Package        : linux
Version        : 3.2.88-1
CVE ID         : CVE-2016-2188 CVE-2016-9604 CVE-2016-10200 CVE-2017-2647 
                 CVE-2017-2671 CVE-2017-5967 CVE-2017-5970 CVE-2017-6951 
                 CVE-2017-7184 CVE-2017-7261 CVE-2017-7273 CVE-2017-7294 
                 CVE-2017-7308 CVE-2017-7472 CVE-2017-7616 CVE-2017-7618

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or have other
impacts.

CVE-2016-2188

    Ralf Spenneberg of OpenSource Security reported that the iowarrior
    device driver did not sufficiently validate USB descriptors.  This
    allowed a physically present user with a specially designed USB
    device to cause a denial of service (crash).

CVE-2016-9604

    It was discovered that the keyring subsystem allowed a process to
    set a special internal keyring as its session keyring.  The
    security impact in this version of the kernel is unknown.

CVE-2016-10200

    Baozeng Ding and Andrey Konovalov reported a race condition in the
    L2TP implementation which could corrupt its table of bound
    sockets.  A local user could use this to cause a denial of service
    (crash) or possibly for privilege escalation.

CVE-2017-2647 / CVE-2017-6951

    idl3r reported that the keyring subsystem would allow a process
    to search for 'dead' keys, causing a null pointer dereference.
    A local user could use this to cause a denial of service (crash).

CVE-2017-2671

    Daniel Jiang discovered a race condition in the ping socket
    implementation.  A local user with access to ping sockets could
    use this to cause a denial of service (crash) or possibly for
    privilege escalation.  This feature is not accessible to any
    users by default.

CVE-2017-5967

    Xing Gao reported that the /proc/timer_list file showed
    information about all processes, not considering PID namespaces.
    If timer debugging was enabled by a privileged user, this leaked
    information to processes contained in PID namespaces.

CVE-2017-5970

    Andrey Konovalov discovered a denial-of-service flaw in the IPv4
    networking code. This can be triggered by a local or remote
    attacker if a local UDP or raw socket has the IP_RETOPTS option
    enabled.

CVE-2017-7184

    Chaitin Security Research Lab discovered that the net xfrm
    subsystem did not sufficiently validate replay state parameters,
    allowing a heap buffer overflow.  This can be used by a local user
    with the CAP_NET_ADMIN capability for privilege escalation.

CVE-2017-7261

    Vladis Dronov and Murray McAllister reported that the vmwgfx
    driver did not sufficiently validate rendering surface parameters.
    In a VMware guest, this can be used by a local user to cause a
    denial of service (crash).

CVE-2017-7273

    Benoit Camredon reported that the hid-cypress driver did not
    sufficiently validate HID reports.  This possibly allowed a
    physically present user with a specially designed USB device to
    cause a denial of service (crash).

CVE-2017-7294

    Li Qiang reported that the vmwgfx driver did not sufficiently
    validate rendering surface parameters.  In a VMware guest, this
    can be used by a local user to cause a denial of service (crash)
    or possibly for privilege escalation.

CVE-2017-7308

    Andrey Konovalov reported that the packet socket (AF_PACKET)
    implementation did not sufficiently validate buffer parameters.
    This can be used by a local user with the CAP_NET_RAW capability
    for privilege escalation.

CVE-2017-7472

    Eric Biggers reported that the keyring subsystem allowed a thread
    to create new thread keyrings repeatedly, causing a memory leak.
    This can be used by a local user to cause a denial of service
    (memory exhaustion).

CVE-2017-7616

    Chris Salls reported an information leak in the 32-bit big-endian
    compatibility implementations of set_mempolicy() and mbind().
    This does not affect any architecture supported in Debian 7 LTS.

CVE-2017-7618

    Sabrina Dubroca reported that the cryptographic hash subsystem
    does not correctly handle submission of unaligned data to a
    device that is already busy, resulting in infinite recursion.
    On some systems this can be used by local users to cause a
    denial of service (crash).

For Debian 7 "Wheezy", these problems have been fixed in version
3.2.88-1.  This version also includes bug fixes from upstream version
3.2.88, and fixes some older security issues in the keyring, packet
socket and cryptographic hash subsystems that do not have CVE IDs.

For Debian 8 "Jessie", most of these problems have been fixed in
version 3.16.43-1 which will be part of the next point release.

We recommend that you upgrade your linux packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-- 
Ben Hutchings - Debian developer, member of kernel, installer and LTS teams