Mise à jour effectuée. Arnaud
Le 13/10/2015 11:55, Ben Hutchings a écrit : > ------------------------------------------------------------------------- > Debian Security Advisory DSA-3372-1 secur...@debian.org > https://www.debian.org/security/ Ben Hutchings > October 13, 2015 https://www.debian.org/security/faq > ------------------------------------------------------------------------- > > Package : linux > CVE ID : CVE-2015-2925 CVE-2015-5257 CVE-2015-5283 CVE-2015-7613 > > Several vulnerabilities have been discovered in the Linux kernel that > may lead to a privilege escalation, denial of service, unauthorised > information disclosure or unauthorised information modification. > > CVE-2015-2925 > > Jann Horn discovered that when a subdirectory of a filesystem was > bind-mounted into a chroot or mount namespace, a user that should > be confined to that chroot or namespace could access the whole of > that filesystem if they had write permission on an ancestor of > the subdirectory. This is not a common configuration for wheezy, > and the issue has previously been fixed for jessie. > > CVE-2015-5257 > > Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB > device could cause a denial of service (crash) by imitating a > Whiteheat USB serial device but presenting a smaller number of > endpoints. > > CVE-2015-5283 > > Marcelo Ricardo Leitner discovered that creating multiple SCTP > sockets at the same time could cause a denial of service (crash) > if the sctp module had not previously been loaded. This issue > only affects jessie. > > CVE-2015-7613 > > Dmitry Vyukov discovered that System V IPC objects (message queues > and shared memory segments) were made accessible before their > ownership and other attributes were fully initialised. If a local > user can race against another user or service creating a new IPC > object, this may result in unauthorised information disclosure, > unauthorised information modification, denial of service and/or > privilege escalation. > > A similar issue existed with System V semaphore arrays, but was > less severe because they were always cleared before being fully > initialised. > > For the oldstable distribution (wheezy), these problems have been fixed > in version 3.2.68-1+deb7u5. > > For the stable distribution (jessie), these problems have been fixed in > version 3.16.7-ckt11-1+deb8u5. > > For the unstable distribution (sid), these problems have been fixed in > version 4.2.3-1 or earlier versions. > > We recommend that you upgrade your linux packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -- A plus Christophe ==================
