Security Information / 2018 / Security Information -- DSA-4266-1 linux

Debian Security Advisory

DSA-4266-1 linux -- security update

Date Reported:

06 Aug 2018

Affected Packages:

linux

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2018-5390, CVE-2018-13405.

More information:

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.

• CVE-2018-5390

  Juha-Matti Tilli discovered that a remote attacker can trigger the worst case code paths for TCP stream reassembly with low rates of specially crafted packets leading to remote denial of service.

• CVE-2018-13405

  Jann Horn discovered that the inode_init_owner function in fs/inode.c in the Linux kernel allows local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID.

For the stable distribution (stretch), these problems have been fixed in version 4.9.110-3+deb9u1. This update includes fixes for several regressions in the latest point release.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux