Linux Security
    Linux Security
    Linux Security

    Debian LTS: DLA-2494-1: linux security update

    Date 18 Dec 2020
    329
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.
    -------------------------------------------------------------------------
    Debian LTS Advisory DLA-2494-1                This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/lts/security/                        Ben Hutchings
    December 18, 2020                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------
    
    Package        : linux
    Version        : 4.9.246-2
    CVE ID         : CVE-2020-0427 CVE-2020-8694 CVE-2020-14351 CVE-2020-25645 
                     CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 
                     CVE-2020-25705 CVE-2020-27673 CVE-2020-27675 CVE-2020-28974
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to the execution of arbitrary code, privilege escalation,
    denial of service or information leaks.
    
    CVE-2020-0427
    
        Elena Petrova reported a bug in the pinctrl subsystem that can
        lead to a use-after-free after a device is renamed.  The security
        impact of this is unclear.
    
    CVE-2020-8694
    
        Multiple researchers discovered that the powercap subsystem
        allowed all users to read CPU energy meters, by default.  On
        systems using Intel CPUs, this provided a side channel that could
        leak sensitive information between user processes, or from the
        kernel to user processes.  The energy meters are now readable only
        by root, by default.
    
        This issue can be mitigated by running:
    
            chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj
    
        This needs to be repeated each time the system is booted with
        an unfixed kernel version.
    
    CVE-2020-14351
    
        A race condition was discovered in the performance events
        subsystem, which could lead to a use-after-free.  A local user
        permitted to access performance events could use this to cause a
        denial of service (crash or memory corruption) or possibly for
        privilege escalation.
    
        Debian's kernel configuration does not allow unprivileged users to
        access peformance events by default, which fully mitigates this
        issue.
    
    CVE-2020-25645
    
        A flaw was discovered in the interface driver for GENEVE
        encapsulated traffic when combined with IPsec. If IPsec is
        configured to encrypt traffic for the specific UDP port used by the
        GENEVE tunnel, tunneled data isn't correctly routed over the
        encrypted link and sent unencrypted instead.
    
    CVE-2020-25656
    
        Yuan Ming and Bodong Zhao discovered a race condition in the
        virtual terminal (vt) driver that could lead to a use-after-free.
        A local user with the CAP_SYS_TTY_CONFIG capability could use this
        to cause a denial of service (crash or memory corruption) or
        possibly for privilege escalation.
    
    CVE-2020-25668
    
        Yuan Ming and Bodong Zhao discovered a race condition in the
        virtual terminal (vt) driver that could lead to a use-after-free.
        A local user with access to a virtual terminal, or with the
        CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of
        service (crash or memory corruption) or possibly for privilege
        escalation.
    
    CVE-2020-25669
    
        Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd)
        that could lead to a use-after-free.  On a system using this
        driver, a local user could use this to cause a denial of service
        (crash or memory corruption) or possibly for privilege escalation.
    
    CVE-2020-25704
    
        kiyin(尹亮) discovered a potential memory leak in the performance
        events subsystem.  A local user permitted to access performance
        events could use this to cause a denial of service (memory
        exhaustion).
    
        Debian's kernel configuration does not allow unprivileged users to
        access peformance events by default, which fully mitigates this
        issue.
    
    CVE-2020-25705
    
        Keyu Man reported that strict rate-limiting of ICMP packet
        transmission provided a side-channel that could help networked
        attackers to carry out packet spoofing.  In particular, this made
        it practical for off-path networked attackers to "poison" DNS
        caches with spoofed responses ("SAD DNS" attack).
    
        This issue has been mitigated by randomising whether packets are
        counted against the rate limit.
    
    CVE-2020-27673 / XSA-332
    
        Julien Grall from Arm discovered a bug in the Xen event handling
        code.  Where Linux was used in a Xen dom0, unprivileged (domU)
        guests could cause a denial of service (excessive CPU usage or
        hang) in dom0.
    
    CVE-2020-27675 / XSA-331
    
        Jinoh Kang of Theori discovered a race condition in the Xen event
        handling code.  Where Linux was used in a Xen dom0, unprivileged
        (domU) guests could cause a denial of service (crash) in dom0.
    
    CVE-2020-28974
    
        Yuan Ming discovered a bug in the virtual terminal (vt) driver
        that could lead to an out-of-bounds read.  A local user with
        access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG
        capability, could possibly use this to obtain sensitive
        information from the kernel or to cause a denial of service
        (crash).
    
        The specific ioctl operation affected by this bug
        (KD_FONT_OP_COPY) has been disabled, as it is not believed that
        any programs depended on it.
    
    For Debian 9 stretch, these problems have been fixed in version
    4.9.246-2.
    
    We recommend that you upgrade your linux packages.
    
    For the detailed security status of linux please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/linux
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    -- 
    Ben Hutchings - Debian developer, member of kernel, installer and LTS teams
    

    Advisories

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.