Changelog
linux (3.16.51-3+deb8u1) jessie-security; urgency=high
* dccp: CVE-2017-8824: use-after-free in DCCP code
* Bluetooth: cmtp: cmtp_add_connection() should verify that it's dealing with
l2cap socket
* Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with
l2cap socket (CVE-2017-15868)
* media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
(CVE-2017-16538)
* media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
(CVE-2017-16538)
* ipsec: Fix aborted xfrm policy dump crash (CVE-2017-16939)
* netfilter: nfnetlink_cthelper: Add missing permission checks
(CVE-2017-17448)
* netlink: Add netns check on taps (CVE-2017-17449)
* netfilter: xt_osf: Add missing permission checks (CVE-2017-17450)
* USB: core: prevent malicious bNumInterfaces overflow (CVE-2017-17558)
* [armhf,arm64,x86] KVM: Fix stack-out-of-bounds read in write_mmio
(CVE-2017-17741)
* crypto: salsa20 - fix blkcipher_walk API usage (CVE-2017-17805)
* crypto: hmac - require that the underlying hash algorithm is unkeyed
(CVE-2017-17806)
* KEYS: add missing permission check for request_key() destination
(CVE-2017-17807)
* [x86] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
(CVE-2017-1000407)
* bluetooth: Prevent stack info leak from the EFS element.
(CVE-2017-1000410)
* Bump ABI to 5 and apply deferred stable changes:
- Input: i8042 - break load dependency between atkbd/psmouse and i8042
- Input: i8042 - set up shared ps2_cmd_mutex for AUX ports
- ACPICA: Utilities: split IO address types from data type models.
- [arm64] Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
- block: fix bdi vs gendisk lifetime mismatch
- cgroup: make sure a parent css isn't offlined before its children
- libata: Align ata_device's id on a cacheline
- libata: Ignore spurious PHY event on LPM policy change
- net/ipv6: add sysctl option accept_ra_min_hop_limit
- quota: Store maximum space limit in bytes
- quota: Switch ->get_dqblk() and ->set_dqblk() to use bytes as space units
- [s390*] Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
- scsi: scsi_error: count medium access timeout only once per EH run
- [x86] panic: replace smp_send_stop() with kdump friendly version in panic
path
* [amd64] Implement Kernel Page Table Isolation (KPTI, aka KAISER)
(CVE-2017-5754)
-- Ben Hutchings <email address hidden> Mon, 08 Jan 2018 22:13:59 +0000