Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation: CVE-2014-7841 Liu Wei of Red Hat discovered that a SCTP server doing ASCONF will panic on malformed INIT chunks by triggering a NULL pointer dereference. CVE-2014-8369 A flaw was discovered in the way iommu mapping failures were handled in the kvm_iommu_map_pages() function in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. CVE-2014-8884 A stack-based buffer overflow flaw was discovered in the TechnoTrend/Hauppauge DEC USB driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges. CVE-2014-9090 Andy Lutomirski discovered that the do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic).

For the stable distribution (wheezy), these problems have been fixed in version 3.2.63-2+deb7u2. This update also includes fixes for regressions introduced by previous updates. For the unstable distribution (sid), these problems will be fixed soon in version 3.16.7-ckt2-1. We recommend that you upgrade your linux packages.

The Linux kernel is the core of the Linux operating system.

linux on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2014/dsa-3093.html

---

Updated on 2015-03-25