Bug#928989: linux-image-4.19.0-4-amd64: CVE-2019-11815

Tue, 14 May 2019 11:39:37 -0700 

Package: src:linux
Version: 4.19.28-2
Severity: grave
Tags: security
Justification: user security hole

Dear Maintainer,

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux 
kernel before 5.0.8. 
There is a race condition leading to a use-after-free, related to net namespace 
cleanup.

the security-tracker is tracking this issue but there does not seem to be a bug 
report for it

https://security-tracker.debian.org/tracker/CVE-2019-11815

Fixed by: https://git.kernel.org/linus/cb66ddd156203daefb8d71158036b27b0e2caf63

currently affects: buster/testing, stable
currently does not affect: sid


-- Package-specific info:
** Version:
Linux version 4.19.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version 
8.3.0 (Debian 8.3.0-2)) #1 SMP Debian 4.19.28-2 (2019-03-15)

** Command line:
BOOT_IMAGE=/boot/vmlinuz-4.19.0-4-amd64 
root=UUID=6fa86bad-c261-44db-8fc0-f7bd76dc2be3 ro quiet

** Not tainted

** Kernel log:
Unable to read kernel log; any relevant messages should be attached

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-image-4.19.0-4-amd64 depends on:
ii  initramfs-tools [linux-initramfs-tool]  0.133
ii  kmod                                    26-1
ii  linux-base                              4.5

Versions of packages linux-image-4.19.0-4-amd64 recommends:
ii  apparmor             2.13.2-10
ii  firmware-linux-free  3.4
ii  irqbalance           1.5.0-3

Versions of packages linux-image-4.19.0-4-amd64 suggests:
ii  debian-kernel-handbook  1.0.19
ii  grub-pc                 2.02+dfsg1-16
pn  linux-doc-4.19          <none>

Versions of packages linux-image-4.19.0-4-amd64 is related to:
pn  firmware-amd-graphics     <none>
pn  firmware-atheros          <none>
pn  firmware-bnx2             <none>
pn  firmware-bnx2x            <none>
pn  firmware-brcm80211        <none>
pn  firmware-cavium           <none>
pn  firmware-intel-sound      <none>
pn  firmware-intelwimax       <none>
pn  firmware-ipw2x00          <none>
pn  firmware-ivtv             <none>
pn  firmware-iwlwifi          <none>
pn  firmware-libertas         <none>
pn  firmware-linux-nonfree    <none>
pn  firmware-misc-nonfree     <none>
pn  firmware-myricom          <none>
pn  firmware-netxen           <none>
pn  firmware-qlogic           <none>
pn  firmware-realtek          <none>
pn  firmware-samsung          <none>
pn  firmware-siano            <none>
pn  firmware-ti-connectivity  <none>
pn  xen-hypervisor            <none>

-- debconf-show failed

Reply via email to