[SECURITY] [DLA 2610-1] linux-4.19 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2610-1] linux-4.19 security update
From: Ben Hutchings <benh@debian.org>
Date: Tue, 30 Mar 2021 23:45:31 +0200
Message-id: <[🔎] YGOb+5OC6If3VHlQ@decadent.org.uk>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-------------------------------------------------------------------------
Debian LTS Advisory DLA-2610-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                        Ben Hutchings
March 30, 2021                                https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : linux-4.19
Version        : 4.19.181-1~deb9u1
CVE ID         : CVE-2020-27170 CVE-2020-27171 CVE-2021-3348 CVE-2021-3428 
                 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 
                 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660
Debian Bug     : 983595

Several vulnerabilities have been discovered in the Linux kernel that
may lead to the execution of arbitrary code, privilege escalation,
denial of service, or information leaks.

CVE-2020-27170, CVE-2020-27171

    Piotr Krysiuk discovered flaws in the BPF subsystem's checks for
    information leaks through speculative execution.  A local user
    could use these to obtain sensitive information from kernel
    memory.

CVE-2021-3348

    ADlab of venustech discovered a race condition in the nbd block
    driver that can lead to a use-after-free.  A local user with
    access to an nbd block device could use this to cause a denial of
    service (crash or memory corruption) or possibly for privilege
    escalation.

CVE-2021-3428

    Wolfgang Frisch reported a potential integer overflow in the
    ext4 filesystem driver.  A user permitted to mount arbitrary
    filesystem images could use this to cause a denial of service
    (crash).

CVE-2021-26930 (XSA-365)

    Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan
    H. Schönherr discovered that the Xen block backend driver
    (xen-blkback) did not handle grant mapping errors correctly.  A
    malicious guest could exploit this bug to cause a denial of
    service (crash), or possibly an information leak or privilege
    escalation, within the domain running the backend, which is
    typically dom0.

CVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038 (XSA-367)

    Jan Beulich discovered that the Xen support code and various Xen
    backend drivers did not handle grant mapping errors correctly.  A
    malicious guest could exploit these bugs to cause a denial of
    service (crash) within the domain running the backend, which is
    typically dom0.

CVE-2021-27363

    Adam Nichols reported that the iSCSI initiator subsystem did not
    properly restrict access to transport handle attributes in sysfs.
    On a system acting as an iSCSI initiator, this is an information
    leak to local users and makes it easier to exploit CVE-2021-27364.

CVE-2021-27364

    Adam Nichols reported that the iSCSI initiator subsystem did not
    properly restrict access to its netlink management interface.  On
    a system acting as an iSCSI initiator, a local user could use
    these to cause a denial of service (disconnection of storage) or
    possibly for privilege escalation.

CVE-2021-27365

    Adam Nichols reported that the iSCSI initiator subsystem did not
    correctly limit the lengths of parameters or "passthrough PDUs"
    sent through its netlink management interface.  On a system acting
    as an iSCSI initiator, a local user could use these to leak the
    contents of kernel memory, to cause a denial of service (kernel
    memory corruption or crash), and probably for privilege
    escalation.

CVE-2021-28660

    It was discovered that the rtl8188eu WiFi driver did not correctly
    limit the length of SSIDs copied into scan results.  An attacker
    within WiFi range could use this to cause a denial of service
    (crash or memory corruption) or possibly to execute code on a
    vulnerable system.

For Debian 9 stretch, these problems have been fixed in version
4.19.181-1~deb9u1.  This update additionally fixes Debian bug
#983595, and includes many more bug fixes from stable updates
4.19.172-4.19.181 inclusive.

We recommend that you upgrade your linux-4.19 packages.

For the detailed security status of linux-4.19 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux-4.19

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-- 
Ben Hutchings
[W]e found...that it wasn't as easy to get programs right as we had
thought. I realized that a large part of my life from then on was going
to be spent in finding mistakes in my own programs.
                                                 - Maurice Wilkes, 1949

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA 2609-1] thunderbird security update
Next by Date: [SECURITY] [DLA 2611-1] ldb security update
Previous by thread: [SECURITY] [DLA 2609-1] thunderbird security update
Next by thread: [SECURITY] [DLA 2611-1] ldb security update
Index(es):
- Date
- Thread