주의: 이 번역은 원문보다 오래되었습니다.

데비안 보안 권고

DSA-4531-1 linux -- 보안 업데이트

보고일:
2019년 09월 25일
영향 받는 패키지:
linux
위험성:
보안 데이터베이스 참조:
Mitre의 CVE 사전: CVE-2019-14821, CVE-2019-14835, CVE-2019-15117, CVE-2019-15118, CVE-2019-15902.
추가 정보:

여러 취약점이 리눅스 커널에서 발견되어 권한 상승, 서비스 거부 또는 정보 유출을 일으킬 수 있습니다.

  • CVE-2019-14821

    Matt Delco reported a race condition in KVM's coalesced MMIO facility, which could lead to out-of-bounds access in the kernel. A local attacker permitted to access /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.

  • CVE-2019-14835

    Peter Pi of Tencent Blade Team discovered a missing bounds check in vhost_net, the network back-end driver for KVM hosts, leading to a buffer overflow when the host begins live migration of a VM. An attacker in control of a VM could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation on the host.

  • CVE-2019-15117

    Hui Peng and Mathias Payer reported a missing bounds check in the usb-audio driver's descriptor parsing code, leading to a buffer over-read. An attacker able to add USB devices could possibly use this to cause a denial of service (crash).

  • CVE-2019-15118

    Hui Peng and Mathias Payer reported unbounded recursion in the usb-audio driver's descriptor parsing code, leading to a stack overflow. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. On the amd64 architecture, and on the arm64 architecture in buster, this is mitigated by a guard page on the kernel stack, so that it is only possible to cause a crash.

  • CVE-2019-15902

    Brad Spengler reported that a backporting error reintroduced a spectre-v1 vulnerability in the ptrace subsystem in the ptrace_get_debugreg() function.

For the oldstable distribution (stretch), these problems have been fixed in version 4.9.189-3+deb9u1.

For the stable distribution 안정배포(buster)에서, 이 문제를 버전 4.19.67-2+deb10u1에서 수정했습니다.

linux 패키지를 업그레이드 하는 게 좋습니다.

linux의 자세한 보안 상태는 보안 추적 페이지를 참조하십시오: https://security-tracker.debian.org/tracker/linux