Debian 3.16 Update: DLA-2068-1 Critical: Multiple Access Issues
debian lts
January 17, 2020
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak
Summary
The syzkaller tool discovered a use-after-free vulnerability in
the Android binder driver. A local user on a system with this
driver enabled could use this to cause a denial of service (memory
corruption or crash) or possibly for privilege escalation.
However, this driver is not enabled on Debian packaged kernels.
CVE-2019-10220
Various developers and researchers found that if a crafted file- system or malicious file server presented a directory with
filenames including a '/' character, this could confuse and
possibly defeat security checks in applications that read the
directory.
The kernel will now return an error when reading such a directory,
rather than passing the invalid filenames on to user-space.
CVE-2019-14895, CVE-2019-14901
ADLab of Venustech discovered potential heap buffer overflows in
the mwifiex wifi driver. On systems using this driver, a
malicious Wireless Access Point or adhoc/P2P peer could use these
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: linux
Version: 3.16.81-1
CVE ID: CVE-2019-2215 CVE-2019-10220 CVE-2019-14895 CVE-2019-14896
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!