14 DAY TRIAL // On October 19, 2016, Debian developer Salvatore Bonaccorso announced the availability of a new, important kernel update for the stable Debian GNU/Linux 8 "Jessie" series of operating systems.
The update promises to patch a total of four Linux kernel security vulnerabilities documented as CVE-2015-8956, CVE-2016-7042, CVE-2016-7425, and CVE-2016-5195, which some of you know as the ancient "Dirty COW" bug that could have allowed a local attacker to run programs with system administrator (root) privileges.
"Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks," reads Debian Security Advisory DSA-3696-1. "Additionally this update fixes a regression introduced in DSA-3616-1 causing iptables performance issues (cf. Debian Bug #831014)."
Debian Jessie users urged to update their systems immediately
Apart from fixing the "Dirty COW" bug, the new Debian kernel patch also addresses an issue discovered in Linux kernel's RFCOMM Bluetooth socket handling, which could have allowed an attacker to cause a denial of service (system crash) or access sensitive information.
Additionally, the kernel update patches an incorrect buffer allocation issue discovered by Ondrej Kozina in Linux kernel's proc_keys_show() function, which allowed a local attacker to cause a denial of service (system crash), and a buffer overflow in Linux kernel's arcmsr SCSI driver, which permitted a local attacker to cause a denial of service or execute arbitrary code. The issue was discovered by Marco Grassi.
Debian Projects urged all users of the Debian GNU/Linux 8 "Jessie" operating system to update the kernel packages as soon as possible to version 3.16.36-1+deb8u2, which is now available in the stable repositories. For more information about this update, we recommend checking the CVEs above or visit https://www.debian.org/security/.