Debian 8: DLA-1715-1 Critical: linux-4.9 Denial of Service Issues
debian lts
March 15, 2019
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Topics Covered
Summary
A race condition was discovered in the disk space allocator of
F2FS. A user with access to an F2FS volume could use this to cause
a denial of service or other security impact.
CVE-2018-1128, CVE-2018-1129
The cephx authentication protocol used by Ceph was susceptible to
replay attacks, and calculated signatures incorrectly. These
vulnerabilities in the server required changes to authentication
that are incompatible with existing clients. The kernel's client
code has now been updated to be compatible with the fixed server.
CVE-2018-3639 (SSB)
Multiple researchers have discovered that Speculative Store Bypass
(SSB), a feature implemented in many processors, could be used to
read sensitive information from another context. In particular,
code in a software sandbox may be able to read sensitive
information from outside the sandbox. This issue is also known as
Spectre variant 4.
This update adds a further mitigation for this issue in the eBPF
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: linux-4.9
Version: 4.9.144-3.1~deb8u1
CVE ID: CVE-2017-18249 CVE-2018-1128 CVE-2018-1129 CVE-2018-3639
Debian Bug: 890034 896911 907581 915229 915231
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!