User login
Qlustar: Install and enjoy!

[QSA-0423151] Linux kernel vulnerabilities

Qlustar Security Advisory 0423151

April 23, 2015


Summary:

The system could crash or be made to run programs as an administrator.


Package(s)       : linux-image-ql-generic,
    qlustar-module-core-trusty-amd64-9.0.1,
    qlustar-module-core-wheezy-amd64-9.0.1,
    qlustar-module-core-precise-amd64-8.1.2,
    qlustar-module-core-wheezy-amd64-8.1.2
Qlustar releases : 9.0, 8.1
Affected versions: All versions prior to this update
Vulnerability    : privilege escalation/denial of service
Problem type     : local
Qlustar-specific : no
CVE Id(s)        : CVE-2015-1593, CVE-2015-1465, CVE-2015-1421

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem:

CVE-2015-1593

An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism.

CVE-2015-1465

Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker on the same subnet can exploit this flaw to cause a denial of service (system crash).

CVE-2015-1421

Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system.

Update instructions:

The problem can be corrected by updating your system to the following or more recent package versions (follow the Qlustar Update Guide):

linux-image-ql-generic                     3.12.40-ql-generic-52
qlustar-module-core-trusty-amd64-9.0.1     9.0.1.3-b448f967
qlustar-module-core-wheezy-amd64-9.0.1     9.0.1.3-b448f967
qlustar-module-core-precise-amd64-8.1.2    8.1.2.8-b440f968
qlustar-module-core-wheezy-amd64-8.1.2     8.1.2.8-b440f968
glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587p08