Debian DSA-3128-1 : linux - security update

high Nessus Plugin ID 80558

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.

- CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.

For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf

- CVE-2014-8133 It was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism.

- CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs.

- CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic).

- CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

Solution

Upgrade the linux packages.

For the stable distribution (wheezy), these problems have been fixed in version 3.2.65-1+deb7u1. Additionally this update fixes a suspend/resume regression introduced with 3.2.65.

For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon.

See Also

https://security-tracker.debian.org/tracker/CVE-2013-6885

http://www.nessus.org/u?d5360cb0

https://security-tracker.debian.org/tracker/CVE-2014-8133

https://security-tracker.debian.org/tracker/CVE-2014-9419

https://security-tracker.debian.org/tracker/CVE-2014-9529

https://security-tracker.debian.org/tracker/CVE-2014-9584

https://www.debian.org/security/2015/dsa-3128

Plugin Details

Severity: High

ID: 80558

File Name: debian_DSA-3128.nasl

Version: 1.12

Type: local

Agent: unix

Published: 1/16/2015

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 1/15/2015

Vulnerability Publication Date: 11/28/2013

Reference Information

CVE: CVE-2013-6885, CVE-2014-8133, CVE-2014-9419, CVE-2014-9529, CVE-2014-9584

BID: 63983, 71684, 71794, 71880, 71883

DSA: 3128