Debian DSA-3804-1 : linux - security update

high Nessus Plugin ID 97615
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.

- CVE-2016-9588 Jim Mattson discovered that the KVM implementation for Intel x86 processors does not properly handle #BP and #OF exceptions in an L2 (nested) virtual machine. A local attacker in an L2 guest VM can take advantage of this flaw to cause a denial of service for the L1 guest VM.

- CVE-2017-2636 Alexander Popov discovered a race condition flaw in the n_hdlc line discipline that can lead to a double free. A local unprivileged user can take advantage of this flaw for privilege escalation. On systems that do not already have the n_hdlc module loaded, this can be mitigated by disabling it:echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false

- CVE-2017-5669 Gareth Evans reported that privileged users can map memory at address 0 through the shmat() system call.
This could make it easier to exploit other kernel security vulnerabilities via a set-UID program.

- CVE-2017-5986 Alexander Popov reported a race condition in the SCTP implementation that can be used by local users to cause a denial-of-service (crash). The initial fix for this was incorrect and introduced further security issues ( CVE-2017-6353 ). This update includes a later fix that avoids those. On systems that do not already have the sctp module loaded, this can be mitigated by disabling it:echo >> /etc/modprobe.d/disable-sctp.conf install sctp false

- CVE-2017-6214 Dmitry Vyukov reported a bug in the TCP implementation's handling of urgent data in the splice() system call.
This can be used by a remote attacker for denial-of-service (hang) against applications that read from TCP sockets with splice().

- CVE-2017-6345 Andrey Konovalov reported that the LLC type 2 implementation incorrectly assigns socket buffer ownership. This can be used by a local user to cause a denial-of-service (crash). On systems that do not already have the llc2 module loaded, this can be mitigated by disabling it:echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false

- CVE-2017-6346 Dmitry Vyukov reported a race condition in the raw packet (af_packet) fanout feature. Local users with the CAP_NET_RAW capability (in any user namespace) can use this for denial-of-service and possibly for privilege escalation.

- CVE-2017-6348 Dmitry Vyukov reported that the general queue implementation in the IrDA subsystem does not properly manage multiple locks, possibly allowing local users to cause a denial-of-service (deadlock) via crafted operations on IrDA devices.

Solution

Upgrade the linux packages.

For the stable distribution (jessie), these problems have been fixed in version 3.16.39-1+deb8u2.

See Also

https://security-tracker.debian.org/tracker/CVE-2016-9588

https://security-tracker.debian.org/tracker/CVE-2017-2636

https://security-tracker.debian.org/tracker/CVE-2017-5669

https://security-tracker.debian.org/tracker/CVE-2017-5986

https://security-tracker.debian.org/tracker/CVE-2017-6353

https://security-tracker.debian.org/tracker/CVE-2017-6214

https://security-tracker.debian.org/tracker/CVE-2017-6345

https://security-tracker.debian.org/tracker/CVE-2017-6346

https://security-tracker.debian.org/tracker/CVE-2017-6348

https://packages.debian.org/source/jessie/linux

https://www.debian.org/security/2017/dsa-3804

Plugin Details

Severity: High

ID: 97615

File Name: debian_DSA-3804.nasl

Version: 3.5

Type: local

Agent: unix

Published: 3/9/2017

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 3/8/2017

Vulnerability Publication Date: 12/28/2016

Reference Information

CVE: CVE-2016-9588, CVE-2017-2636, CVE-2017-5669, CVE-2017-5986, CVE-2017-6214, CVE-2017-6345, CVE-2017-6346, CVE-2017-6348, CVE-2017-6353

DSA: 3804