Hi, have you seen this?
http://thehackernews.com/2017/02/linux- ... -root.html
It seems an old kernel vulnerability has been found. I would like to ask: how can I know when the patched kernel update arrives?
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
[Solved] Kernel vulnerability (CVE-2017-6074)
-
- Posts: 8
- Joined: 2017-02-12 14:15
[Solved] Kernel vulnerability (CVE-2017-6074)
Last edited by Lemongrass on 2017-02-23 19:50, edited 1 time in total.
Debian 8.7.1 Jessie Xfce
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: Kernel vulnerability (CVE-2017-6074)
https://git.kernel.org/cgit/linux/kerne ... 99d9798ba4The vulnerability has already been patched in the mainline kernel. So, if you are an advanced Linux user, apply the patch and rebuild kernel yourself.
OR, you can wait for the next kernel update from your distro provider and apply it as soon as possible.
"What we expect you have already Done"
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
- sunrat
- Administrator
- Posts: 6412
- Joined: 2006-08-29 09:12
- Location: Melbourne, Australia
- Has thanked: 116 times
- Been thanked: 462 times
Re: Kernel vulnerability (CVE-2017-6074)
How about today for the security fix?
If you want quick security alerts, subscribe to debian-security-announce@lists.debian.org- -------------------------------------------------------------------------
Debian Security Advisory DSA-3791-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 22, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2016-6786 CVE-2016-6787 CVE-2016-8405 CVE-2016-9191
CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2618
CVE-2017-5549 CVE-2017-5551 CVE-2017-5897 CVE-2017-5970
CVE-2017-6001 CVE-2017-6074
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or have other
impacts.
...
CVE-2017-6074
Andrey Konovalov discovered a use-after-free vulnerability in the
DCCP networking code, which could result in denial of service or
local privilege escalation. On systems that do not already have
the dccp module loaded, this can be mitigated by disabling it:
echo >> /etc/modprobe.d/disable-dccp.conf install dccp false
For the stable distribution (jessie), these problems have been fixed in
version 3.16.39-1+deb8u1.
We recommend that you upgrade your linux packages.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
- stevepusser
- Posts: 12930
- Joined: 2009-10-06 05:53
- Has thanked: 41 times
- Been thanked: 71 times
Re: Kernel vulnerability (CVE-2017-6074)
It's already been added to the patchset for the 4.9-12 Liquorix kernel. Looks like we have to add it to the older bpo 4.2 and 4.7 kernels we use for the 64-bit MX 15 and MX 16 Linux releases.
MX Linux packager and developer
- None1975
- df -h | participant
- Posts: 1389
- Joined: 2015-11-29 18:23
- Location: Russia, Kaliningrad
- Has thanked: 45 times
- Been thanked: 66 times
Re: Kernel vulnerability (CVE-2017-6074)
It already been added to the patchset for the Debian 3.16.39-1.
And from the Debian Security Advisory DSA-3791-1
Code: Select all
uname -a
Debian 3.16.39-1+deb8u1 (2017-02-22) x86_64 GNU/Linux
Package : linux
CVE ID : CVE-2016-6786 CVE-2016-6787 CVE-2016-8405 CVE-2016-9191
CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2618
CVE-2017-5549 CVE-2017-5551 CVE-2017-5897 CVE-2017-5970
CVE-2017-6001 CVE-2017-6074
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or have other
impacts.
CVE-2016-6786 / CVE-2016-6787
It was discovered that the performance events subsystem does not
properly manage locks during certain migrations, allowing a local
attacker to escalate privileges. This can be mitigated by
disabling unprivileged use of performance events:
sysctl kernel.perf_event_paranoid=3
CVE-2016-8405
Peter Pi of Trend Micro discovered that the frame buffer video
subsystem does not properly check bounds while copying color maps to
userspace, causing a heap buffer out-of-bounds read, leading to
information disclosure.
CVE-2016-9191
CAI Qian discovered that reference counting is not properly handled
within proc_sys_readdir in the sysctl implementation, allowing a
local denial of service (system hang) or possibly privilege
escalation.
CVE-2017-2583
Xiaohan Zhang reported that KVM for amd64 does not correctly
emulate loading of a null stack selector. This can be used by a
user in a guest VM for denial of service (on an Intel CPU) or to
escalate privileges within the VM (on an AMD CPU).
CVE-2017-2584
Dmitry Vyukov reported that KVM for x86 does not correctly emulate
memory access by the SGDT and SIDT instructions, which can result
in a use-after-free and information leak.
CVE-2017-2596
Dmitry Vyukov reported that KVM leaks page references when
emulating a VMON for a nested hypervisor. This can be used by a
privileged user in a guest VM for denial of service or possibly
to gain privileges in the host.
CVE-2017-2618
It was discovered that an off-by-one in the handling of SELinux
attributes in /proc/pid/attr could result in local denial of
service.
CVE-2017-5549
It was discovered that the KLSI KL5KUSB105 serial USB device
driver could log the contents of uninitialised kernel memory,
resulting in an information leak.
CVE-2017-5551
Jan Kara found that changing the POSIX ACL of a file on tmpfs never
cleared its set-group-ID flag, which should be done if the user
changing it is not a member of the group-owner. In some cases, this
would allow the user-owner of an executable to gain the privileges
of the group-owner.
CVE-2017-5897
Andrey Konovalov discovered an out-of-bounds read flaw in the
ip6gre_err function in the IPv6 networking code.
CVE-2017-5970
Andrey Konovalov discovered a denial-of-service flaw in the IPv4
networking code. This can be triggered by a local or remote
attacker if a local UDP or raw socket has the IP_RETOPTS option
enabled.
CVE-2017-6001
Di Shen discovered a race condition between concurrent calls to
the performance events subsystem, allowing a local attacker to
escalate privileges. This flaw exists because of an incomplete fix
of CVE-2016-6786. This can be mitigated by disabling unprivileged
use of performance events: sysctl kernel.perf_event_paranoid=3
CVE-2017-6074
Andrey Konovalov discovered a use-after-free vulnerability in the
DCCP networking code, which could result in denial of service or
local privilege escalation. On systems that do not already have
the dccp module loaded, this can be mitigated by disabling it:
echo >> /etc/modprobe.d/disable-dccp.conf install dccp false
For the stable distribution (jessie), these problems have been fixed in
version 3.16.39-1+deb8u1.
We recommend that you upgrade your linux packages.
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github
Debian Wiki | DontBreakDebian, My config files on github
-
- Posts: 8
- Joined: 2017-02-12 14:15
Re: [Solved] Kernel vulnerability (CVE-2017-6074)
Thank you really much guys for your help. I updated my kernel. I was just wasn't sure whether I get a regular update or do I have to install it manually.
I'm sorry for asking this too quickly... Next time I'll do more searching about the topic and not waste your time.
Thank you all! I'll subscribe to the Debian security mailing list.
I'm sorry for asking this too quickly... Next time I'll do more searching about the topic and not waste your time.
Thank you all! I'll subscribe to the Debian security mailing list.
Debian 8.7.1 Jessie Xfce