Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Debian: DLA-1885-1 Moderate: Linux 4.9 Security Update Details

debian lts
Calendar Grey August 14, 2019
Dist Debian Esm H88
Package : linux-4.9 Version : 4.9.168-1+deb9u5~deb8u1 CVE ID : CVE-2017-18509 CVE-2018-5995 CVE-2018
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks

Summary

Denis Andzakovic reported a missing type check in the IPv4 multicast
routing implementation. A user with the CAP_NET_ADMIN capability (in
any user namespace) could use this for denial-of-service (memory
corruption or crash) or possibly for privilege escalation.

CVE-2018-5995

ADLab of VenusTech discovered that the kernel logged the virtual
addresses assigned to per-CPU data, which could make it easier to
exploit other vulnerabilities.

CVE-2018-20836

chenxiang reported a race condition in libsas, the kernel
subsystem supporting Serial Attached SCSI (SAS) devices, which
could lead to a use-after-free. It is not clear how this might be
exploited.

CVE-2018-20856

Xiao Jin reported a potential double-free in the block subsystem,
in case an error occurs while initialising the I/O scheduler for a
block device. It is not clear how this might be exploited.

CVE-2019-1125

It was discovered that most x86 processors could speculatively

Read the Full Advisory


<pre><font face="Courier">Package: linux-4.9
Version: 4.9.168-1+deb9u5~deb8u1
CVE ID: CVE-2017-18509 CVE-2018-5995 CVE-2018-20836 CVE-2018-20856

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.