diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2022-07-01 00:41:43 +0200 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2022-07-01 00:45:47 +0200 |
commit | a3bb9f20a8b21e3f0293fa25132aedf0f0430252 (patch) | |
tree | 6a4a7dd74ae96d8d2d8bc7e52ff59091349b2a6b /dsa-texts/4.9.320-2 | |
parent | 5d446a83da990e8d8910fca9a1551f1225682acc (diff) |
Update advisories to note additional important changes
At the end of each advisory, note:
- The stable updates included.
- The random driver changes and their visible effects. These are
slightly different for buster as systemd moved away from using
/dev/urandom.
- Enabling of crypto implementations for 32-bit Arm, which has
some security impact.
- Other fixes for Debian bugs.
Diffstat (limited to 'dsa-texts/4.9.320-2')
-rw-r--r-- | dsa-texts/4.9.320-2 | 32 |
1 files changed, 20 insertions, 12 deletions
diff --git a/dsa-texts/4.9.320-2 b/dsa-texts/4.9.320-2 index 7169fec7..b8bfdc34 100644 --- a/dsa-texts/4.9.320-2 +++ b/dsa-texts/4.9.320-2 @@ -36,18 +36,8 @@ CVE-2018-1108 The original fix for this issue had to be reverted because it caused the boot process to hang on many systems. In this version, - the random driver has been backported from Linux 5.19 and is more - effective in gathering entropy without needing a hardware RNG. - - Some changes will be visible: - - - The entropy pool size is now 256 bits instead of 4096. You may - need to adjust the configuration of system monitoring or - user-space entropy gathering services to allow for this. - - - On systems without a hardware RNG, the kernel will log many uses - of /dev/urandom before it is fully initialised. These uses were - previously under-counted and this is not a regression. + the random driver has been updated, making it more effective in + gathering entropy without needing a hardware RNG. CVE-2021-4149 @@ -266,6 +256,24 @@ CVE-2022-33981 For Debian 9 stretch, these problems have been fixed in version 4.9.320-2. +For the 32-bit Arm (armel and armhf) architectures, this update +enables optimised implementations of several cryptographic and CRC +algorithms. For at least AES, this should remove a timing side- +channel that could lead to a leak of sensitive information. + +This update includes many more bug fixes from stable updates +4.9.304-4.9.320 inclusive. The random driver has been backported from +Linux 5.19, fixing numerous performance and correctness issues. Some +changes will be visible: + +- The entropy pool size is now 256 bits instead of 4096. You may need + to adjust the configuration of system monitoring or user-space + entropy gathering services to allow for this. + +- On systems without a hardware RNG, the kernel will log many more + uses of /dev/urandom before it is fully initialised. These uses + were previously under-counted and this is not a regression. + We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to |