Malware Devil

Loading...

Thursday, August 13, 2020

ESB-2020.2798 – [Debian] linux-4.19: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2798
                          linux-4.19 new package
                              13 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux-4.19
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Root Compromise                 -- Existing Account      
                   Access Privileged Data          -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Unauthorised Access             -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15393 CVE-2020-13974 CVE-2020-12771
                   CVE-2020-12655 CVE-2020-10768 CVE-2020-10767
                   CVE-2020-10766 CVE-2020-1277 CVE-2020-1076
                   CVE-2019-20810 CVE-2019-18885 CVE-2019-18814
                   CVE-2018-3639 CVE-2017-5715 

Reference:         ESB-2020.2739

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html
   https://lists.debian.org/debian-lts-announce/2020/08/msg00020.html

Comment: This bulletin contains two (2) Debian security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2323-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                                    
August 12, 2020                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : linux-4.19
Version        : 4.19.132-1~deb9u1
CVE ID         : CVE-2019-18814 CVE-2019-18885 CVE-2019-20810 CVE-2020-10766
                 CVE-2020-10767 CVE-2020-10768 CVE-2020-12655 CVE-2020-12771
                 CVE-2020-13974 CVE-2020-15393
Debian Bug     : 958300 960493 962254 963493 964153 964480 965365

Linux 4.19 has been packaged for Debian 9 as linux-4.19.  This
provides a supported upgrade path for systems that currently use
kernel packages from the "stretch-backports" suite.

There is no need to upgrade systems using Linux 4.9, as that kernel
version will also continue to be supported in the LTS period.

This backport does not include the following binary packages:

    hyperv-daemons libbpf-dev libbpf4.19 libcpupower-dev libcpupower1
    liblockdep-dev liblockdep4.19 linux-compiler-gcc-6-arm
    linux-compiler-gcc-6-x86 linux-cpupower linux-libc-dev lockdep
    usbip

Older versions of most of those are built from the linux source
package in Debian 9.

The kernel images and modules will not be signed for use on systems
with Secure Boot enabled, as there is no support for this in Debian 9.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or information leak.

CVE-2019-18814

    Navid Emamdoost reported a potential use-after-free in the
    AppArmor security module, in the case that audit rule
    initialisation fails.  The security impact of this is unclear.

CVE-2019-18885

    The 'bobfuzzer' team discovered that crafted Btrfs volumes could
    trigger a crash (oops).  An attacker able to mount such a volume
    could use this to cause a denial of service.

CVE-2019-20810

    A potential memory leak was discovered in the go7007 media driver.
    The security impact of this is unclear.

CVE-2020-10766

    Anthony Steinhauser reported a flaw in the mitigation for
    Speculative Store Bypass (CVE-2018-3639) on x86 CPUs.  A local
    user could use this to temporarily disable SSB mitigation in other
    users' tasks.  If those other tasks run sandboxed code, this would
    allow that code to read sensitive information in the same process
    but outside the sandbox.

CVE-2020-10767

    Anthony Steinhauser reported a flaw in the mitigation for Spectre
    variant 2 (CVE-2017-5715) on x86 CPUs.  Depending on which other
    mitigations the CPU supports, the kernel might not use IBPB to
    mitigate Spectre variant 2 in user-space.  A local user could use
    this to read sensitive information from other users' processes.

CVE-2020-10768

    Anthony Steinhauser reported a flaw in the mitigation for Spectre
    variant 2 (CVE-2017-5715) on x86 CPUs.  After a task force-
    disabled indirect branch speculation through prctl(), it could
    still re-enable it later, so it was not possible to override a
    program that explicitly enabled it.

CVE-2020-12655

    Zheng Bin reported that crafted XFS volumes could trigger a system
    hang.  An attacker able to mount such a volume could use this to
    cause a denial of service.

CVE-2020-12771

    Zhiqiang Liu reported a bug in the bcache block driver that could
    lead to a system hang.  The security impact of this is unclear.

CVE-2020-13974

    Kyungtae Kim reported a potential integer overflow in the vt
    (virtual terminal) driver.  The security impact of this is
    unclear.

CVE-2020-15393

    Kyungtae Kim reported a memory leak in the usbtest driver.  The
    security impact of this is unclear.

For Debian 9 "Stretch", these problems have been fixed in version
4.19.132-1~deb9u1.  This update additionally fixes Debian bugs
#958300, #960493, #962254, #963493, #964153, #964480, and #965365; and
includes many more bug fixes from stable updates 4.19.119-4.19.132
inclusive.

We recommend that you upgrade your linux-4.19 packages.

For the detailed security status of linux-4.19 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux-4.19

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- --
Ben Hutchings - Debian developer, member of kernel, installer and LTS teams

- ------------------------------------------------------------------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2324-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                                     
August 12, 2020                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : linux-latest-4.19
Version        : 105+deb10u5~deb9u1

Linux 4.19 has been packaged for Debian 9 as linux-4.19.  This
provides a supported upgrade path for systems that currently use
kernel packages from the "stretch-backports" suite.

However, "apt full-upgrade" will *not* automatically install the
updated kernel packages.  You should explicitly install one of the
following metapackages first, as appropriate for your system:

    linux-image-4.19-686
    linux-image-4.19-686-pae
    linux-image-4.19-amd64
    linux-image-4.19-arm64
    linux-image-4.19-armmp
    linux-image-4.19-armmp-lpae
    linux-image-4.19-cloud-amd64
    linux-image-4.19-marvell
    linux-image-4.19-rpi
    linux-image-4.19-rt-686-pae
    linux-image-4.19-rt-amd64
    linux-image-4.19-rt-arm64
    linux-image-4.19-rt-armmp

For example, if the command "uname -r" currently shows
"4.19.0-0.bpo.9-amd64", you should install linux-image-4.19-amd64.

There is no need to upgrade systems using Linux 4.9, as that kernel
version will also continue to be supported in the LTS period.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
Ben Hutchings - Debian developer, member of kernel, installer and LTS teams

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXzTP2uNLKJtyKPYoAQgqgA//VUGq+acIxdPEswf48uGEAsq3zNV2wtu9
DOmIpgnmQbYLLGtbUzbcZOiy8rdIsI/7+VQDwxfNnacJ+1hdivBJGy6slQC89MfV
5KjFCnkoDBxsdhS2ARSGdkeB61KZQ0GHqIrVsXCnQe9tJLpRwagIAosi94do/Sqz
FoiMZPnqSQFFAfXvWGhl205RCHoIpz1pWEKWaxVNQfR/9PdVPed3InXXUhE60NV2
ijUDrA3byEBiWZWYc0zUFeR6Zp6pfKzRlUUqXUikSUbYpTf4+5V7kqdVZ4jOWQhk
BsX02B/66A8eLk7pHzkc61lEt+qt2pgqVi4j/aAQIip2vMPiYM0wqLFX3zsnIDeL
5X4PQfWahS/Onr6p3Dhjs3ZQaz+1jsxKMK9Erh0SMa3gKh1R2XqrLMgDEplINa6P
snHfEkg6P/WoTzhHWjp11kWnW2NRqy3QAaaM9IEHrClpy0kZh3pgg9w0ufGKav/q
3dI1C/jDFUjtpYuDDRBilNfVhvWU+hW6KWOVjEcF+g05j1g7sm0BumN8Vor2QPE0
LtxzxcCM4C1NAJr765zREEnRLFDcplfhglk/iQClVqH6ygkpYb0HNZwVz3dL/tl0
/W5daln0gomIKk8m65a4PCGIpSje4VE5N8771Pef6vfCpBbTKf0sHuyNQglErNS4
CdF5fuLWkNI=
=+pat
-----END PGP SIGNATURE-----

Read More



https://www.malwaredevil.com/2020/08/13/esb-2020-2798-debian-linux-4-19-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2798-debian-linux-4-19-multiple-vulnerabilities
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...