[DLA 155-1] linux-2.6 security update

Package : linux-2.6
Version : 2.6.32-48squeeze11
CVE ID : CVE-2013-6885 CVE-2014-7822 CVE-2014-8133 CVE-2014-8134
CVE-2014-8160 CVE-2014-9420 CVE-2014-9584 CVE-2014-9585
CVE-2015-1421 CVE-2015-1593

This update fixes the CVEs described below.

A further issue, CVE-2014-9419, was considered, but appears to require
extensive changes with a consequent high risk of regression. It is
now unlikely to be fixed in squeeze-lts.

CVE-2013-6885

It was discovered that under specific circumstances, a combination
of write operations to write-combined memory and locked CPU
instructions may cause a core hang on AMD 16h 00h through 0Fh
processors. A local user can use this flaw to mount a denial of
service (system hang) via a crafted application.

For more information please refer to the AMD CPU erratum 793 in
http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf

CVE-2014-7822

It was found that the splice() system call did not validate the
given file offset and length. A local unprivileged user can use
this flaw to cause filesystem corruption on ext4 filesystems, or
possibly other effects.

CVE-2014-8133

It was found that the espfix functionality can be bypassed by
installing a 16-bit RW data segment into GDT instead of LDT (which
espfix checks for) and using it for stack. A local unprivileged user
could potentially use this flaw to leak kernel stack addresses.

CVE-2014-8134

It was found that the espfix functionality is wrongly disabled in
a 32-bit KVM guest. A local unprivileged user could potentially
use this flaw to leak kernel stack addresses.

CVE-2014-8160

It was found that a netfilter (iptables or ip6tables) rule
accepting packets to a specific SCTP, DCCP, GRE or UDPlite
port/endpoint could result in incorrect connection tracking state.
If only the generic connection tracking module (nf_conntrack) was
loaded, and not the protocol-specific connection tracking module,
this would allow access to any port/endpoint of the specified
protocol.

CVE-2014-9420

It was found that the ISO-9660 filesystem implementation (isofs)
follows arbitrarily long chains, including loops, of Continuation
Entries (CEs). This allows local users to mount a denial of
service via a crafted disc image.

CVE-2014-9584

It was found that the ISO-9660 filesystem implementation (isofs)
does not validate a length value in the Extensions Reference (ER)
System Use Field, which allows local users to obtain sensitive
information from kernel memory via a crafted disc image.

CVE-2014-9585

It was discovered that address randomisation for the vDSO in
64-bit processes is extremely biassed. A local unprivileged user
could potentially use this flaw to bypass the ASLR protection
mechanism.

CVE-2015-1421

It was found that the SCTP implementation could free
authentication state while it was still in use, resulting in heap
corruption. This could allow remote users to cause a denial of
service or privilege escalation.

CVE-2015-1593

It was found that address randomisation for the initial stack in
64-bit processes was limited to 20 rather than 22 bits of entropy.
A local unprivileged user could potentially use this flaw to
bypass the ASLR protection mechanism.

[DSA 3162-1] bind9 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3162-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
February 18, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : bind9
CVE ID : CVE-2015-1349

Jan-Piet Mens discovered that the BIND DNS server would crash when
processing an invalid DNSSEC key rollover, either due to an error on
the zone operator's part, or due to interference with network traffic
by an attacker. This issue affects configurations with the directives
"dnssec-validation auto;" (as enabled in the Debian default
configuration) or "dnssec-lookaside auto;".

For the stable distribution (wheezy), this problem has been fixed in
version 1:9.8.4.dfsg.P1-6+nmu2+deb7u4.

We recommend that you upgrade your bind9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/