Debian update for linux

Published: 2017-12-26 15:51:21 | Updated: 2017-12-26 15:52:02
Severity Low
Patch available YES
Number of vulnerabilities 18
CVE ID CVE-2017-8824
CVE-2017-16538
CVE-2017-16644
CVE-2017-16996
CVE-2017-17448
CVE-2017-17449
CVE-2017-17450
CVE-2017-17558
CVE-2017-17712
CVE-2017-17741
CVE-2017-17805
CVE-2017-17806
CVE-2017-17807
CVE-2017-17862
CVE-2017-17863
CVE-2017-17864
CVE-2017-1000407
CVE-2017-1000410
CVSSv3 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-416
CWE-284
CWE-388
CWE-119
CWE-264
CWE-200
CWE-787
CWE-362
CWE-125
CWE-20
CWE-121
CWE-190
CWE-401
CWE-399
Exploitation vector Network
Public exploit Not available
Vulnerable software Debian Linux
Vulnerable software versions Debian Linux -
Vendor URL Debian

Security Advisory

1) Use-after-free error

Description

The vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the target system.

The weakness exists due to an error in the dccp_disconnect function in net/dccp/proto.c in the Linux kernel. A local attacker can make specially crafted AF_UNSPEC connect system call during the DCCP_LISTEN state, trigger use-after-free error and gain root privileges or cause the system to crash.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

2) Denial of service

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the drivers/media/usb/dvb-usb-v2/lmedm04.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

3) Error handling

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger improper error handling and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

4) Memory corruption

Description

The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to leveraging register truncation mishandling. A local attacker can trigger memory corruption, cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

5) Security restrictions bypass

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to net/netfilter/nfnetlink_cthelper.c in the Linux kernel does not require the CAP_NET_ADMIN capability for new, get, and del operations. A local attacker can bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

6) Information disclosure

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace. A local attacker can leverage the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system and read arbitrary files.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

7) Security restrictions bypass

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to net/netfilter/xt_osf.c in the Linux kernel through does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations. A local attacker can bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

8) Out-of-bounds write

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel does not consider the maximum number of configurations and interfaces before attempting to release resources. A local attacker can supply specially crafted USB device, trigger out-of-bounds write access and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

9) Race condition

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to a race condition in inet->hdrincl in the raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel. A local attacker can trigger uninitialized stack pointer usage and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

10) Out-of-bounds read

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the KVM implementation in the Linux kernel. A local attacker can trigger write_mmio stack-based out-of-bounds read or possibly have unspecified other impact, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

11) Improper input validation

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the Salsa20 encryption algorithm in the Linux kernel does not correctly handle zero-length inputs. A local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) can trigger uninitialized-memory free and cause the kernel to crash or execute a specially crafted sequence of system calls that use the blkcipher_walk API.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

12) Stack-based buffer overflow

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the HMAC implementation (crypto/hmac.c) in the Linux kernel does not validate that the underlying cryptographic hash algorithm is unkeyed. A local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) can execute a specially crafted sequence of system calls that encounter a missing SHA-3 initialization, trigger kernel stack buffer overflow and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

13) Security restrictions bypass

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to the KEYS subsystem in the Linux kernel omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call. A local attacker can use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c and bypass intended security restrictions.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

14) Denial of service

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to kernel/bpf/verifier.c in the Linux kernel improperly explores unreachable code paths, even though it would still be processed by JIT compilers. A local attacker can run a specially crafted application, trigger an improper branch-pruning logic issue and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

15) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to kernel/bpf/verifier.c in the Linux kernel does not check the relationship between pointer values and the BPF stack. A local attacker can run a specially crafted application to trigger integer overflow or invalid memory access and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

16) Memory leak

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to kernel/bpf/verifier.c in the Linux kernel mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type. A local attacker can trigger a memory leak and obtain potentially sensitive address information.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

17) Resource management error

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to the possibility of flooding the diagnostic port 0x80. A local user can trigger an exception and cause a kernel panic.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

18) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a flaw when processing the incoming of L2CAP commands, ConfigRequest and ConfigResponse messages. A remote attacker can manipulate the code flows that precede the handling of the configuration messages and read important data.

Remediation

Update the affected package to version: 4.9.65-3+deb9u1

External links

https://www.debian.org/security/2017/dsa-4073

Back to List