[SECURITY] [DLA 3102-1] linux-5.10 new package

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3102-1] linux-5.10 new package
From: Ben Hutchings <benh@debian.org>
Date: Sun, 11 Sep 2022 21:35:03 +0200
Message-id: <[🔎] Yx44Z6t+rr46Uvuy@decadent.org.uk>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-------------------------------------------------------------------------
Debian LTS Advisory DLA-3102-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                        Ben Hutchings
September 11, 2022                            https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : linux-5.10
Version        : 5.10.136-1~deb10u3
CVE ID         : CVE-2022-2585 CVE-2022-2586 CVE-2022-2588 CVE-2022-26373
                 CVE-2022-29900 CVE-2022-29901 CVE-2022-36879 CVE-2022-36946

Linux 5.10 has been packaged for Debian 10 as linux-5.10.  This
provides a supported upgrade path for systems that currently use
kernel packages from the "buster-backports" suite.

There is no need to upgrade systems using Linux 4.19, as that kernel
version will also continue to be supported in the LTS period.

The "apt full-upgrade" command will *not* automatically install the
updated kernel packages.  You should explicitly install one of the
following metapackages first, as appropriate for your system:
 
    linux-image-5.10-686
    linux-image-5.10-686-pae
    linux-image-5.10-amd64
    linux-image-5.10-arm64
    linux-image-5.10-armmp
    linux-image-5.10-armmp-lpae
    linux-image-5.10-cloud-amd64
    linux-image-5.10-cloud-arm64
    linux-image-5.10-rt-686-pae
    linux-image-5.10-rt-amd64
    linux-image-5.10-rt-arm64
    linux-image-5.10-rt-armmp

For example, if the command "uname -r" currently shows
"5.10.0-0.deb10.16-amd64", you should install linux-image-5.10-amd64.

This backport does not include the following binary packages:

    bpftool hyperv-daemons libcpupower-dev libcpupower1
    linux-compiler-gcc-8-arm linux-compiler-gcc-8-x86 linux-cpupower
    linux-libc-dev usbip

Older versions of most of those are built from the linux source
package in Debian 10.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2022-2585

    A use-after-free flaw in the implementation of POSIX CPU timers
    may result in denial of service or in local privilege escalation.

CVE-2022-2586

    A use-after-free in the Netfilter subsystem may result in local
    privilege escalation for a user with the CAP_NET_ADMIN capability
    in any user or network namespace.

CVE-2022-2588

    Zhenpeng Lin discovered a use-after-free flaw in the cls_route
    filter implementation which may result in local privilege
    escalation for a user with the CAP_NET_ADMIN capability in any
    user or network namespace.

CVE-2022-26373

    It was discovered that on certain processors with Intel's Enhanced
    Indirect Branch Restricted Speculation (eIBRS) capabilities there
    are exceptions to the documented properties in some situations,
    which may result in information disclosure.

    Intel's explanation of the issue can be found at
    https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/post-barrier-return-stack-buffer-predictions.html

CVE-2022-29900

    Johannes Wikner and Kaveh Razavi reported that for AMD/Hygon
    processors, mis-trained branch predictions for return instructions
    may allow arbitrary speculative code execution under certain
    microarchitecture-dependent conditions.

    A list of affected AMD CPU types can be found at
    https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037

CVE-2022-29901

    Johannes Wikner and Kaveh Razavi reported that for Intel
    processors (Intel Core generation 6, 7 and 8), protections against
    speculative branch target injection attacks were insufficient in
    some circumstances, which may allow arbitrary speculative code
    execution under certain microarchitecture-dependent conditions.

    More information can be found at
    https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/return-stack-buffer-underflow.html

CVE-2022-36879

    A flaw was discovered in xfrm_expand_policies in the xfrm
    subsystem which can cause a reference count to be dropped twice.

CVE-2022-36946

    Domingo Dirutigliano and Nicola Guerrera reported a memory
    corruption flaw in the Netfilter subsystem which may result in
    denial of service.

For Debian 10 buster, these problems have been fixed in version
5.10.136-1~deb10u3. This update additionally includes many more bug
fixes from stable updates 5.10.128-5.10.136 inclusive.

We recommend that you upgrade your linux-5.10 packages.

For the detailed security status of linux-5.10 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux-5.10

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA 3101-1] libxslt security update
Next by Date: [SECURITY] [DLA 3103-1] zlib security update
Previous by thread: [SECURITY] [DLA 3101-1] libxslt security update
Next by thread: [SECURITY] [DLA 3103-1] zlib security update
Index(es):
- Date
- Thread