 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.703372 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-3372-1) |
| Summary: | The remote host is missing an update for the Debian 'linux' package(s) announced via the DSA-3372-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'linux' package(s) announced via the DSA-3372-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification. CVE-2015-2925 Jann Horn discovered that when a subdirectory of a filesystem was bind-mounted into a chroot or mount namespace, a user that should be confined to that chroot or namespace could access the whole of that filesystem if they had write permission on an ancestor of the subdirectory. This is not a common configuration for wheezy, and the issue has previously been fixed for jessie. CVE-2015-5257 Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB device could cause a denial of service (crash) by imitating a Whiteheat USB serial device but presenting a smaller number of endpoints. CVE-2015-5283 Marcelo Ricardo Leitner discovered that creating multiple SCTP sockets at the same time could cause a denial of service (crash) if the sctp module had not previously been loaded. This issue only affects jessie. CVE-2015-7613 Dmitry Vyukov discovered that System V IPC objects (message queues and shared memory segments) were made accessible before their ownership and other attributes were fully initialised. If a local user can race against another user or service creating a new IPC object, this may result in unauthorised information disclosure, unauthorised information modification, denial of service and/or privilege escalation. A similar issue existed with System V semaphore arrays, but was less severe because they were always cleared before being fully initialised. For the oldstable distribution (wheezy), these problems have been fixed in version 3.2.68-1+deb7u5. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt11-1+deb8u5. For the unstable distribution (sid), these problems have been fixed in version 4.2.3-1 or earlier versions. We recommend that you upgrade your linux packages. Affected Software/OS: 'linux' package(s) on Debian 7, Debian 8. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5257 76834 http://www.securityfocus.com/bid/76834 DSA-3372 http://www.debian.org/security/2015/dsa-3372 USN-2792-1 http://www.ubuntu.com/usn/USN-2792-1 USN-2794-1 http://www.ubuntu.com/usn/USN-2794-1 USN-2795-1 http://www.ubuntu.com/usn/USN-2795-1 USN-2798-1 http://www.ubuntu.com/usn/USN-2798-1 USN-2799-1 http://www.ubuntu.com/usn/USN-2799-1 [oss-security] 20150922 Vulnerability in WhiteHEAT Linux Driver-CVE-2015-5257 http://www.openwall.com/lists/oss-security/2015/09/23/1 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbb4be652d374f64661137756b8f357a1827d6a4 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4 https://bugzilla.redhat.com/show_bug.cgi?id=1265607 https://github.com/torvalds/linux/commit/cbb4be652d374f64661137756b8f357a1827d6a4 Common Vulnerability Exposure (CVE) ID: CVE-2015-7613 BugTraq ID: 76977 http://www.securityfocus.com/bid/76977 Debian Security Information: DSA-3372 (Google Search) http://www.openwall.com/lists/oss-security/2015/10/01/8 RedHat Security Advisories: RHSA-2015:2636 http://rhn.redhat.com/errata/RHSA-2015-2636.html http://www.securitytracker.com/id/1034094 http://www.securitytracker.com/id/1034592 SuSE Security Announcement: SUSE-SU-2015:1727 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html SuSE Security Announcement: SUSE-SU-2015:2084 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html SuSE Security Announcement: SUSE-SU-2015:2085 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html SuSE Security Announcement: SUSE-SU-2015:2086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html SuSE Security Announcement: SUSE-SU-2015:2087 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html SuSE Security Announcement: SUSE-SU-2015:2089 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html SuSE Security Announcement: SUSE-SU-2015:2090 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html SuSE Security Announcement: SUSE-SU-2015:2091 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html http://www.ubuntu.com/usn/USN-2761-1 http://www.ubuntu.com/usn/USN-2762-1 http://www.ubuntu.com/usn/USN-2763-1 http://www.ubuntu.com/usn/USN-2764-1 http://www.ubuntu.com/usn/USN-2765-1 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |