diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2020-08-12 18:32:51 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2020-08-12 18:32:51 +0100 |
commit | 9db458c1dae9942c673cc29fb111342b63a605b3 (patch) | |
tree | 3ab045ab6fdd7c530d78236c16c23b0a5cd8eaf9 | |
parent | 282d85002083f627def2520a6ec3d5b5de3de543 (diff) |
Add DLAs for firmware and kernel backports
These cover the backported packages firmware-nonfree, linux-4.9, and
linux-latest-4.19.
-rw-r--r-- | english/lts/security/2020/dla-2321.data | 9 | ||||
-rw-r--r-- | english/lts/security/2020/dla-2321.wml | 19 | ||||
-rw-r--r-- | english/lts/security/2020/dla-2323.data | 10 | ||||
-rw-r--r-- | english/lts/security/2020/dla-2323.wml | 112 | ||||
-rw-r--r-- | english/lts/security/2020/dla-2324.data | 9 | ||||
-rw-r--r-- | english/lts/security/2020/dla-2324.wml | 40 |
6 files changed, 199 insertions, 0 deletions
diff --git a/english/lts/security/2020/dla-2321.data b/english/lts/security/2020/dla-2321.data new file mode 100644 index 00000000000..9de5ff2cd77 --- /dev/null +++ b/english/lts/security/2020/dla-2321.data @@ -0,0 +1,9 @@ +<define-tag pagetitle>DLA-2321-1 firmware-nonfree</define-tag> +<define-tag report_date>2020-08-11</define-tag> +<define-tag packages>firmware-nonfree</define-tag> +<define-tag isvulnerable>no</define-tag> +<define-tag fixed>no</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + diff --git a/english/lts/security/2020/dla-2321.wml b/english/lts/security/2020/dla-2321.wml new file mode 100644 index 00000000000..ccaab75ae3b --- /dev/null +++ b/english/lts/security/2020/dla-2321.wml @@ -0,0 +1,19 @@ +<define-tag description>LTS new upstream version</define-tag> +<define-tag moreinfo> +<p>The firmware-nonfree package has been updated to include additional +firmware that may be requested by some drivers in Linux 4.19.</p> + +<p>Along with additional kernel packages that will be announced later, +this will provide a supported upgrade path for systems that currently +use kernel and firmware packages from the "stretch-backports" suite.</p> + +<p>This update is not known to fix any security issues.</p> + +<p>Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/lts/security/2020/dla-2321.data" +# $Id: $ diff --git a/english/lts/security/2020/dla-2323.data b/english/lts/security/2020/dla-2323.data new file mode 100644 index 00000000000..6da3e564bd9 --- /dev/null +++ b/english/lts/security/2020/dla-2323.data @@ -0,0 +1,10 @@ +<define-tag pagetitle>DLA-2323-1 linux-4.19</define-tag> +<define-tag report_date>2020-08-12</define-tag> +<define-tag secrefs>CVE-2019-18814 CVE-2019-18885 CVE-2019-20810 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-12655 CVE-2020-12771 CVE-2020-13974 CVE-2020-15393 Bug#958300 Bug#960493 Bug#962254 Bug#963493 Bug#964153 Bug#964480 Bug#965365</define-tag> +<define-tag packages>linux-4.19</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + diff --git a/english/lts/security/2020/dla-2323.wml b/english/lts/security/2020/dla-2323.wml new file mode 100644 index 00000000000..56346fd4c70 --- /dev/null +++ b/english/lts/security/2020/dla-2323.wml @@ -0,0 +1,112 @@ +<define-tag description>LTS new package</define-tag> +<define-tag moreinfo> +<p>Linux 4.19 has been packaged for Debian 9 as linux-4.19. This +provides a supported upgrade path for systems that currently use +kernel packages from the "stretch-backports" suite.</p> + +<p>There is no need to upgrade systems using Linux 4.9, as that kernel +version will also continue to be supported in the LTS period.</p> + +<p>This backport does not include the following binary packages:</p> + +<blockquote>hyperv-daemons libbpf-dev libbpf4.19 libcpupower-dev libcpupower1 +liblockdep-dev liblockdep4.19 linux-compiler-gcc-6-arm +linux-compiler-gcc-6-x86 linux-cpupower linux-libc-dev lockdep +usbip</blockquote> + +<p>Older versions of most of those are built from the linux source +package in Debian 9.</p> + +<p>The kernel images and modules will not be signed for use on systems +with Secure Boot enabled, as there is no support for this in Debian 9.</p> + +<p>Several vulnerabilities have been discovered in the Linux kernel that +may lead to a denial of service or information leak.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-18814">CVE-2019-18814</a> + + <p>Navid Emamdoost reported a potential use-after-free in the + AppArmor security module, in the case that audit rule + initialisation fails. The security impact of this is unclear.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-18885">CVE-2019-18885</a> + + <p>The <q>bobfuzzer</q> team discovered that crafted Btrfs volumes could + trigger a crash (oops). An attacker able to mount such a volume + could use this to cause a denial of service.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-20810">CVE-2019-20810</a> + + <p>A potential memory leak was discovered in the go7007 media driver. + The security impact of this is unclear.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-10766">CVE-2020-10766</a> + + <p>Anthony Steinhauser reported a flaw in the mitigation for + Speculative Store Bypass (<a href="https://security-tracker.debian.org/tracker/CVE-2018-3639">CVE-2018-3639</a>) on x86 CPUs. A local + user could use this to temporarily disable SSB mitigation in other + users' tasks. If those other tasks run sandboxed code, this would + allow that code to read sensitive information in the same process + but outside the sandbox.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-10767">CVE-2020-10767</a> + + <p>Anthony Steinhauser reported a flaw in the mitigation for Spectre + variant 2 (<a href="https://security-tracker.debian.org/tracker/CVE-2017-5715">CVE-2017-5715</a>) on x86 CPUs. Depending on which other + mitigations the CPU supports, the kernel might not use IBPB to + mitigate Spectre variant 2 in user-space. A local user could use + this to read sensitive information from other users' processes.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-10768">CVE-2020-10768</a> + + <p>Anthony Steinhauser reported a flaw in the mitigation for Spectre + variant 2 (<a href="https://security-tracker.debian.org/tracker/CVE-2017-5715">CVE-2017-5715</a>) on x86 CPUs. After a task force disabled indirect branch speculation through prctl(), it could + still re-enable it later, so it was not possible to override a + program that explicitly enabled it.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-12655">CVE-2020-12655</a> + + <p>Zheng Bin reported that crafted XFS volumes could trigger a system + hang. An attacker able to mount such a volume could use this to + cause a denial of service.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-12771">CVE-2020-12771</a> + + <p>Zhiqiang Liu reported a bug in the bcache block driver that could + lead to a system hang. The security impact of this is unclear.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-13974">CVE-2020-13974</a> + + <p>Kyungtae Kim reported a potential integer overflow in the vt + (virtual terminal) driver. The security impact of this is + unclear.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-15393">CVE-2020-15393</a> + + <p>Kyungtae Kim reported a memory leak in the usbtest driver. The + security impact of this is unclear.</p></li> + +</ul> + +<p>For Debian 9 <q>Stretch</q>, these problems have been fixed in version +4.19.132-1~deb9u1. This update additionally fixes Debian bugs +<a href="https://bugs.debian.org/958300">#958300</a>, <a href="https://bugs.debian.org/960493">#960493</a>, <a href="https://bugs.debian.org/962254">#962254</a>, <a href="https://bugs.debian.org/963493">#963493</a>, <a href="https://bugs.debian.org/964153">#964153</a>, <a href="https://bugs.debian.org/964480">#964480</a>, and <a href="https://bugs.debian.org/965365">#965365</a>; and +includes many more bug fixes from stable updates 4.19.119-4.19.132 +inclusive.</p> + +<p>We recommend that you upgrade your linux-4.19 packages.</p> + +<p>For the detailed security status of linux-4.19 please refer to +its security tracker page at: +<a href="https://security-tracker.debian.org/tracker/linux-4.19">https://security-tracker.debian.org/tracker/linux-4.19</a></p> + +<p>Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/lts/security/2020/dla-2323.data" +# $Id: $ diff --git a/english/lts/security/2020/dla-2324.data b/english/lts/security/2020/dla-2324.data new file mode 100644 index 00000000000..34f84cc3be2 --- /dev/null +++ b/english/lts/security/2020/dla-2324.data @@ -0,0 +1,9 @@ +<define-tag pagetitle>DLA-2324-1 linux-latest-4.19</define-tag> +<define-tag report_date>2020-08-12</define-tag> +<define-tag packages>linux-latest-4.19</define-tag> +<define-tag isvulnerable>no</define-tag> +<define-tag fixed>no</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + diff --git a/english/lts/security/2020/dla-2324.wml b/english/lts/security/2020/dla-2324.wml new file mode 100644 index 00000000000..466089d339e --- /dev/null +++ b/english/lts/security/2020/dla-2324.wml @@ -0,0 +1,40 @@ +<define-tag description>LTS new package</define-tag> +<define-tag moreinfo> +<p>Linux 4.19 has been packaged for Debian 9 as linux-4.19. This +provides a supported upgrade path for systems that currently use +kernel packages from the "stretch-backports" suite.</p> + +<p>However, "apt full-upgrade" will *not* automatically install the +updated kernel packages. You should explicitly install one of the +following metapackages first, as appropriate for your system:</p> + +<ul> + <li>linux-image-4.19-686</li> + <li>linux-image-4.19-686-pae</li> + <li>linux-image-4.19-amd64</li> + <li>linux-image-4.19-arm64</li> + <li>linux-image-4.19-armmp</li> + <li>linux-image-4.19-armmp-lpae</li> + <li>linux-image-4.19-cloud-amd64</li> + <li>linux-image-4.19-marvell</li> + <li>linux-image-4.19-rpi</li> + <li>linux-image-4.19-rt-686-pae</li> + <li>linux-image-4.19-rt-amd64</li> + <li>linux-image-4.19-rt-arm64</li> + <li>linux-image-4.19-rt-armmp</li> +</ul> + +<p>For example, if the command "uname -r" currently shows +"4.19.0-0.bpo.9-amd64", you should install linux-image-4.19-amd64.</p> + +<p>There is no need to upgrade systems using Linux 4.9, as that kernel +version will also continue to be supported in the LTS period.</p> + +<p>Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/lts/security/2020/dla-2324.data" +# $Id: $ |