The Debian developers have announced that new kernel updates are now available for their Debian GNU/Linux 7.9 (Wheezy), Debian GNU/Linux 8.2 (Jessie), and Debian GNU/Linux Unstable (Sid) operating systems.
There are four critical kernel vulnerabilities (CVE-2015-2925, CVE-2015-5257, CVE-2015-5283, and CVE-2015-7613) that have been addressed in this update. The new kernel packages are 4.2.3-1 for Sid, 3.16.7-ckt11-1+deb8u5 for Jessie, and 3.2.68-1+deb7u5 for Wheezy.
All the Debian GNU/Linux operating systems that are part of the branches mentioned above are vulnerable, which means that users are urged to update their Debian-based machines as soon as possible using the built-in package management utilities.
“Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification,” said the Debian developers in the DSA-3372-1 security advisory.
What has been fixed
The first security flaw was discovered by Jann Horn in the Linux kernel packages of Debian GNU/Linux 7 Wheezy. It could allow a privileged user with write permissions to access the entire file system when a subdirectory of the respective file system was bind-mounted into a mount namespace or chroot. This is fixed for Debian GNU/Linux 8 Jessie systems.
The second kernel vulnerability was discovered by Moein Ghasemzadeh from the Istuary Innovation Labs in the Linux kernel’s USB drivers, as an attacker could use a USB device to crash the system by causing a DoS (Denial of Service) attack by imitating a Whiteheat USB serial device.
The third one was discovered by Marcelo Ricardo Leitner in Debian GNU/Linux 8 Jessie’s Linux kernel SCTP support, which could allow an attacker to crash the system by causing a denial of service by creating multiple SCTP sockets.
Lastly, the fourth kernel vulnerability was discovered by Dmitry Vyukov in Linux kernel’s System V IPC implementation, which could allow a local user to gain root access, cause a denial of service, as well as to access or modify unauthorized information. This was possible because the System V IPC objects were made accessible before the initialization of the ownership and several other attributes.