Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#4012 closed task (fixed)

linux-4.8.14 (CVE-2016-7596 CVE-2016-9919 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806)

Reported by: Douglas R. Reno Owned by: lfs-book@…
Priority: highest Milestone: 8.0
Component: Book Version: SVN
Severity: normal Keywords:


New minor version.

Security update with some critical fixes.

CVE-2016-7596: Linux Kernel use-after-free in SCSI generic device interface

The linux kernel contains a bug where a fragmented IPv6 packet causes a panic after a timeout (seems to be roughly 60 seconds). This can be triggered remotely via the internet and results in a DoS (kernel panic).


CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE

Memory corruption.

Affects all kernels back to 3.5 series, with a different CVE being assigned all the way back to 2.6.x.

Use CVE-2016-9793. This affects, for example, 4.8.12.

We might not completely understand the CVE implications of the "Note
that before
the bug was even more serious, since SO_SNDBUF and SO_RCVBUF were
vulnerable" comment within the
b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 commit message.
82981930125abfd39d7c8378a9cfdf5e1be2002b is a commit from 2012. The
3.5 release has this, whereas the 3.4 release does not.

For now, we are assigning CVE-2012-6704 to mean the analogous
vulnerability involving SO_SNDBUF and SO_RCVBUF that affects "before
3.5" kernels.

CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync


CVE Request: -- Linux kernel: double free in netlink_dump


My personal advice is to put out an advisory to the list as soon as we are done updating this package, and make a change to the errata for both books. This is serious and is worse than Dirty CoW.

Change History (7)

comment:1 by ken@…, 7 years ago

Is this the same issue as the fix at (commit b98b0bc) or a different one ?

I'm asking because the changes to net/core/soc.c in patch-4.8.13 (i.e. everything since 4.8.0) seem to be quite different.

comment:2 by Douglas R. Reno, 7 years ago

As far as I know, it is the same issue as the fix at that page.

comment:3 by ken@…, 7 years ago


"Greg Kroah-Hartman has announced the release of the 4.8.13 and 4.4.37 stable kernels. As usual, there are fixes throughout the tree and users of those kernel series should upgrade.

Note that the fix for the kernel code execution vulnerability using AF_PACKET sockets (also known as CVE-2016-8655) has not made it into these stable kernels. Those running systemd may want to check Lennart Poettering's blog post on how to mitigate the problem for services started by systemd."

From a comment, it IS fixed in 4.4.38 (and therefore also in 4.8.14).

comment:4 by bdubbs@…, 7 years ago

I intend to wait for 4.8.14. It shouldn't be long.

comment:5 by bdubbs@…, 7 years ago

Summary: linux-4.8.13 (CVE-2016-7596 CVE-2016-9919 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806)linux-4.8.14 (CVE-2016-7596 CVE-2016-9919 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806)

And it wasn't long. 4.8.14 has been released. I'll get it in the book in a few hours.

comment:6 by bdubbs@…, 7 years ago

Resolution: fixed
Status: newclosed

Fixed at revision 11152.

comment:7 by bdubbs@…, 7 years ago

Milestone: 7.118.0

Milestone renamed

Note: See TracTickets for help on using tickets.