Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-3448-1 linux -- security update

Related Vulnerabilities: CVE-2013-4312   CVE-2015-7566   CVE-2015-8767   CVE-2016-0723   CVE-2016-0728  

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial-of-service. CVE-2013-4312 Tetsuo Handa discovered that it is possible for a process to open far more files than the process' limit leading to denial-of-service conditions. CVE-2015-7566 Ralf Spenneberg of OpenSource Security reported that the visor driver crashes when a specially crafted USB device without bulk-out endpoint is detected. CVE-2015-8767 An SCTP denial-of-service was discovered which can be triggered by a local attacker during a heartbeat timeout event after the 4-way handshake. CVE-2016-0723 A use-after-free vulnerability was discovered in the TIOCGETD ioctl. A local attacker could use this flaw for denial-of-service. CVE-2016-0728 The Perception Point research team discovered a use-after-free vulnerability in the keyring facility, possibly leading to local privilege escalation. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt20-1+deb8u3. We recommend that you upgrade your linux packages.

Source

Debian Security Advisory

DSA-3448-1 linux -- security update

Date Reported:
19 Jan 2016
Affected Packages:
linux
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2013-4312, CVE-2015-7566, CVE-2015-8767, CVE-2016-0723, CVE-2016-0728.
More information:

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial-of-service.

  • CVE-2013-4312

    Tetsuo Handa discovered that it is possible for a process to open far more files than the process' limit leading to denial-of-service conditions.

  • CVE-2015-7566

    Ralf Spenneberg of OpenSource Security reported that the visor driver crashes when a specially crafted USB device without bulk-out endpoint is detected.

  • CVE-2015-8767

    An SCTP denial-of-service was discovered which can be triggered by a local attacker during a heartbeat timeout event after the 4-way handshake.

  • CVE-2016-0723

    A use-after-free vulnerability was discovered in the TIOCGETD ioctl. A local attacker could use this flaw for denial-of-service.

  • CVE-2016-0728

    The Perception Point research team discovered a use-after-free vulnerability in the keyring facility, possibly leading to local privilege escalation.

For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt20-1+deb8u3.

We recommend that you upgrade your linux packages.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started