#4012 closed task (fixed)
linux-4.8.14 (CVE-2016-7596 CVE-2016-9919 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806)
| Reported by: | Douglas R. Reno | Owned by: | |
|---|---|---|---|
| Priority: | highest | Milestone: | 8.0 |
| Component: | Book | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version.
Security update with some critical fixes.
http://seclists.org/oss-sec/2016/q4/644
CVE-2016-7596: Linux Kernel use-after-free in SCSI generic device interface
The linux kernel contains a bug where a fragmented IPv6 packet causes a panic after a timeout (seems to be roughly 60 seconds). This can be triggered remotely via the internet and results in a DoS (kernel panic).
http://seclists.org/oss-sec/2016/q4/640
http://seclists.org/oss-sec/2016/q4/641
CVE-2016-9919
CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE
Memory corruption.
http://seclists.org/oss-sec/2016/q4/573
http://seclists.org/oss-sec/2016/q4/574
Affects all kernels back to 3.5 series, with a different CVE being assigned all the way back to 2.6.x.
Use CVE-2016-9793. This affects, for example, 4.8.12. We might not completely understand the CVE implications of the "Note that before https://github.com/torvalds/linux/commit/82981930125abfd39d7c8378a9cfdf5e1be2002b the bug was even more serious, since SO_SNDBUF and SO_RCVBUF were vulnerable" comment within the b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 commit message. 82981930125abfd39d7c8378a9cfdf5e1be2002b is a commit from 2012. The 3.5 release has this, whereas the 3.4 release does not. For now, we are assigning CVE-2012-6704 to mean the analogous vulnerability involving SO_SNDBUF and SO_RCVBUF that affects "before 3.5" kernels.
CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync
http://seclists.org/oss-sec/2016/q4/575
http://seclists.org/oss-sec/2016/q4/576
CVE-2016-9794
CVE Request: -- Linux kernel: double free in netlink_dump
http://seclists.org/oss-sec/2016/q4/577
http://seclists.org/oss-sec/2016/q4/580
CVE-2016-9806
My personal advice is to put out an advisory to the list as soon as we are done updating this package, and make a change to the errata for both books. This is serious and is worse than Dirty CoW.
Change History (7)
comment:1 by , 8 years ago
comment:3 by , 8 years ago
From lwn.net:
"Greg Kroah-Hartman has announced the release of the 4.8.13 and 4.4.37 stable kernels. As usual, there are fixes throughout the tree and users of those kernel series should upgrade.
Note that the fix for the kernel code execution vulnerability using AF_PACKET sockets (also known as CVE-2016-8655) has not made it into these stable kernels. Those running systemd may want to check Lennart Poettering's blog post on how to mitigate the problem for services started by systemd."
From a comment, it IS fixed in 4.4.38 (and therefore also in 4.8.14).
comment:5 by , 8 years ago
| Summary: | linux-4.8.13 (CVE-2016-7596 CVE-2016-9919 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806) → linux-4.8.14 (CVE-2016-7596 CVE-2016-9919 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806) |
|---|
And it wasn't long. 4.8.14 has been released. I'll get it in the book in a few hours.
Is this the same issue as the fix at https://github.com/torvalds/linux/commit/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 (commit b98b0bc) or a different one ?
I'm asking because the changes to net/core/soc.c in patch-4.8.13 (i.e. everything since 4.8.0) seem to be quite different.