Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Debian LTS DLA-1799-1 Critical: Linux Kernel Security Update

debian lts
Calendar Grey May 28, 2019
Dist Debian Esm H88
Debian's latest Linux kernel patches tackle a range of vulnerabilities, notably those involving potential privilege escalation and denial of service risks.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks

Summary

ADLab of VenusTech discovered that the kernel logged the virtual
addresses assigned to per-CPU data, which could make it easier to
exploit other vulnerabilities.

CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

Multiple researchers have discovered vulnerabilities in the way
that Intel processor designs implement speculative forwarding of
data filled into temporary microarchitectural structures
(buffers). This flaw could allow an attacker controlling an
unprivileged process to read sensitive information, including from
the kernel and all other processes running on the system, or
across guest/host boundaries to read host memory.

See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html
for more details.

To fully resolve these vulnerabilities it is also necessary to
install updated CPU microcode. An updated intel-microcode package
(only available in Debian non-free) was provided via DLA-1789-1.

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: linux
Version: 3.16.68-1
CVE ID: CVE-2018-5995 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130
Debian Bug: 927781

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.