Debian: DSA-4308-1: linux security update

    Date01 Oct 2018
    CategoryDebian
    3540
    Posted ByAnthony Pell
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4308-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                     Salvatore Bonaccorso
    October 01, 2018                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : linux
    CVE ID         : CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363
                     CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099
                     CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678
                     CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276
                     CVE-2018-16658 CVE-2018-17182
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.
    
    CVE-2018-6554
    
        A memory leak in the irda_bind function in the irda subsystem was
        discovered. A local user can take advantage of this flaw to cause a
        denial of service (memory consumption).
    
    CVE-2018-6555
    
        A flaw was discovered in the irda_setsockopt function in the irda
        subsystem, allowing a local user to cause a denial of service
        (use-after-free and system crash).
    
    CVE-2018-7755
    
        Brian Belleville discovered a flaw in the fd_locked_ioctl function
        in the floppy driver in the Linux kernel. The floppy driver copies a
        kernel pointer to user memory in response to the FDGETPRM ioctl. A
        local user with access to a floppy drive device can take advantage
        of this flaw to discover the location kernel code and data.
    
    CVE-2018-9363
    
        It was discovered that the Bluetooth HIDP implementation did not
        correctly check the length of received report messages. A paired
        HIDP device could use this to cause a buffer overflow, leading to
        denial of service (memory corruption or crash) or potentially
        remote code execution.
    
    CVE-2018-9516
    
        It was discovered that the HID events interface in debugfs did not
        correctly limit the length of copies to user buffers.  A local
        user with access to these files could use this to cause a
        denial of service (memory corruption or crash) or possibly for
        privilege escalation.  However, by default debugfs is only
        accessible by the root user.
    
    CVE-2018-10902
    
        It was discovered that the rawmidi kernel driver does not protect
        against concurrent access which leads to a double-realloc (double
        free) flaw. A local attacker can take advantage of this issue for
        privilege escalation.
    
    CVE-2018-10938
    
        Yves Younan from Cisco reported that the Cipso IPv4 module did not
        correctly check the length of IPv4 options. On custom kernels with
        CONFIG_NETLABEL enabled, a remote attacker could use this to cause
        a denial of service (hang).
    
    CVE-2018-13099
    
        Wen Xu from SSLab at Gatech reported a use-after-free bug in the
        F2FS implementation. An attacker able to mount a crafted F2FS
        volume could use this to cause a denial of service (crash or
        memory corruption) or possibly for privilege escalation.
    
    CVE-2018-14609
    
        Wen Xu from SSLab at Gatech reported a potential null pointer
        dereference in the F2FS implementation. An attacker able to mount
        a crafted F2FS volume could use this to cause a denial of service
        (crash).
    
    CVE-2018-14617
    
        Wen Xu from SSLab at Gatech reported a potential null pointer
        dereference in the HFS+ implementation. An attacker able to mount
        a crafted HFS+ volume could use this to cause a denial of service
        (crash).
    
    CVE-2018-14633
    
        Vincent Pelletier discovered a stack-based buffer overflow flaw in
        the chap_server_compute_md5() function in the iSCSI target code. An
        unauthenticated remote attacker can take advantage of this flaw to
        cause a denial of service or possibly to get a non-authorized access
        to data exported by an iSCSI target.
    
    CVE-2018-14678
    
        M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the
        kernel exit code used on amd64 systems running as Xen PV guests.
        A local user could use this to cause a denial of service (crash).
    
    CVE-2018-14734
    
        A use-after-free bug was discovered in the InfiniBand
        communication manager. A local user could use this to cause a
        denial of service (crash or memory corruption) or possible for
        privilege escalation.
    
    CVE-2018-15572
    
        Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and
        Nael Abu-Ghazaleh, from University of California, Riverside,
        reported a variant of Spectre variant 2, dubbed SpectreRSB. A
        local user may be able to use this to read sensitive information
        from processes owned by other users.
    
    CVE-2018-15594
    
        Nadav Amit reported that some indirect function calls used in
        paravirtualised guests were vulnerable to Spectre variant 2.  A
        local user may be able to use this to read sensitive information
        from the kernel.
    
    CVE-2018-16276
    
        Jann Horn discovered that the yurex driver did not correctly limit
        the length of copies to user buffers.  A local user with access to
        a yurex device node could use this to cause a denial of service
        (memory corruption or crash) or possibly for privilege escalation.
    
    CVE-2018-16658
    
        It was discovered that the cdrom driver does not correctly
        validate the parameter to the CDROM_DRIVE_STATUS ioctl.  A user
        with access to a cdrom device could use this to read sensitive
        information from the kernel or to cause a denial of service
        (crash).
    
    CVE-2018-17182
    
        Jann Horn discovered that the vmacache_flush_all function mishandles
        sequence number overflows. A local user can take advantage of this
        flaw to trigger a use-after-free, causing a denial of service
        (crash or memory corruption) or privilege escalation.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 4.9.110-3+deb9u5.
    
    We recommend that you upgrade your linux packages.
    
    For the detailed security status of linux please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/linux
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.