From 5d446a83da990e8d8910fca9a1551f1225682acc Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Fri, 1 Jul 2022 00:09:04 +0200 Subject: Add advisory texts for today's stretch and buster uploads --- dsa-texts/4.19.249-2 | 273 ++++++++++++++++++++++++++++++++++++++++++++++++++ dsa-texts/4.9.320-2 | 277 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 550 insertions(+) create mode 100644 dsa-texts/4.19.249-2 create mode 100644 dsa-texts/4.9.320-2 diff --git a/dsa-texts/4.19.249-2 b/dsa-texts/4.19.249-2 new file mode 100644 index 00000000..34f77df7 --- /dev/null +++ b/dsa-texts/4.19.249-2 @@ -0,0 +1,273 @@ +From: Ben Hutchings +To: debian-security-announce@lists.debian.org +Subject: [SECURITY] [DSA XXXX-1] linux security update + +------------------------------------------------------------------------- +Debian Security Advisory DSA-XXXX-1 security@debian.org +https://www.debian.org/security/ Ben Hutchings +June 30, 2022 https://www.debian.org/security/faq +------------------------------------------------------------------------- + +Package : linux +CVE ID : CVE-2021-4197 CVE-2022-0494 CVE-2022-0812 CVE-2022-0854 + CVE-2022-1011 CVE-2022-1012 CVE-2022-1016 CVE-2022-1048 + CVE-2022-1184 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 + CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1419 + CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 + CVE-2022-1974 CVE-2022-1975 CVE-2022-2153 CVE-2022-21123 + CVE-2022-21125 CVE-2022-21166 CVE-2022-23960 CVE-2022-26490 + CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 + CVE-2022-28390 CVE-2022-29581 CVE-2022-30594 CVE-2022-32250 + CVE-2022-32296 CVE-2022-32981 CVE-2022-33981 +Debian Bug : 922204 1006346 1013299 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or information +leaks. + +CVE-2021-4197 + + Eric Biederman reported that incorrect permission checks in the + cgroup process migration implementation can allow a local attacker + to escalate privileges. + +CVE-2022-0494 + + The scsi_ioctl() was susceptible to an information leak only + exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO + capabilities. + +CVE-2022-0812 + + It was discovered that the RDMA transport for NFS (xprtrdma) + miscalculated the size of message headers, which could lead to a + leak of sensitive information between NFS servers and clients. + +CVE-2022-0854 + + Ali Haider discovered a potential information leak in the DMA + subsystem. On systems where the swiotlb feature is needed, this + might allow a local user to read sensitive information. + +CVE-2022-1011 + + Jann Horn discovered a flaw in the FUSE (Filesystem in User-Space) + implementation. A local user permitted to mount FUSE filesystems + could exploit this to cause a use-after-free and read sensitive + information. + +CVE-2022-1012, CVE-2022-32296 + + Moshe Kol, Amit Klein, and Yossi Gilad discovered a weakness + in randomisation of TCP source port selection. + +CVE-2022-1016 + + David Bouman discovered a flaw in the netfilter subsystem where + the nft_do_chain function did not initialize register data that + nf_tables expressions can read from and write to. A local attacker + can take advantage of this to read sensitive information. + +CVE-2022-1048 + + Hu Jiahui discovered a race condition in the sound subsystem that + can result in a use-after-free. A local user permitted to access a + PCM sound device can take advantage of this flaw to crash the + system or potentially for privilege escalation. + +CVE-2022-1184 + + A flaw was discovered in the ext4 filesystem driver which can lead + to a use-after-free. A local user permitted to mount arbitrary + filesystems could exploit this to cause a denial of service (crash + or memory corruption) or possibly for privilege escalation. + +CVE-2022-1195 + + Lin Ma discovered race conditions in the 6pack and mkiss hamradio + drivers, which could lead to a use-after-free. A local user could + exploit these to cause a denial of service (memory corruption or + crash) or possibly for privilege escalation. + +CVE-2022-1198 + + Duoming Zhou discovered a race condition in the 6pack hamradio + driver, which could lead to a use-after-free. A local user could + exploit this to cause a denial of service (memory corruption or + crash) or possibly for privilege escalation. + +CVE-2022-1199, CVE-2022-1204, CVE-2022-1205 + + Duoming Zhou discovered race conditions in the AX.25 hamradio + protocol, which could lead to a use-after-free or null pointer + dereference. A local user could exploit this to cause a denial of + service (memory corruption or crash) or possibly for privilege + escalation. + +CVE-2022-1353 + + The TCS Robot tool found an information leak in the PF_KEY + subsystem. A local user can receive a netlink message when an + IPsec daemon registers with the kernel, and this could include + sensitive information. + +CVE-2022-1419 + + Minh Yuan discovered a race condition in the vgem virtual GPU + driver that can lead to a use-after-free. A local user permitted + to access the GPU device can exploit this to cause a denial of + service (crash or memory corruption) or possibly for privilege + escalation. + +CVE-2022-1516 + + A NULL pointer dereference flaw in the implementation of the X.25 + set of standardized network protocols, which can result in denial + of service. + + This driver is not enabled in Debian's official kernel + configurations. + +CVE-2022-1652 + + Minh Yuan discovered a race condition in the floppy driver that + can lead to a use-after-free. A local user permitted to access a + floppy drive device can exploit this to cause a denial of service + (crash or memory corruption) or possibly for privilege escalation. + +CVE-2022-1729 + + Norbert Slusarek discovered a race condition in the perf subsystem + which could result in local privilege escalation to root. The + default settings in Debian prevent exploitation unless more + permissive settings have been applied in the + kernel.perf_event_paranoid sysctl. + +CVE-2022-1734 + + Duoming Zhou discovered race conditions in the nfcmrvl NFC driver + that could lead to a use-after-free, double-free or null pointer + dereference. A local user might be able to exploit these for + denial of service (crash or memory corruption) or possibly for + privilege escalation. + + This driver is not enabled in Debian's official kernel + configurations. + +CVE-2022-1974, CVE-2022-1975 + + Duoming Zhou discovered that the NFC netlink interface was + suspectible to denial of service. + +CVE-2022-2153 + + "kangel" reported a flaw in the KVM implementation for x86 + processors which could lead to a null pointer dereference. A local + user permitted to access /dev/kvm could exploit this to cause a + denial of service (crash). + +CVE-2022-21123, CVE-2022-21125, CVE-2022-21166 + + Various researchers discovered flaws in Intel x86 processors, + collectively referred to as MMIO Stale Data vulnerabilities. + These are similar to the previously published Microarchitectural + Data Sampling (MDS) issues and could be exploited by local users + to leak sensitive information. + + For some CPUs, the mitigations for these issues require updated + microcode. An updated intel-microcode package may be provided at + a later date. The updated CPU microcode may also be available as + part of a system firmware ("BIOS") update. + + Further information on the mitigation can be found at + + or in the linux-doc-4.19 package. + +CVE-2022-23960 + + Researchers at VUSec discovered that the Branch History Buffer in + Arm processors can be exploited to create information side- + channels with speculative execution. This issue is similar to + Spectre variant 2, but requires additional mitigations on some + processors. + + This can be exploited to obtain sensitive information from a + different security context, such as from user-space to the kernel, + or from a KVM guest to the kernel. + +CVE-2022-26490 + + Buffer overflows in the STMicroelectronics ST21NFCA core driver + can result in denial of service or privilege escalation. + + This driver is not enabled in Debian's official kernel + configurations. + +CVE-2022-27666 + + "valis" reported a possible buffer overflow in the IPsec ESP + transformation code. A local user can take advantage of this flaw + to cause a denial of service or for privilege escalation. + +CVE-2022-28356 + + "Beraphin" discovered that the ANSI/IEEE 802.2 LLC type 2 driver did + not properly perform reference counting on some error paths. A + local attacker can take advantage of this flaw to cause a denial + of service. + +CVE-2022-28388 + + A double free vulnerability was discovered in the 8 devices + USB2CAN interface driver. + +CVE-2022-28389 + + A double free vulnerability was discovered in the Microchip CAN + BUS Analyzer interface driver. + +CVE-2022-28390 + + A double free vulnerability was discovered in the EMS CPC-USB/ARM7 + CAN/USB interface driver. + +CVE-2022-29581 + + Kyle Zeng discovered a reference-counting bug in the cls_u32 + network classifier which can lead to a use-after-free. A local + user can exploit this to cause a denial of service (crash or + memory corruption) or possibly for privilege escalation. + +CVE-2022-30594 + + Jann Horn discovered a flaw in the interaction between ptrace and + seccomp subsystems. A process sandboxed using seccomp() but still + permitted to use ptrace() could exploit this to remove the seccomp + restrictions. + +CVE-2022-32250 + + Aaron Adams discovered a use-after-free in Netfilter which may + result in local privilege escalation to root. + +CVE-2022-33981 + + Yuan Ming from Tsinghua University reported a a race condition in + the floppy driver involving use of the FDRAWCMD ioctl, which could + lead to a use-after-free. A local user with access to a floppy + drive device could exploit this to cause a denial of service + (crash or memory corruption) or possibly for privilege escalation. + This ioctl is now disabled by default. + +For the oldstable distribution (buster), these problems have been fixed +in version 4.19.249-2. + +We recommend that you upgrade your linux packages. + +For the detailed security status of linux please refer to +its security tracker page at: +https://security-tracker.debian.org/tracker/linux + +Further information about Debian Security Advisories, how to apply +these updates to your system and frequently asked questions can be +found at: https://www.debian.org/security/ diff --git a/dsa-texts/4.9.320-2 b/dsa-texts/4.9.320-2 new file mode 100644 index 00000000..7169fec7 --- /dev/null +++ b/dsa-texts/4.9.320-2 @@ -0,0 +1,277 @@ +From: Ben Hutchings +To: debian-lts-announce@lists.debian.org +Subject: [SECURITY] [DLA 3065-1] linux security update + +------------------------------------------------------------------------- +Debian LTS Advisory DLA-3065-1 debian-lts@lists.debian.org +https://www.debian.org/lts/security/ Ben Hutchings +June 30, 2022 https://wiki.debian.org/LTS +------------------------------------------------------------------------- + +Package : linux +Version : 4.9.320-2 +CVE ID : CVE-2018-1108 CVE-2021-4149 CVE-2021-39713 CVE-2022-0494 + CVE-2022-0812 CVE-2022-0854 CVE-2022-1011 CVE-2022-1012 + CVE-2022-1016 CVE-2022-1198 CVE-2022-1199 CVE-2022-1353 + CVE-2022-1516 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 + CVE-2022-1975 CVE-2022-2153 CVE-2022-21123 CVE-2022-21125 + CVE-2022-21166 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 + CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 + CVE-2022-23960 CVE-2022-24958 CVE-2022-26490 CVE-2022-26966 + CVE-2022-27223 CVE-2022-28356 CVE-2022-28390 CVE-2022-30594 + CVE-2022-32250 CVE-2022-32296 CVE-2022-33981 +Debian Bug : 922204 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or information +leaks. + +CVE-2018-1108 + + It was discovered that the random driver could generate random + bytes through /dev/random and the getrandom() system call before + gathering enough entropy that these would be unpredictable. This + could compromise the confidentiality and integrity of encrypted + communications. + + The original fix for this issue had to be reverted because it + caused the boot process to hang on many systems. In this version, + the random driver has been backported from Linux 5.19 and is more + effective in gathering entropy without needing a hardware RNG. + + Some changes will be visible: + + - The entropy pool size is now 256 bits instead of 4096. You may + need to adjust the configuration of system monitoring or + user-space entropy gathering services to allow for this. + + - On systems without a hardware RNG, the kernel will log many uses + of /dev/urandom before it is fully initialised. These uses were + previously under-counted and this is not a regression. + +CVE-2021-4149 + + Hao Sun reported a flaw in the Btrfs fileysstem driver. There + is a potential lock imbalance in an error path. A local user + might be able to exploit this for denial of service. + +CVE-2021-39713 + + The syzbot tool found a race condition in the network scheduling + subsystem which could lead to a use-after-free. A local user + could exploit this for denial of service (memory corruption or + crash) or possibly for privilege escalation. + +CVE-2022-0494 + + The scsi_ioctl() was susceptible to an information leak only + exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO + capabilities. + +CVE-2022-0812 + + It was discovered that the RDMA transport for NFS (xprtrdma) + miscalculated the size of message headers, which could lead to a + leak of sensitive information between NFS servers and clients. + +CVE-2022-0854 + + Ali Haider discovered a potential information leak in the DMA + subsystem. On systems where the swiotlb feature is needed, this + might allow a local user to read sensitive information. + +CVE-2022-1011 + + Jann Horn discovered a flaw in the FUSE (Filesystem in User-Space) + implementation. A local user permitted to mount FUSE filesystems + could exploit this to cause a use-after-free and read sensitive + information. + +CVE-2022-1012, CVE-2022-32296 + + Moshe Kol, Amit Klein, and Yossi Gilad discovered a weakness + in randomisation of TCP source port selection. + +CVE-2022-1016 + + David Bouman discovered a flaw in the netfilter subsystem where + the nft_do_chain function did not initialize register data that + nf_tables expressions can read from and write to. A local attacker + can take advantage of this to read sensitive information. + +CVE-2022-1198 + + Duoming Zhou discovered a race condition in the 6pack hamradio + driver, which could lead to a use-after-free. A local user could + exploit this to cause a denial of service (memory corruption or + crash) or possibly for privilege escalation. + +CVE-2022-1199 + + Duoming Zhou discovered race conditions in the AX.25 hamradio + protocol, which could lead to a use-after-free or null pointer + dereference. A local user could exploit this to cause a denial of + service (memory corruption or crash) or possibly for privilege + escalation. + +CVE-2022-1353 + + The TCS Robot tool found an information leak in the PF_KEY + subsystem. A local user can receive a netlink message when an + IPsec daemon registers with the kernel, and this could include + sensitive information. + +CVE-2022-1516 + + A NULL pointer dereference flaw in the implementation of the X.25 + set of standardized network protocols, which can result in denial + of service. + + This driver is not enabled in Debian's official kernel + configurations. + +CVE-2022-1729 + + Norbert Slusarek discovered a race condition in the perf subsystem + which could result in local privilege escalation to root. The + default settings in Debian prevent exploitation unless more + permissive settings have been applied in the + kernel.perf_event_paranoid sysctl. + +CVE-2022-1734 + + Duoming Zhou discovered race conditions in the nfcmrvl NFC driver + that could lead to a use-after-free, double-free or null pointer + dereference. A local user might be able to exploit these for + denial of service (crash or memory corruption) or possibly for + privilege escalation. + + This driver is not enabled in Debian's official kernel + configurations. + +CVE-2022-1974, CVE-2022-1975 + + Duoming Zhou discovered that the NFC netlink interface was + suspectible to denial of service. + +CVE-2022-2153 + + "kangel" reported a flaw in the KVM implementation for x86 + processors which could lead to a null pointer dereference. A local + user permitted to access /dev/kvm could exploit this to cause a + denial of service (crash). + +CVE-2022-21123, CVE-2022-21125, CVE-2022-21166 + + Various researchers discovered flaws in Intel x86 processors, + collectively referred to as MMIO Stale Data vulnerabilities. + These are similar to the previously published Microarchitectural + Data Sampling (MDS) issues and could be exploited by local users + to leak sensitive information. + + For some CPUs, the mitigations for these issues require updated + microcode. An updated intel-microcode package may be provided at + a later date. The updated CPU microcode may also be available as + part of a system firmware ("BIOS") update. + + Further information on the mitigation can be found at + + or in the linux-doc-4.9 package. + +CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, +CVE-2022-23040, CVE-2022-23041, CVE-2022-23042 (XSA-396) + + Demi Marie Obenour and Simon Gaiser of Invisible Things Lab + discovered flaws in several Xen PV device frontends. These drivers + misused the Xen grant table API in a way that could be exploited + by a malicious device backend to cause data corruption, leaks of + sensitive information, or a denial of service (crash). + +CVE-2022-23960 + + Researchers at VUSec discovered that the Branch History Buffer in + Arm processors can be exploited to create information side- + channels with speculative execution. This issue is similar to + Spectre variant 2, but requires additional mitigations on some + processors. + + This can be exploited to obtain sensitive information from a + different security context, such as from user-space to the kernel, + or from a KVM guest to the kernel. + +CVE-2022-24958 + + A flaw was discovered that the USB gadget subsystem that could + lead to a use-after-free. A local user permitted to configure USB + gadgets could exploit this to cause a denial of service (crash or + memory corruption) or possibly for privilege escalation. + +CVE-2022-26490 + + Buffer overflows in the STMicroelectronics ST21NFCA core driver + can result in denial of service or privilege escalation. + + This driver is not enabled in Debian's official kernel + configurations. + +CVE-2022-26966 + + A flaw was discovered in the sr9700 USB networking driver. A local + user able to attach a specially designed USB device could use this + to leak sensitive information. + +CVE-2022-27223 + + A flaw was discovered in the udc-xilinx USB gadget-mode controller + driver. On systems using this driver, a malicious USB host could + exploit this to cause a denial of service (crash or memory + corruption) or possibly to execute arbitrary code. + + This driver is not enabled in Debian's official kernel + configurations. + +CVE-2022-28356 + + "Beraphin" discovered that the ANSI/IEEE 802.2 LLC type 2 driver did + not properly perform reference counting on some error paths. A + local attacker can take advantage of this flaw to cause a denial + of service. + +CVE-2022-28390 + + A double free vulnerability was discovered in the EMS CPC-USB/ARM7 + CAN/USB interface driver. + +CVE-2022-30594 + + Jann Horn discovered a flaw in the interaction between ptrace and + seccomp subsystems. A process sandboxed using seccomp() but still + permitted to use ptrace() could exploit this to remove the seccomp + restrictions. + +CVE-2022-32250 + + Aaron Adams discovered a use-after-free in Netfilter which may + result in local privilege escalation to root. + +CVE-2022-33981 + + Yuan Ming from Tsinghua University reported a a race condition in + the floppy driver involving use of the FDRAWCMD ioctl, which could + lead to a use-after-free. A local user with access to a floppy + drive device could exploit this to cause a denial of service + (crash or memory corruption) or possibly for privilege escalation. + This ioctl is now disabled by default. + +For Debian 9 stretch, these problems have been fixed in version +4.9.320-2. + +We recommend that you upgrade your linux packages. + +For the detailed security status of linux please refer to +its security tracker page at: +https://security-tracker.debian.org/tracker/linux + +Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: https://wiki.debian.org/LTS -- cgit v1.2.3