User login
Qlustar: Install and enjoy!

[QSA-0622151] Linux kernel vulnerabilities

Qlustar Security Advisory 0622151

June 22, 2015


Summary:

The system could crash or be made to run programs as an administrator.


Package(s)       : linux-image-ql-generic,
    qlustar-module-core-trusty-amd64-9.0.1,
    qlustar-module-core-wheezy-amd64-9.0.1
Qlustar releases : 9.0
Affected versions: All versions prior to this update
Vulnerability    : privilege escalation/denial of service
Problem type     : local
Qlustar-specific : no
CVE Id(s)        : CVE-2015-4036, CVE-2015-3636, CVE-2015-3339,
     CVE-2015-1420

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem:

CVE-2015-4036

A memory corruption flaw was discovered in the Linux kernel's scsi subsystem. A local attacker could potentially exploit this flaw to cause a denial of service (system crash).

CVE-2015-3636

Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system.

CVE-2015-3339

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-1420

It was discovered that the open_by_handle_at() system call reads the handle size from user memory a second time after validating it. A local user with the CAP_DAC_READ_SEARCH capability could use this flaw for privilege escalation.

Update instructions:

The problem can be corrected by updating your system to the following or more recent package versions (follow the Qlustar Update Guide):

linux-image-ql-generic                     3.12.44-ql-generic-57
qlustar-module-core-trusty-amd64-9.0.1     9.0.1.5-b448f973
qlustar-module-core-wheezy-amd64-9.0.1     9.0.1.5-b448f973
glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587p08