Debian Security Advisory DSA 3696-1 (linux - security update)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.2

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

5 years ago

Modified

Modified

6 months ago

Summary

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8956 It was discovered that missing input sanitising in RFCOMM Bluetooth socket handling may result in denial of service or information leak. CVE-2016-5195 It was discovered that a race condition in the memory management code can be used for local privilege escalation. CVE-2016-7042 Ondrej Kozina discovered that incorrect buffer allocation in the proc_keys_show() function may result in local denial of service. CVE-2016-7425 Marco Grassi discovered a buffer overflow in the arcmsr SCSI driver which may result in local denial of service, or potentially, arbitrary code execution. Additionally this update fixes a regression introduced in DSA-3616-1 causing iptables performance issues (cf. Debian Bug #831014).

Affected Software

Affected Software

linux on Debian Linux

Detection Method

Detection Method

This check tests the installed software version using the apt package manager.

Solution

Solution

For the stable distribution (jessie), these problems have been fixed in version 3.16.36-1+deb8u2. We recommend that you upgrade your linux packages.

Common Vulnerabilities and Exposures (CVE)

Ready to dive in? Start your free trial today.

Companies of all sizes—from startups to Fortune 500s—use Mageni to scan their assets for vulnerabilities, reduce risk exposure and minimizing the likelihood of a data breach. Free for 7-days then $39 USD Monthly. No Contracts, Cancel at Anytime and 7-days Money-Back Guarantee.

Get Started For Free
App screenshot