Linux Security
    Linux Security
    Linux Security

    Debian: DSA-4308-1: linux security update

    Date
    3944
    Posted By
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4308-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                     Salvatore Bonaccorso
    October 01, 2018                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : linux
    CVE ID         : CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363
                     CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099
                     CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678
                     CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276
                     CVE-2018-16658 CVE-2018-17182
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.
    
    CVE-2018-6554
    
        A memory leak in the irda_bind function in the irda subsystem was
        discovered. A local user can take advantage of this flaw to cause a
        denial of service (memory consumption).
    
    CVE-2018-6555
    
        A flaw was discovered in the irda_setsockopt function in the irda
        subsystem, allowing a local user to cause a denial of service
        (use-after-free and system crash).
    
    CVE-2018-7755
    
        Brian Belleville discovered a flaw in the fd_locked_ioctl function
        in the floppy driver in the Linux kernel. The floppy driver copies a
        kernel pointer to user memory in response to the FDGETPRM ioctl. A
        local user with access to a floppy drive device can take advantage
        of this flaw to discover the location kernel code and data.
    
    CVE-2018-9363
    
        It was discovered that the Bluetooth HIDP implementation did not
        correctly check the length of received report messages. A paired
        HIDP device could use this to cause a buffer overflow, leading to
        denial of service (memory corruption or crash) or potentially
        remote code execution.
    
    CVE-2018-9516
    
        It was discovered that the HID events interface in debugfs did not
        correctly limit the length of copies to user buffers.  A local
        user with access to these files could use this to cause a
        denial of service (memory corruption or crash) or possibly for
        privilege escalation.  However, by default debugfs is only
        accessible by the root user.
    
    CVE-2018-10902
    
        It was discovered that the rawmidi kernel driver does not protect
        against concurrent access which leads to a double-realloc (double
        free) flaw. A local attacker can take advantage of this issue for
        privilege escalation.
    
    CVE-2018-10938
    
        Yves Younan from Cisco reported that the Cipso IPv4 module did not
        correctly check the length of IPv4 options. On custom kernels with
        CONFIG_NETLABEL enabled, a remote attacker could use this to cause
        a denial of service (hang).
    
    CVE-2018-13099
    
        Wen Xu from SSLab at Gatech reported a use-after-free bug in the
        F2FS implementation. An attacker able to mount a crafted F2FS
        volume could use this to cause a denial of service (crash or
        memory corruption) or possibly for privilege escalation.
    
    CVE-2018-14609
    
        Wen Xu from SSLab at Gatech reported a potential null pointer
        dereference in the F2FS implementation. An attacker able to mount
        a crafted F2FS volume could use this to cause a denial of service
        (crash).
    
    CVE-2018-14617
    
        Wen Xu from SSLab at Gatech reported a potential null pointer
        dereference in the HFS+ implementation. An attacker able to mount
        a crafted HFS+ volume could use this to cause a denial of service
        (crash).
    
    CVE-2018-14633
    
        Vincent Pelletier discovered a stack-based buffer overflow flaw in
        the chap_server_compute_md5() function in the iSCSI target code. An
        unauthenticated remote attacker can take advantage of this flaw to
        cause a denial of service or possibly to get a non-authorized access
        to data exported by an iSCSI target.
    
    CVE-2018-14678
    
        M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the
        kernel exit code used on amd64 systems running as Xen PV guests.
        A local user could use this to cause a denial of service (crash).
    
    CVE-2018-14734
    
        A use-after-free bug was discovered in the InfiniBand
        communication manager. A local user could use this to cause a
        denial of service (crash or memory corruption) or possible for
        privilege escalation.
    
    CVE-2018-15572
    
        Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and
        Nael Abu-Ghazaleh, from University of California, Riverside,
        reported a variant of Spectre variant 2, dubbed SpectreRSB. A
        local user may be able to use this to read sensitive information
        from processes owned by other users.
    
    CVE-2018-15594
    
        Nadav Amit reported that some indirect function calls used in
        paravirtualised guests were vulnerable to Spectre variant 2.  A
        local user may be able to use this to read sensitive information
        from the kernel.
    
    CVE-2018-16276
    
        Jann Horn discovered that the yurex driver did not correctly limit
        the length of copies to user buffers.  A local user with access to
        a yurex device node could use this to cause a denial of service
        (memory corruption or crash) or possibly for privilege escalation.
    
    CVE-2018-16658
    
        It was discovered that the cdrom driver does not correctly
        validate the parameter to the CDROM_DRIVE_STATUS ioctl.  A user
        with access to a cdrom device could use this to read sensitive
        information from the kernel or to cause a denial of service
        (crash).
    
    CVE-2018-17182
    
        Jann Horn discovered that the vmacache_flush_all function mishandles
        sequence number overflows. A local user can take advantage of this
        flaw to trigger a use-after-free, causing a denial of service
        (crash or memory corruption) or privilege escalation.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 4.9.110-3+deb9u5.
    
    We recommend that you upgrade your linux packages.
    
    For the detailed security status of linux please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/linux
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    Advisories

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"11","type":"x","order":"1","pct":100,"resources":[]},{"id":"159","title":"False","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.