User login
Qlustar: Install and enjoy!

[QSA-1222161] Linux kernel vulnerabilities

Qlustar Security Advisory 1222161

December 22, 2016


Summary:

The system could crash or be made to run programs as an administrator.


    Package(s)       : linux-image-ql-generic,
    qlustar-module-core-trusty-amd64-9.1.1,
    qlustar-module-core-wheezy-amd64-9.1.1
    Qlustar releases : 9.1
    Affected versions: All versions prior to this update
    Vulnerability    : privilege escalation/denial of service
    Problem type     : local
    Qlustar-specific : no
    CVE Id(s)        : CVE-2016-8655, CVE-2016-7916, CVE-2016-7042
  

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem(s):

CVE-2016-8655

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

CVE-2016-7916

It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information (kernel memory).

CVE-2016-7042

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following or more recent package versions (follow the Qlustar Update Instructions):

    linux-image-ql-generic                     3.12.68-ql-generic-9.1-82
    qlustar-module-core-trusty-amd64-9.1.1     9.1.1.3-b461f1029
    qlustar-module-core-wheezy-amd64-9.1.1     9.1.1.3-b461f1029
  
glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587p08