====================================================================

                                 CERT-Renater

                      Note d'Information No. 2016/VULN030
_____________________________________________________________________

DATE                : 20/01/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Linux,
                      Debian versions prior to 3.16.7-ckt20-1+deb8u3.

======================================================================
http://www.debian.org/security/2016/dsa-3448
_____________________________________________________________________

- - 
-------------------------------------------------------------------------
Debian Security Advisory DSA-3448-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
January 19, 2016                      https://www.debian.org/security/faq
- - 
-------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2013-4312 CVE-2015-7566 CVE-2015-8767 CVE-2016-0723
                  CVE-2016-0728

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation or denial-of-service.

CVE-2013-4312

     Tetsuo Handa discovered that it is possible for a process to open
     far more files than the process' limit leading to denial-of-service
     conditions.

CVE-2015-7566

     Ralf Spenneberg of OpenSource Security reported that the visor
     driver crashes when a specially crafted USB device without bulk-out
     endpoint is detected.

CVE-2015-8767

     An SCTP denial-of-service was discovered which can be triggered by a
     local attacker during a heartbeat timeout event after the 4-way
     handshake.

CVE-2016-0723

     A use-after-free vulnerability was discovered in the TIOCGETD ioctl.
     A local attacker could use this flaw for denial-of-service.

CVE-2016-0728

     The Perception Point research team discovered a use-after-free
     vulnerability in the keyring facility, possibly leading to local
     privilege escalation.

For the stable distribution (jessie), these problems have been fixed in
version 3.16.7-ckt20-1+deb8u3.

We recommend that you upgrade your linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org


==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================