Greetings all. What is the most secure build of all-signed Debian packages currently?
What is also viewed by the community to be the most secure linux builds? Kyle > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - > ------------------------------------------------------------------------- > Debian Security Advisory DSA-3372-1 secur...@debian.org > https://www.debian.org/security/ Ben Hutchings > October 13, 2015 https://www.debian.org/security/faq > - > ------------------------------------------------------------------------- > > Package : linux > CVE ID : CVE-2015-2925 CVE-2015-5257 CVE-2015-5283 CVE-2015-7613 > > Several vulnerabilities have been discovered in the Linux kernel that > may lead to a privilege escalation, denial of service, unauthorised > information disclosure or unauthorised information modification. > > CVE-2015-2925 > > Jann Horn discovered that when a subdirectory of a filesystem was > bind-mounted into a chroot or mount namespace, a user that should > be confined to that chroot or namespace could access the whole of > that filesystem if they had write permission on an ancestor of > the subdirectory. This is not a common configuration for wheezy, > and the issue has previously been fixed for jessie. > > CVE-2015-5257 > > Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB > device could cause a denial of service (crash) by imitating a > Whiteheat USB serial device but presenting a smaller number of > endpoints. > > CVE-2015-5283 > > Marcelo Ricardo Leitner discovered that creating multiple SCTP > sockets at the same time could cause a denial of service (crash) > if the sctp module had not previously been loaded. This issue > only affects jessie. > > CVE-2015-7613 > > Dmitry Vyukov discovered that System V IPC objects (message queues > and shared memory segments) were made accessible before their > ownership and other attributes were fully initialised. If a local > user can race against another user or service creating a new IPC > object, this may result in unauthorised information disclosure, > unauthorised information modification, denial of service and/or > privilege escalation. > > A similar issue existed with System V semaphore arrays, but was > less severe because they were always cleared before being fully > initialised. > > For the oldstable distribution (wheezy), these problems have been fixed > in version 3.2.68-1+deb7u5. > > For the stable distribution (jessie), these problems have been fixed in > version 3.16.7-ckt11-1+deb8u5. > > For the unstable distribution (sid), these problems have been fixed in > version 4.2.3-1 or earlier versions. > > We recommend that you upgrade your linux packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJWHNTSAAoJEAVMuPMTQ89E7EsP/Rm9NNOIoIh+TY4TnKwPJmKa > tuGLWWOZ/yI90MR7wl9JLWSDBT0DD4fV5LKNp2p3ClV+1nMIbEEkcSOMgWyVtsHT > CKjb8XvYmEm8174E1XcaEQ+ZWiQdpFwe7VABsIhVfD2G2QqXHoIiLFjjnuyiN6qw > ZU/69j1nTfimoyoMyXThsAb93rWQii7/8baQ5LRVHXhipJeudq0mbAKY0GSFAXQa > b6ZmFzXx9/XTLkXGl5m/XFddbEaBo5UGTx1L5GDvjgb4iaQPih8df58aV4GLNGq9 > cyjZpZKSuhj2CNPK84fqUo+LlX867NdyC2e3M8uf7S9KYCWsqbl8qByiGLIebYOl > yS0rXVret4Fa+9UqvuNSbp2iIx4g3vu/awUKOs9/nlz/OCBlFpQMbypeRUJi+eu5 > 99gDNAwZgym/77qnQKBVy2mWuDoYWn3eqg3JluwSZyDV8G+5QhEEesOcsF5U21rA > 2RcTRpP6byh6m8IZQ6hDssoG0z8fuVIhwVo8yJ6P4dLf2rMbi/RNmxY6AYEFWYwW > 3mTF6hwXG7J7qIMFIXy4Fuh/ea7AqYQtGfpvcnclSPd8BGESS/ySp+jMcOVQnOM/ > dis38moi1fYpPAtgz2X9w3FexSy2+fMb/15xgBW0aay0isoqK5GwE1Am3Ed5LO54 > Q7gz4VJxXxGKu6+N6nbg > =Hht/ > -----END PGP SIGNATURE----- > >
