[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2557-1] linux-4.19 security update



-------------------------------------------------------------------------
Debian LTS Advisory DLA-2557-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                        Ben Hutchings
February 12, 2021                             https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : linux-4.19
Version        : 4.19.171-2~deb9u1
CVE ID         : CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374 
                 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 
                 CVE-2020-36158 CVE-2021-3347 CVE-2021-20177
Debian Bug     : 970736 972345 977048 977615

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2020-27815

    A flaw was reported in the JFS filesystem code allowing a local
    attacker with the ability to set extended attributes to cause a
    denial of service.

CVE-2020-27825

    Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace
    ring buffer resizing logic due to a race condition, which could
    result in denial of service or information leak.

CVE-2020-27830

    Shisong Qin reported a NULL pointer dereference flaw in the Speakup
    screen reader core driver.

CVE-2020-28374

    David Disseldorp discovered that the LIO SCSI target implementation
    performed insufficient checking in certain XCOPY requests. An
    attacker with access to a LUN and knowledge of Unit Serial Number
    assignments can take advantage of this flaw to read and write to any
    LIO backstore, regardless of the SCSI transport settings.

CVE-2020-29568 (XSA-349)

    Michael Kurth and Pawel Wieczorkiewicz reported that frontends can
    trigger OOM in backends by updating a watched path.

CVE-2020-29569 (XSA-350)

    Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free
    flaw which can be triggered by a block frontend in Linux blkback. A
    misbehaving guest can trigger a dom0 crash by continuously
    connecting / disconnecting a block frontend.

CVE-2020-29660

    Jann Horn reported a locking inconsistency issue in the tty
    subsystem which may allow a local attacker to mount a
    read-after-free attack against TIOCGSID.

CVE-2020-29661

    Jann Horn reported a locking issue in the tty subsystem which can
    result in a use-after-free. A local attacker can take advantage of
    this flaw for memory corruption or privilege escalation.

CVE-2020-36158

    A buffer overflow flaw was discovered in the mwifiex WiFi driver
    which could result in denial of service or the execution of
    arbitrary code via a long SSID value.

CVE-2021-3347

    It was discovered that PI futexes have a kernel stack use-after-free
    during fault handling. An unprivileged user could use this flaw to
    crash the kernel (resulting in denial of service) or for privilege
    escalation.

CVE-2021-20177

    A flaw was discovered in the Linux implementation of string matching
    within a packet. A privileged user (with root or CAP_NET_ADMIN) can
    take advantage of this flaw to cause a kernel panic when inserting
    iptables rules.

For Debian 9 stretch, these problems have been fixed in version
4.19.171-2~deb9u1.

We recommend that you upgrade your linux-4.19 packages.

For the detailed security status of linux-4.19 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux-4.19

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-- 
Ben Hutchings
Reality is just a crutch for people who can't handle science fiction.

Attachment: signature.asc
Description: PGP signature


Reply to: