Removed: linux-headers-4.19-686-pae 4.19+105+deb10u7~deb9u1 linux-headers-4.19-amd64 4.19+105+deb10u7~deb9u1 linux-headers-4.19-cloud-amd64 4.19+105+deb10u7~deb9u1 linux-image-4.19-686-pae 4.19+105+deb10u7~deb9u1 linux-image-4.19-amd64 4.19+105+deb10u7~deb9u1 linux-image-4.19-cloud-amd64 4.19+105+deb10u7~deb9u1
linux-config-4.19 4.19.152-1~deb9u1 linux-doc-4.19 4.19.152-1~deb9u1 linux-headers-4.19.0-0.bpo.12-686-pae 4.19.152-1~deb9u1 linux-headers-4.19.0-0.bpo.12-amd64 4.19.152-1~deb9u1 linux-headers-4.19.0-0.bpo.12-common 4.19.152-1~deb9u1 linux-image-4.19.0-0.bpo.12-686-pae 4.19.152-1~deb9u1 linux-image-4.19.0-0.bpo.12-amd64 4.19.152-1~deb9u1 linux-kbuild-4.19 4.19.152-1~deb9u1 linux-support-4.19.0-0.bpo.12 4.19.152-1~deb9u1 Upgraded to new release: 4.19.0-0.bpo.13 So new extra modules compiled. On Thu, Dec 10, 2020 at 12:11:34PM +0100, Ben Hutchings wrote: > ------------------------------------------------------------------------- > Debian LTS Advisory DLA-2483-1 debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Ben Hutchings > December 05, 2020 https://wiki.debian.org/LTS > ------------------------------------------------------------------------- > > Package : linux-4.19 > Version : 4.19.160-2~deb9u1 > CVE ID : CVE-2019-19039 CVE-2019-19377 CVE-2019-19770 CVE-2019-19816 > CVE-2020-0423 CVE-2020-8694 CVE-2020-14351 CVE-2020-25656 > CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705 > CVE-2020-27673 CVE-2020-27675 CVE-2020-28941 CVE-2020-28974 > Debian Bug : 949863 968623 971058 > > Several vulnerabilities have been discovered in the Linux kernel that > may lead to the execution of arbitrary code, privilege escalation, > denial of service or information leaks. > > CVE-2019-19039 > > "Team bobfuzzer" reported a bug in Btrfs that could lead to an > assertion failure (WARN). A user permitted to mount and access > arbitrary filesystems could use this to cause a denial of service > (crash) if the panic_on_warn kernel parameter is set. > > CVE-2019-19377 > > "Team bobfuzzer" reported a bug in Btrfs that could lead to a > use-after-free. A user permitted to mount and access arbitrary > filesystems could use this to cause a denial of service (crash or > memory corruption) or possibly for privilege escalation. > > CVE-2019-19770 > > The syzbot tool discovered a race condition in the block I/O > tracer (blktrace) that could lead to a system crash. Since > blktrace can only be controlled by privileged users, the security > impact of this is unclear. > > CVE-2019-19816 > > "Team bobfuzzer" reported a bug in Btrfs that could lead to an > out-of-bounds write. A user permitted to mount and access > arbitrary filesystems could use this to cause a denial of service > (crash or memory corruption) or possibly for privilege escalation. > > CVE-2020-0423 > > A race condition was discovered in the Android binder driver, that > could result in a use-after-free. On systems using this driver, a > local user could use this to cause a denial of service (crash or > memory corruption) or possibly for privilege escalation. > > CVE-2020-8694 > > Multiple researchers discovered that the powercap subsystem > allowed all users to read CPU energy meters, by default. On > systems using Intel CPUs, this provided a side channel that could > leak sensitive information between user processes, or from the > kernel to user processes. The energy meters are now readable only > by root, by default. > > This issue can be mitigated by running: > > chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj > > This needs to be repeated each time the system is booted with > an unfixed kernel version. > > CVE-2020-14351 > > A race condition was discovered in the performance events > subsystem, which could lead to a use-after-free. A local user > permitted to access performance events could use this to cause a > denial of service (crash or memory corruption) or possibly for > privilege escalation. > > Debian's kernel configuration does not allow unprivileged users to > access peformance events by default, which fully mitigates this > issue. > > CVE-2020-25656 > > Yuan Ming and Bodong Zhao discovered a race condition in the > virtual terminal (vt) driver that could lead to a use-after-free. > A local user with the CAP_SYS_TTY_CONFIG capability could use this > to cause a denial of service (crash or memory corruption) or > possibly for privilege escalation. > > CVE-2020-25668 > > Yuan Ming and Bodong Zhao discovered a race condition in the > virtual terminal (vt) driver that could lead to a use-after-free. > A local user with access to a virtual terminal, or with the > CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of > service (crash or memory corruption) or possibly for privilege > escalation. > > CVE-2020-25669 > > Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd) > that could lead to a use-after-free. On a system using this > driver, a local user could use this to cause a denial of service > (crash or memory corruption) or possibly for privilege escalation. > > CVE-2020-25704 > > kiyin(尹亮) discovered a potential memory leak in the performance > events subsystem. A local user permitted to access performance > events could use this to cause a denial of service (memory > exhaustion). > > Debian's kernel configuration does not allow unprivileged users to > access peformance events by default, which fully mitigates this > issue. > > CVE-2020-25705 > > Keyu Man reported that strict rate-limiting of ICMP packet > transmission provided a side-channel that could help networked > attackers to carry out packet spoofing. In particular, this made > it practical for off-path networked attackers to "poison" DNS > caches with spoofed responses ("SAD DNS" attack). > > This issue has been mitigated by randomising whether packets are > counted against the rate limit. > > CVE-2020-27673 / XSA-332 > > Julien Grall from Arm discovered a bug in the Xen event handling > code. Where Linux was used in a Xen dom0, unprivileged (domU) > guests could cause a denial of service (excessive CPU usage or > hang) in dom0. > > CVE-2020-27675 / XSA-331 > > Jinoh Kang of Theori discovered a race condition in the Xen event > handling code. Where Linux was used in a Xen dom0, unprivileged > (domU) guests could cause a denial of service (crash) in dom0. > > CVE-2020-28941 > > Shisong Qin and Bodong Zhao discovered a bug in the Speakup screen > reader subsystem. Speakup assumed that it would only be bound to > one terminal (tty) device at a time, but did not enforce this. A > local user could exploit this bug to cause a denial of service > (crash or memory exhaustion). > > CVE-2020-28974 > > Yuan Ming discovered a bug in the virtual terminal (vt) driver > that could lead to an out-of-bounds read. A local user with > access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG > capability, could possibly use this to obtain sensitive > information from the kernel or to cause a denial of service > (crash). > > The specific ioctl operation affected by this bug > (KD_FONT_OP_COPY) has been disabled, as it is not believed that > any programs depended on it. > > For Debian 9 stretch, these problems have been fixed in version > 4.19.160-2~deb9u1. > > We recommend that you upgrade your linux-4.19 packages.
