diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2020-08-12 18:32:51 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2020-08-12 18:32:51 +0100 |
commit | 9db458c1dae9942c673cc29fb111342b63a605b3 (patch) | |
tree | 3ab045ab6fdd7c530d78236c16c23b0a5cd8eaf9 /english/lts/security/2020/dla-2323.wml | |
parent | 282d85002083f627def2520a6ec3d5b5de3de543 (diff) |
Add DLAs for firmware and kernel backports
These cover the backported packages firmware-nonfree, linux-4.9, and
linux-latest-4.19.
Diffstat (limited to 'english/lts/security/2020/dla-2323.wml')
-rw-r--r-- | english/lts/security/2020/dla-2323.wml | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/english/lts/security/2020/dla-2323.wml b/english/lts/security/2020/dla-2323.wml new file mode 100644 index 00000000000..56346fd4c70 --- /dev/null +++ b/english/lts/security/2020/dla-2323.wml @@ -0,0 +1,112 @@ +<define-tag description>LTS new package</define-tag> +<define-tag moreinfo> +<p>Linux 4.19 has been packaged for Debian 9 as linux-4.19. This +provides a supported upgrade path for systems that currently use +kernel packages from the "stretch-backports" suite.</p> + +<p>There is no need to upgrade systems using Linux 4.9, as that kernel +version will also continue to be supported in the LTS period.</p> + +<p>This backport does not include the following binary packages:</p> + +<blockquote>hyperv-daemons libbpf-dev libbpf4.19 libcpupower-dev libcpupower1 +liblockdep-dev liblockdep4.19 linux-compiler-gcc-6-arm +linux-compiler-gcc-6-x86 linux-cpupower linux-libc-dev lockdep +usbip</blockquote> + +<p>Older versions of most of those are built from the linux source +package in Debian 9.</p> + +<p>The kernel images and modules will not be signed for use on systems +with Secure Boot enabled, as there is no support for this in Debian 9.</p> + +<p>Several vulnerabilities have been discovered in the Linux kernel that +may lead to a denial of service or information leak.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-18814">CVE-2019-18814</a> + + <p>Navid Emamdoost reported a potential use-after-free in the + AppArmor security module, in the case that audit rule + initialisation fails. The security impact of this is unclear.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-18885">CVE-2019-18885</a> + + <p>The <q>bobfuzzer</q> team discovered that crafted Btrfs volumes could + trigger a crash (oops). An attacker able to mount such a volume + could use this to cause a denial of service.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-20810">CVE-2019-20810</a> + + <p>A potential memory leak was discovered in the go7007 media driver. + The security impact of this is unclear.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-10766">CVE-2020-10766</a> + + <p>Anthony Steinhauser reported a flaw in the mitigation for + Speculative Store Bypass (<a href="https://security-tracker.debian.org/tracker/CVE-2018-3639">CVE-2018-3639</a>) on x86 CPUs. A local + user could use this to temporarily disable SSB mitigation in other + users' tasks. If those other tasks run sandboxed code, this would + allow that code to read sensitive information in the same process + but outside the sandbox.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-10767">CVE-2020-10767</a> + + <p>Anthony Steinhauser reported a flaw in the mitigation for Spectre + variant 2 (<a href="https://security-tracker.debian.org/tracker/CVE-2017-5715">CVE-2017-5715</a>) on x86 CPUs. Depending on which other + mitigations the CPU supports, the kernel might not use IBPB to + mitigate Spectre variant 2 in user-space. A local user could use + this to read sensitive information from other users' processes.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-10768">CVE-2020-10768</a> + + <p>Anthony Steinhauser reported a flaw in the mitigation for Spectre + variant 2 (<a href="https://security-tracker.debian.org/tracker/CVE-2017-5715">CVE-2017-5715</a>) on x86 CPUs. After a task force disabled indirect branch speculation through prctl(), it could + still re-enable it later, so it was not possible to override a + program that explicitly enabled it.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-12655">CVE-2020-12655</a> + + <p>Zheng Bin reported that crafted XFS volumes could trigger a system + hang. An attacker able to mount such a volume could use this to + cause a denial of service.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-12771">CVE-2020-12771</a> + + <p>Zhiqiang Liu reported a bug in the bcache block driver that could + lead to a system hang. The security impact of this is unclear.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-13974">CVE-2020-13974</a> + + <p>Kyungtae Kim reported a potential integer overflow in the vt + (virtual terminal) driver. The security impact of this is + unclear.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-15393">CVE-2020-15393</a> + + <p>Kyungtae Kim reported a memory leak in the usbtest driver. The + security impact of this is unclear.</p></li> + +</ul> + +<p>For Debian 9 <q>Stretch</q>, these problems have been fixed in version +4.19.132-1~deb9u1. This update additionally fixes Debian bugs +<a href="https://bugs.debian.org/958300">#958300</a>, <a href="https://bugs.debian.org/960493">#960493</a>, <a href="https://bugs.debian.org/962254">#962254</a>, <a href="https://bugs.debian.org/963493">#963493</a>, <a href="https://bugs.debian.org/964153">#964153</a>, <a href="https://bugs.debian.org/964480">#964480</a>, and <a href="https://bugs.debian.org/965365">#965365</a>; and +includes many more bug fixes from stable updates 4.19.119-4.19.132 +inclusive.</p> + +<p>We recommend that you upgrade your linux-4.19 packages.</p> + +<p>For the detailed security status of linux-4.19 please refer to +its security tracker page at: +<a href="https://security-tracker.debian.org/tracker/linux-4.19">https://security-tracker.debian.org/tracker/linux-4.19</a></p> + +<p>Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/lts/security/2020/dla-2323.data" +# $Id: $ |