flaw exists in the slhc_init() function within file drivers/net/slip/slhc.c due to improper validation of slot numbers. A local attacker can exploit this, via specially crafted PPPIOCSMAXCID IOCTL calls, to cause a denial of service condition. (CVE-2015-7799)

- A flaw exists in the usbvision driver that allows a local attacker, via a nonzero bInterfaceNumber value in a USB device descriptor, to cause a kernel panic, resulting in a denial of service condition.
(CVE-2015-7833)

- An infinite loop condition exists in the KVM subsystem on some unspecified CPU chipsets. A local attacker who has sufficient privileges within a virtual guest OS can exploit this issue, by triggering many debug exceptions, to cause a denial of service condition. (CVE-2015-8104)

- A flaw exists in the truncate_space_check() function within file /fs/btrfs/inode.c due to improper handling of compressed file extents. A local attacker can exploit this, via a clone action, to disclose sensitive pre-truncation information from a file. (CVE-2015-8374)

- A NULL pointer dereference flaw exists in the inet_autobind() function within file net/ipv4/af_inet.c when handling connection attempts via IPv6. A local attacker can exploit this, via a specially crafted SOCK_RAW application that makes use of CLONE_NEWUSER support, to cause a denial of service condition or possibly gain elevated privileges. (CVE-2015-8543)

Solution

Upgrade the Linux packages.

For the oldstable distribution (wheezy), these issues have been fixed in version 3.2.73-2+deb7u1. In addition, this update contains several changes originally targeted for the Wheezy point release.

For the stable distribution (jessie), these issues have been fixed in version 3.16.7-ckt20-1+deb8u1. In addition, this update contains several changes originally targeted for the Jessie point release.

See Also

https://security-tracker.debian.org/tracker/CVE-2013-7446

https://security-tracker.debian.org/tracker/CVE-2015-7799

https://security-tracker.debian.org/tracker/CVE-2015-7833

https://security-tracker.debian.org/tracker/CVE-2015-8104

https://security-tracker.debian.org/tracker/CVE-2015-8374

https://security-tracker.debian.org/tracker/CVE-2015-8543

https://packages.debian.org/source/wheezy/linux

https://packages.debian.org/source/jessie/linux

http://www.debian.org/security/2015/dsa-3426

Plugin Details

Severity: High

ID: 92679

File Name: debian_DSA-3426-1.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/2/2016

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:7.0, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 12/17/2015

Vulnerability Publication Date: 9/10/2015

Reference Information

CVE: CVE-2013-7446, CVE-2015-7799, CVE-2015-7833, CVE-2015-8104, CVE-2015-8374, CVE-2015-8543

BID: 77030, 77033, 77524, 77638, 78219, 79698

DSA: 3426