Re: [SECURITY] [DLA 2483-1] linux-4.19 security update
Removed:
linux-headers-4.19-686-pae 4.19+105+deb10u7~deb9u1
linux-headers-4.19-amd64 4.19+105+deb10u7~deb9u1
linux-headers-4.19-cloud-amd64 4.19+105+deb10u7~deb9u1
linux-image-4.19-686-pae 4.19+105+deb10u7~deb9u1
linux-image-4.19-amd64 4.19+105+deb10u7~deb9u1
linux-image-4.19-cloud-amd64 4.19+105+deb10u7~deb9u1
linux-config-4.19 4.19.152-1~deb9u1
linux-doc-4.19 4.19.152-1~deb9u1
linux-headers-4.19.0-0.bpo.12-686-pae 4.19.152-1~deb9u1
linux-headers-4.19.0-0.bpo.12-amd64 4.19.152-1~deb9u1
linux-headers-4.19.0-0.bpo.12-common 4.19.152-1~deb9u1
linux-image-4.19.0-0.bpo.12-686-pae 4.19.152-1~deb9u1
linux-image-4.19.0-0.bpo.12-amd64 4.19.152-1~deb9u1
linux-kbuild-4.19 4.19.152-1~deb9u1
linux-support-4.19.0-0.bpo.12 4.19.152-1~deb9u1
Upgraded to new release: 4.19.0-0.bpo.13
So new extra modules compiled.
On Thu, Dec 10, 2020 at 12:11:34PM +0100, Ben Hutchings wrote:
> -------------------------------------------------------------------------
> Debian LTS Advisory DLA-2483-1 debian-lts@lists.debian.org
> https://www.debian.org/lts/security/ Ben Hutchings
> December 05, 2020 https://wiki.debian.org/LTS
> -------------------------------------------------------------------------
>
> Package : linux-4.19
> Version : 4.19.160-2~deb9u1
> CVE ID : CVE-2019-19039 CVE-2019-19377 CVE-2019-19770 CVE-2019-19816
> CVE-2020-0423 CVE-2020-8694 CVE-2020-14351 CVE-2020-25656
> CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705
> CVE-2020-27673 CVE-2020-27675 CVE-2020-28941 CVE-2020-28974
> Debian Bug : 949863 968623 971058
>
> Several vulnerabilities have been discovered in the Linux kernel that
> may lead to the execution of arbitrary code, privilege escalation,
> denial of service or information leaks.
>
> CVE-2019-19039
>
> "Team bobfuzzer" reported a bug in Btrfs that could lead to an
> assertion failure (WARN). A user permitted to mount and access
> arbitrary filesystems could use this to cause a denial of service
> (crash) if the panic_on_warn kernel parameter is set.
>
> CVE-2019-19377
>
> "Team bobfuzzer" reported a bug in Btrfs that could lead to a
> use-after-free. A user permitted to mount and access arbitrary
> filesystems could use this to cause a denial of service (crash or
> memory corruption) or possibly for privilege escalation.
>
> CVE-2019-19770
>
> The syzbot tool discovered a race condition in the block I/O
> tracer (blktrace) that could lead to a system crash. Since
> blktrace can only be controlled by privileged users, the security
> impact of this is unclear.
>
> CVE-2019-19816
>
> "Team bobfuzzer" reported a bug in Btrfs that could lead to an
> out-of-bounds write. A user permitted to mount and access
> arbitrary filesystems could use this to cause a denial of service
> (crash or memory corruption) or possibly for privilege escalation.
>
> CVE-2020-0423
>
> A race condition was discovered in the Android binder driver, that
> could result in a use-after-free. On systems using this driver, a
> local user could use this to cause a denial of service (crash or
> memory corruption) or possibly for privilege escalation.
>
> CVE-2020-8694
>
> Multiple researchers discovered that the powercap subsystem
> allowed all users to read CPU energy meters, by default. On
> systems using Intel CPUs, this provided a side channel that could
> leak sensitive information between user processes, or from the
> kernel to user processes. The energy meters are now readable only
> by root, by default.
>
> This issue can be mitigated by running:
>
> chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj
>
> This needs to be repeated each time the system is booted with
> an unfixed kernel version.
>
> CVE-2020-14351
>
> A race condition was discovered in the performance events
> subsystem, which could lead to a use-after-free. A local user
> permitted to access performance events could use this to cause a
> denial of service (crash or memory corruption) or possibly for
> privilege escalation.
>
> Debian's kernel configuration does not allow unprivileged users to
> access peformance events by default, which fully mitigates this
> issue.
>
> CVE-2020-25656
>
> Yuan Ming and Bodong Zhao discovered a race condition in the
> virtual terminal (vt) driver that could lead to a use-after-free.
> A local user with the CAP_SYS_TTY_CONFIG capability could use this
> to cause a denial of service (crash or memory corruption) or
> possibly for privilege escalation.
>
> CVE-2020-25668
>
> Yuan Ming and Bodong Zhao discovered a race condition in the
> virtual terminal (vt) driver that could lead to a use-after-free.
> A local user with access to a virtual terminal, or with the
> CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of
> service (crash or memory corruption) or possibly for privilege
> escalation.
>
> CVE-2020-25669
>
> Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd)
> that could lead to a use-after-free. On a system using this
> driver, a local user could use this to cause a denial of service
> (crash or memory corruption) or possibly for privilege escalation.
>
> CVE-2020-25704
>
> kiyin(尹亮) discovered a potential memory leak in the performance
> events subsystem. A local user permitted to access performance
> events could use this to cause a denial of service (memory
> exhaustion).
>
> Debian's kernel configuration does not allow unprivileged users to
> access peformance events by default, which fully mitigates this
> issue.
>
> CVE-2020-25705
>
> Keyu Man reported that strict rate-limiting of ICMP packet
> transmission provided a side-channel that could help networked
> attackers to carry out packet spoofing. In particular, this made
> it practical for off-path networked attackers to "poison" DNS
> caches with spoofed responses ("SAD DNS" attack).
>
> This issue has been mitigated by randomising whether packets are
> counted against the rate limit.
>
> CVE-2020-27673 / XSA-332
>
> Julien Grall from Arm discovered a bug in the Xen event handling
> code. Where Linux was used in a Xen dom0, unprivileged (domU)
> guests could cause a denial of service (excessive CPU usage or
> hang) in dom0.
>
> CVE-2020-27675 / XSA-331
>
> Jinoh Kang of Theori discovered a race condition in the Xen event
> handling code. Where Linux was used in a Xen dom0, unprivileged
> (domU) guests could cause a denial of service (crash) in dom0.
>
> CVE-2020-28941
>
> Shisong Qin and Bodong Zhao discovered a bug in the Speakup screen
> reader subsystem. Speakup assumed that it would only be bound to
> one terminal (tty) device at a time, but did not enforce this. A
> local user could exploit this bug to cause a denial of service
> (crash or memory exhaustion).
>
> CVE-2020-28974
>
> Yuan Ming discovered a bug in the virtual terminal (vt) driver
> that could lead to an out-of-bounds read. A local user with
> access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG
> capability, could possibly use this to obtain sensitive
> information from the kernel or to cause a denial of service
> (crash).
>
> The specific ioctl operation affected by this bug
> (KD_FONT_OP_COPY) has been disabled, as it is not believed that
> any programs depended on it.
>
> For Debian 9 stretch, these problems have been fixed in version
> 4.19.160-2~deb9u1.
>
> We recommend that you upgrade your linux-4.19 packages.
Reply to: