Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Debian Jessie Upgrade: DLA-1423-1 Critical Linux 4.9 Kernel Security Fixes

debian lts
Calendar Grey July 18, 2018
Dist Debian Esm H88
Debian 8 now offers Linux 4.9, enhancing system security by addressing numerous kernel flaws and errors. Updating is advised.
Linux 4.9 has been packaged for Debian 8 as linux-4.9

Summary

This backport does not include the following binary packages:

hyperv-daemons libcpupower1 libcpupower-dev libusbip-dev
linux-compiler-gcc-4.9-x86 linux-cpupower linux-libc-dev usbip

Older versions of most of those are built from other source packages
in Debian 8.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2017-5753

Further instances of code that was vulnerable to Spectre variant 1
(bounds-check bypass) have been mitigated.

CVE-2017-18255

It was discovered that the performance events subsystem did not
properly validate the value of the
kernel.perf_cpu_time_max_percent sysctl. Setting a large value
could have an unspecified security impact. However, only a
privileged user can set this sysctl.

CVE-2018-1118

The syzbot software found that the vhost driver did not initialise
message buffers which would later be read by user processes. A

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: linux-4.9
Version: 4.9.110-1~deb8u1
CVE ID: CVE-2017-5753 CVE-2017-18255 CVE-2018-1118 CVE-2018-1120
Debian Bug: 860900 872907 892057 896775 897590 898137

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here