Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2016.439
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-439-1)
Summary:	The remote host is missing an update for the Debian 'linux-2.6' package(s) announced via the DLA-439-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'linux-2.6' package(s) announced via the DLA-439-1 advisory. Vulnerability Insight: This update fixes the CVEs described below. CVE-2015-8812 A flaw was found in the iw_cxgb3 Infiniband driver. Whenever it could not send a packet because the network was congested, it would free the packet buffer but later attempt to send the packet again. This use-after-free could result in a denial of service (crash or hang), data loss or privilege escalation. CVE-2016-0774 It was found that the fix for CVE-2015-1805 in kernel versions older than Linux 3.16 did not correctly handle the case of a partially failed atomic read. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. CVE-2016-2384 Andrey Konovalov found that a USB MIDI device with an invalid USB descriptor could trigger a double-free. This may be used by a physically present user for privilege escalation. Additionally, it fixes some old security issues with no CVE ID: Several kernel APIs permitted reading or writing 2 GiB of data or more in a single chunk, which could lead to an integer overflow when applied to certain filesystems, socket or device types. The full security impact has not been evaluated. Finally, it fixes a regression in 2.6.32-48squeeze17 that would cause Samba to hang in some situations. For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze20. This is *really* the final update to the linux-2.6 package for squeeze. For the oldstable distribution (wheezy), the kernel was not affected by the integer overflow issues and the remaining problems will be fixed in version 3.2.73-2+deb7u3. For the stable distribution (jessie), the kernel was not affected by the integer overflow issues or CVE-2016-0774, and the remaining problems will be fixed in version 3.16.7-ckt20-1+deb8u4. Affected Software/OS: 'linux-2.6' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8812 BugTraq ID: 83218 http://www.securityfocus.com/bid/83218 Debian Security Information: DSA-3503 (Google Search) http://www.debian.org/security/2016/dsa-3503 http://www.openwall.com/lists/oss-security/2016/02/11/1 RedHat Security Advisories: RHSA-2016:2574 http://rhn.redhat.com/errata/RHSA-2016-2574.html RedHat Security Advisories: RHSA-2016:2584 http://rhn.redhat.com/errata/RHSA-2016-2584.html SuSE Security Announcement: SUSE-SU-2016:0911 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html SuSE Security Announcement: SUSE-SU-2016:1019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html SuSE Security Announcement: SUSE-SU-2016:1031 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html SuSE Security Announcement: SUSE-SU-2016:1032 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html SuSE Security Announcement: SUSE-SU-2016:1033 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html SuSE Security Announcement: SUSE-SU-2016:1034 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html SuSE Security Announcement: SUSE-SU-2016:1035 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html SuSE Security Announcement: SUSE-SU-2016:1037 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html SuSE Security Announcement: SUSE-SU-2016:1038 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html SuSE Security Announcement: SUSE-SU-2016:1039 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html SuSE Security Announcement: SUSE-SU-2016:1040 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html SuSE Security Announcement: SUSE-SU-2016:1041 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html SuSE Security Announcement: SUSE-SU-2016:1045 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html SuSE Security Announcement: SUSE-SU-2016:1046 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html SuSE Security Announcement: SUSE-SU-2016:1102 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html SuSE Security Announcement: SUSE-SU-2016:1764 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html SuSE Security Announcement: SUSE-SU-2016:2074 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html SuSE Security Announcement: openSUSE-SU-2016:1008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://www.ubuntu.com/usn/USN-2946-1 http://www.ubuntu.com/usn/USN-2946-2 http://www.ubuntu.com/usn/USN-2947-1 http://www.ubuntu.com/usn/USN-2947-2 http://www.ubuntu.com/usn/USN-2947-3 http://www.ubuntu.com/usn/USN-2948-1 http://www.ubuntu.com/usn/USN-2948-2 http://www.ubuntu.com/usn/USN-2949-1 http://www.ubuntu.com/usn/USN-2967-1 http://www.ubuntu.com/usn/USN-2967-2 Common Vulnerability Exposure (CVE) ID: CVE-2016-0774 84126 http://www.securityfocus.com/bid/84126 DSA-3503 RHSA-2016:0494 http://rhn.redhat.com/errata/RHSA-2016-0494.html RHSA-2016:0617 http://rhn.redhat.com/errata/RHSA-2016-0617.html SUSE-SU-2016:1031 SUSE-SU-2016:1032 SUSE-SU-2016:1033 SUSE-SU-2016:1034 SUSE-SU-2016:1035 SUSE-SU-2016:1037 SUSE-SU-2016:1038 SUSE-SU-2016:1039 SUSE-SU-2016:1040 SUSE-SU-2016:1041 SUSE-SU-2016:1045 SUSE-SU-2016:1046 USN-2967-1 USN-2967-2 USN-2968-1 http://www.ubuntu.com/usn/USN-2968-1 USN-2968-2 http://www.ubuntu.com/usn/USN-2968-2 http://source.android.com/security/bulletin/2016-05-01.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html https://bugzilla.redhat.com/show_bug.cgi?id=1303961 https://security-tracker.debian.org/tracker/CVE-2016-0774 Common Vulnerability Exposure (CVE) ID: CVE-2016-2384 BugTraq ID: 83256 http://www.securityfocus.com/bid/83256 https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384 http://www.openwall.com/lists/oss-security/2016/02/14/2 RedHat Security Advisories: RHSA-2017:0817 http://rhn.redhat.com/errata/RHSA-2017-0817.html http://www.securitytracker.com/id/1035072 http://www.ubuntu.com/usn/USN-2928-1 http://www.ubuntu.com/usn/USN-2928-2 http://www.ubuntu.com/usn/USN-2929-1 http://www.ubuntu.com/usn/USN-2929-2 http://www.ubuntu.com/usn/USN-2930-1 http://www.ubuntu.com/usn/USN-2930-2 http://www.ubuntu.com/usn/USN-2930-3 http://www.ubuntu.com/usn/USN-2931-1 http://www.ubuntu.com/usn/USN-2932-1
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.