Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Debian: DLA-1731-2 Critical: Fix For VMXNet3 and CIFS Regression

debian lts
Calendar Grey April 1, 2019
Dist Debian Esm H88
Package : linux Version : 3.16.64-2 CVE ID : CVE-2016-10741 CVE-2017-5753 CVE-2017-13305 CVE-2018-36
The linux update issued as DLA-1731-1 caused a regression in the vmxnet3 (VMware virtual network adapter) driver

Summary

CVE-2016-10741

A race condition was discovered in XFS that would result in a
crash (BUG). A local user permitted to write to an XFS volume
could use this for denial of service.

CVE-2017-5753

Further instances of code that was vulnerable to Spectre variant 1
(bounds-check bypass) have been mitigated.

CVE-2017-13305

A memory over-read was discovered in the keys subsystem's
encrypted key type. A local user could use this for denial of
service or possibly to read sensitive information.

CVE-2018-3639 (SSB)

Multiple researchers have discovered that Speculative Store Bypass
(SSB), a feature implemented in many processors, could be used to
read sensitive information from another context. In particular,
code in a software sandbox may be able to read sensitive
information from outside the sandbox. This issue is also known as
Spectre variant 4.

This update fixes bugs in the mitigations for SSB for AMD
processors.

CVE-2018-5848

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: linux
Version: 3.16.64-2
CVE ID: CVE-2016-10741 CVE-2017-5753 CVE-2017-13305 CVE-2018-3639
Debian Bug: 925919

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.