Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.0854 linux-4.9 security update 18 March 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: linux-4.9 Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Denial of Service -- Remote/Unauthenticated Access Privileged Data -- Existing Account Increased Privileges -- Existing Account Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2018-19407 CVE-2018-18710 CVE-2018-18690 CVE-2018-18281 CVE-2018-17972 CVE-2018-16862 CVE-2018-15471 CVE-2018-14616 CVE-2018-14614 CVE-2018-14613 CVE-2018-14612 CVE-2018-14611 CVE-2018-14610 CVE-2018-13406 CVE-2018-13100 CVE-2018-13097 CVE-2018-13096 CVE-2018-13053 CVE-2018-12896 CVE-2018-6554 CVE-2018-5848 CVE-2018-5391 CVE-2018-3639 CVE-2018-1129 CVE-2018-1128 CVE-2017-18249 Reference: ESB-2019.0675 ESB-2018.2097 ESB-2018.1608 ESB-2018.1553 ESB-2018.1549 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html - --------------------------BEGIN INCLUDED TEXT-------------------- Package : linux-4.9 Version : 4.9.144-3.1~deb8u1 CVE ID : CVE-2017-18249 CVE-2018-1128 CVE-2018-1129 CVE-2018-3639 CVE-2018-5391 CVE-2018-5848 CVE-2018-6554 CVE-2018-12896 CVE-2018-13053 CVE-2018-13096 CVE-2018-13097 CVE-2018-13100 CVE-2018-13406 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612 CVE-2018-14613 CVE-2018-14614 CVE-2018-14616 CVE-2018-15471 CVE-2018-16862 CVE-2018-17972 CVE-2018-18281 CVE-2018-18690 CVE-2018-18710 CVE-2018-19407 Debian Bug : 890034 896911 907581 915229 915231 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18249 A race condition was discovered in the disk space allocator of F2FS. A user with access to an F2FS volume could use this to cause a denial of service or other security impact. CVE-2018-1128, CVE-2018-1129 The cephx authentication protocol used by Ceph was susceptible to replay attacks, and calculated signatures incorrectly. These vulnerabilities in the server required changes to authentication that are incompatible with existing clients. The kernel's client code has now been updated to be compatible with the fixed server. CVE-2018-3639 (SSB) Multiple researchers have discovered that Speculative Store Bypass (SSB), a feature implemented in many processors, could be used to read sensitive information from another context. In particular, code in a software sandbox may be able to read sensitive information from outside the sandbox. This issue is also known as Spectre variant 4. This update adds a further mitigation for this issue in the eBPF (Extended Berkeley Packet Filter) implementation. CVE-2018-5391 (FragmentSmack) Juha-Matti Tilli discovered a flaw in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can take advantage of this flaw to trigger time and calculation expensive fragment reassembly algorithms by sending specially crafted packets, leading to remote denial of service. This was previously mitigated by reducing the default limits on memory usage for incomplete fragmented packets. This update replaces that mitigation with a more complete fix. CVE-2018-5848 The wil6210 wifi driver did not properly validate lengths in scan and connection requests, leading to a possible buffer overflow. On systems using this driver, a local user with the CAP_NET_ADMIN capability could use this for denial of service (memory corruption or crash) or potentially for privilege escalation. CVE-2018-12896, CVE-2018-13053 Team OWL337 reported possible integer overflows in the POSIX timer implementation. These might have some security impact. CVE-2018-13096, CVE-2018-13097, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616 Wen Xu from SSLab at Gatech reported that crafted F2FS volumes could trigger a crash (BUG, Oops, or division by zero) and/or out-of-bounds memory access. An attacker able to mount such a volume could use this to cause a denial of service or possibly for privilege escalation. CVE-2018-13406 Dr Silvio Cesare of InfoSect reported a potential integer overflow in the uvesafb driver. A user with permission to access such a device might be able to use this for denial of service or privilege escalation. CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613 Wen Xu from SSLab at Gatech reported that crafted Btrfs volumes could trigger a crash (Oops) and/or out-of-bounds memory access. An attacker able to mount such a volume could use this to cause a denial of service or possibly for privilege escalation. CVE-2018-15471 ((XSA-270) Felix Wilhelm of Google Project Zero discovered a flaw in the hash handling of the xen-netback Linux kernel module. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in privilege escalation, denial of service, or information leaks. https://xenbits.xen.org/xsa/advisory-270.html CVE-2018-16862 Vasily Averin and Pavel Tikhomirov from Virtuozzo Kernel Team discovered that the cleancache memory management feature did not invalidate cached data for deleted files. On Xen guests using the tmem driver, local users could potentially read data from other users' deleted files if they were able to create new files on the same volume. CVE-2018-17972 Jann Horn reported that the /proc/*/stack files in procfs leaked sensitive data from the kernel. These files are now only readable by users with the CAP_SYS_ADMIN capability (usually only root) CVE-2018-18281 Jann Horn reported a race condition in the virtual memory manager that can result in a process briefly having access to memory after it is freed and reallocated. A local user could possibly exploit this for denial of service (memory corruption) or for privilege escalation. CVE-2018-18690 Kanda Motohiro reported that XFS did not correctly handle some xattr (extended attribute) writes that require changing the disk format of the xattr. A user with access to an XFS volume could use this for denial of service. CVE-2018-18710 It was discovered that the cdrom driver does not correctly validate the parameter to the CDROM_SELECT_DISC ioctl. A user with access to a cdrom device could use this to read sensitive information from the kernel or to cause a denial of service (crash). CVE-2018-19407 Wei Wu reported a potential crash (Oops) in the KVM implementation for x86 processors. A user with access to /dev/kvm could use this for denial of service. For Debian 8 "Jessie", these problems have been fixed in version 4.9.144-3.1~deb8u1. This version also includes fixes for Debian bugs #890034, #896911, #907581, #915229, and #915231; and other fixes included in upstream stable updates. We recommend that you upgrade your linux-4.9 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Ben Hutchings - Debian developer, member of kernel, installer and LTS teams - -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlyMKvsACgkQ57/I7JWG EQk9PhAAlPyVHNup08GJjrEmCw6OOgY9RZGrf3Y/ZY9l++ZhDDGZ3GFFbsxTEm+Q uNzF4c58lNj3owQlzHkVrEDI0sm09M+5o10j5ACjk//e1wcFWZS1R13CI8Zpml+6 OmJc+UiSYPv8Tq38IP7gHSmx96o+1q8XtnJOe+tcsSLQIYXQiMk771R+IBTtzuEw wNGGHW7Nx0glQDVhGX0ZKPQhDMUA61D80tlk64QZePJX60hQ5ocTxCMYRTTEc+Lu u6iOGXKaBPlE3vc5WZ2g/B9uArP/zyiRlEN3yRIKJip4/X1hAUjpnZdaeSiI/9/U 3oMFcgvuq6Qs18rZtYB69dGlmI5CI/kqHN3OhMEfoIiSGNsrrqlNzg1HZ71xpo2v N4S3SYxwNvA4HqqFK8MJtiXjCzihs00e23308h4EMStjOVyU1uyj4v4I9UJ1d+Jq oa43rNRL3C7Lzb/x42dZPtQDNEzuzz9HZhsyIKbsCQRh6bLM3WcXUH6JQvKicsWY cxn9ddwiEWZGC6g+xfkZBNkW7lG/yCViGY13xP6GO7gUNHUlSf3NXfpWMgXgfsb+ 7v5pQC8U1OomRqMH0a6u9QAhmDsn/LrAPZIQwKUOaznMcWuIu5xlTuq+IrS/nh/N yertv/NS8s6wHTpnSeOUj4O0dYAzm7iCicJwwsazv/ZQkKwiY8E= =bEg1 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXI8MmWaOgq3Tt24GAQjFYQ/9EUG8olRU6APet3S1Xh4K6sT8NX7rCID9 xD1CE4C072LseOdEYQ/oBQtojC0n6gDbrgxRsAK1ZMpE+ICSlmvikO0gzUc3HQcN rPQY8mtPKhLDlTlbLO7cSSLUpm/087toYvTGWyzcqQ/R+1LJGl8vhcPZfOZ6RV5K 8qM0Nn4bie9qyrhnjzvFjmlL3cF2dsL2K3yfjeL9wt8F6JxxapP5v8pkhujxCmdQ tBzy2z6PcD8ldohuI2Y9GxcxZ+f5iR6nILkvwZlDPU8+LGNZmAuwZQ0nltXArR9p Jgb3ZkIHuFH2S3gsU3ojJN30mx37LXjXgNIlApwk+MCIFSXWLCo2ssms+ymxD05U +HgDrv1hSuYPL6LKN5BoKICqJUqx+K2usD1SSWq5IHB8PJjTKmMSpY/5ibO33vaR pfLGOkdWlSbSy+V+Xs4A1ku63AyYUIrfCByxJHOC9204M8D/TrN25crEt8Hpp/bN g5utQRV9k0lb6Q3TWU60/knU9n+qYz+AvT3Yq/3ga7hUS062CgXAwr4Y0kIoOcXu GlhrB5u0b/vGrOjjiqgc4HPQs9IFYBhj16b8FTKAW89DqYJF0EhskjdlbtXa0X7l Sk8dZWp/EfIYzazq81GIw/BWnh5NkD7Ijomx63bkzyfBHM7C/mtkEGwmbiwzpfZg tBYZP/3BmFI= =58y7 -----END PGP SIGNATURE-----