Just released, including security updates.
9.3.2-20171224
Updates in 1 source package(s), 2 binary package(s):
Source linux, binaries: linux-image-4.9.0-4-amd64:amd64 linux-image-4.9.0-4-arm64:arm64
linux (4.9.65-3+deb9u1) stretch-security; urgency=high
* dccp: CVE-2017-8824: use-after-free in DCCP code
* media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
(CVE-2017-16538)
* media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
(CVE-2017-16538)
* media: hdpvr: Fix an error handling path in hdpvr_probe() (CVE-2017-16644)
* bpf/verifier: Fix multiple security issues:
- adjust insn_aux_data when patching insns
- fix branch pruning logic
- reject out-of-bounds stack pointer calculation
- fix incorrect sign extension in check_alu_op() (CVE-2017-16995)
- Fix states_equal() comparison of pointer and UNKNOWN
* netfilter: nfnetlink_cthelper: Add missing permission checks
(CVE-2017-17448)
* netlink: Add netns check on taps (CVE-2017-17449)
* netfilter: xt_osf: Add missing permission checks (CVE-2017-17450)
* USB: core: prevent malicious bNumInterfaces overflow (CVE-2017-17558)
* net: ipv4: fix for a race condition in raw_sendmsg (CVE-2017-17712)
* [armhf,arm64,x86] KVM: Fix stack-out-of-bounds read in write_mmio
(CVE-2017-17741)
* crypto: salsa20 - fix blkcipher_walk API usage (CVE-2017-17805)
* crypto: hmac - require that the underlying hash algorithm is unkeyed
(CVE-2017-17806)
* KEYS: add missing permission check for request_key() destination
(CVE-2017-17807)
* [x86] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
(CVE-2017-1000407)
* bluetooth: Prevent stack info leak from the EFS element.
(CVE-2017-1000410)
https://cloud.debian.org/images/openstack/current-9/
--
Steve McIntyre, Cambridge, UK. steve@einval.com
"We're the technical experts. We were hired so that management could
ignore our recommendations and tell us how to do our jobs." -- Mike Andrews
Attachment:
signature.asc
Description: PGP signature