Debian LTS: DLA-1799-2: linux security update

    Date28 May 2019
    CategoryDebian LTS
    852
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
    Package        : linux
    Version        : 3.16.68-1
    CVE ID         : CVE-2018-5995 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130
                     CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3882
                     CVE-2019-3901 CVE-2019-6133 CVE-2019-9503 CVE-2019-11091
                     CVE-2019-11190 CVE-2019-11486 CVE-2019-11599
    Debian Bug     : 927781
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.
    
    This updated advisory text adds a note about the need to install new
    binary packages.
    
    CVE-2018-5995
    
        ADLab of VenusTech discovered that the kernel logged the virtual
        addresses assigned to per-CPU data, which could make it easier to
        exploit other vulnerabilities.
    
    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
    
        Multiple researchers have discovered vulnerabilities in the way
        that Intel processor designs implement speculative forwarding of
        data filled into temporary microarchitectural structures
        (buffers).  This flaw could allow an attacker controlling an
        unprivileged process to read sensitive information, including from
        the kernel and all other processes running on the system, or
        across guest/host boundaries to read host memory.
    
        See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html
        for more details.
    
        To fully resolve these vulnerabilities it is also necessary to
        install updated CPU microcode.  An updated intel-microcode package
        (only available in Debian non-free) was provided via DLA-1789-1.
        The updated CPU microcode may also be available as part of a
        system firmware ("BIOS") update.
    
    CVE-2019-2024
    
        A use-after-free bug was discovered in the em28xx video capture
        driver.  Local users might be able to use this for denial of
        service (memory corruption or crash) or possibly for privilege
        escalation.
    
    CVE-2019-3459, CVE-2019-3460
    
        Shlomi Oberman, Yuli Shapiro, and Karamba Security Ltd. research
        team discovered missing range checks in the Bluetooth L2CAP
        implementation.  If Bluetooth is enabled, a nearby attacker
        could use these to read sensitive information from the kernel.
    
    CVE-2019-3882
    
        It was found that the vfio implementation did not limit the number
        of DMA mappings to device memory.  A local user granted ownership
        of a vfio device could use this to cause a denial of service
        (out-of-memory condition).
    
    CVE-2019-3901
    
        Jann Horn of Google reported a race condition that would allow a
        local user to read performance events from a task after it
        executes a setuid program.  This could leak sensitive information
        processed by setuid programs.  Debian's kernel configuration does
        not allow unprivileged users to access peformance events by
        default, which fully mitigates this issue.
    
    CVE-2019-6133
    
        Jann Horn of Google found that Policykit's authentication check
        could be bypassed by a local user creating a process with the same
        start time and process ID as an older authenticated process.
        PolicyKit was already updated to fix this in DLA-1644-1.  The
        kernel has additionally been updated to avoid a delay between
        assigning start time and process ID, which should make the attack
        impractical.
    
    CVE-2019-9503
    
        Hugues Anguelkov and others at Quarkslab discovered that the
        brcmfmac (Broadcom wifi FullMAC) driver did not correctly
        distinguish messages sent by the wifi firmware from other packets.
        An attacker using the same wifi network could use this for denial
        of service or to exploit other vulnerabilities in the driver.
    
    CVE-2019-11190
    
        Robert Święcki reported that when a setuid program was executed it
        was still possible to read performance events while the kernel set
        up the program's address space.  A local user could use this to
        defeat ASLR in a setuid program, making it easier to exploit other
        vulnerabilities in the program.  Debian's kernel configuration
        does not allow unprivileged users to access peformance events by
        default, which fully mitigates this issue.
    
    CVE-2019-11486
    
        Jann Horn of Google reported numerous race conditions in the
        Siemens R3964 line discipline.  A local user could use these to
        cause unspecified security impact.  This module has therefore been
        disabled.
    
    CVE-2019-11599
    
        Jann Horn of Google reported a race condition in the core dump
        implementation which could lead to a use-after-free.  A local
        user could use this to read sensitive information, to cause a
        denial of service (memory corruption), or for privilege
        escalation.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    3.16.68-1.  This version also includes a fix for Debian bug #927781,
    and other fixes included in upstream stable updates.
    
    We recommend that you upgrade your linux and linux-latest
    packages.  You will need to use "apt-get upgrade --with-new-pkgs"
    or "apt upgrade" as the binary package names have changed.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    -- 
    Ben Hutchings - Debian developer, member of kernel, installer and LTS teams
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":56.1,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.2,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":31.71,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.