| Errata ID | 428 |
|---|---|
| Date | 2016-06-01 |
| Source package | linux |
| Fixed in version | 3.16.7-ckt25-2~bpo70+1.195.201605301151 |
| Description | This update addresses the following issues: * unix: properly account for FDs passed over unix sockets (CVE-2013-4312) * The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. (CVE-2015-8785) * Flaw in CXGB3 driver (CVE-2015-8812) * USB hub invalid memory access in hub_activate() (CVE-2015-8816) * aio write triggers integer overflow in some network protocols (CVE-2015-8830) * x86 Linux TLB flush bug (CVE-2016-2069) * Double-free in snd-usbmidi-lib triggered by invalid USB descriptor (CVE-2016-2384) * ALSA: seq: Fix missing NULL check at remove_events ioctl (CVE-2016-2543) * ALSA: seq: Fix race at timer setup and close (CVE-2016-2544) * ALSA: timer: Fix double unlink of active_list (CVE-2016-2545) * ALSA: timer: Fix race among timer ioctls (CVE-2016-2546) * ALSA: use-after-free in snd_timer_user_ioctl (CVE-2016-2547) * ALSA: linked lists of slave instances not unlinked immediately (CVE-2016-2548) * ALSA: hrtimer: Fix stall by hrtimer_cancel() (CVE-2016-2549) * unix: correctly track in-flight fds in sending process user_struct (CVE-2016-2550 * pipe: limit the per-user amount of pages allocated in pipes (CVE-2016-2847) * aiptek: crash on invalid USB device descriptors (CVE-2015-7515) * aio write triggers integer overflow in some network protocols (CVE-2015-8830) * Too big poison pointer space (CVE-2016-0821) * Kernel panic on invalid USB device descriptor (snd_usb_audio driver) (CVE-2016-2184) * Kernel panic on invalid USB device descriptor (ati_remote2 driver) (CVE-2016-2185) * Kernel panic on invalid USB device descriptor (powermate driver) (CVE-2016-2186) * Kernel panic on invalid USB device descriptor (iowarrior driver) (CVE-2016-2188) * crash on invalid USB device descriptors (cdc_acm driver) (CVE-2016-3138) * ipv4: Don't do expensive useless work during inetdev destroy (CVE-2016-3156) * I/O port access privilege escalation in x86-64 Linux under Xen (CVE-2016-3157) * usbnet: memory corruption triggered by invalid USB descriptor (CVE-2016-3951) * Partial SMAP bypass on 64-bit Linux kernels (CVE-2016-partial-SMAP-bypass) |
| Additional notes | This is the first part of the fix, which provides the new kernel package. |
| CVE ID | CVE-2013-4312 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2015-8830 CVE-2016-2069 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2550 CVE-2016-2847 CVE-2015-7515 CVE-2015-8830 CVE-2016-0821 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3138 CVE-2016-3156 CVE-2016-3157 CVE-2016-3951 |
| UCS Bug number | #40838 |
