Debian LTS: DLA-1919-1 Critical: Linux-4.9 Denial of Service and Escalation
debian lts
September 13, 2019
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
It was discovered that the wifi soft-MAC implementation (mac80211)
did not properly authenticate Tunneled Direct Link Setup (TDLS)
messages. A nearby attacker could use this for denial of service
(loss of wifi connectivity).
CVE-2019-9506
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen
discovered a weakness in the Bluetooth pairing protocols, dubbed
the "KNOB attack". An attacker that is nearby during pairing
could use this to weaken the encryption used between the paired
devices, and then to eavesdrop on and/or spoof communication
between them.
This update mitigates the attack by requiring a minimum encryption
key length of 56 bits.
CVE-2019-11487
Jann Horn discovered that the FUSE (Filesystem-in-Userspace)
facility could be used to cause integer overflow in page reference
counts, leading to a use-after-free. On a system with sufficient
physical memory, a local user permitted to create arbitrary FUSE
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: linux-4.9
Version: 4.9.189-3~deb8u1
CVE ID: CVE-2019-0136 CVE-2019-9506 CVE-2019-11487 CVE-2019-15211
Debian Bug: 930904
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!