Debian Linux Security Advisory 4313-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
797c41de95f8733f3df28d404c9d017668eebeaf3d6c62c025040cbb65ffd1ee-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4313-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 08, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2018-15471 CVE-2018-18021
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2018-15471 (XSA-270)
Felix Wilhelm of Google Project Zero discovered a flaw in the hash
handling of the xen-netback Linux kernel module. A malicious or
buggy frontend may cause the (usually privileged) backend to make
out of bounds memory accesses, potentially resulting in privilege
escalation, denial of service, or information leaks.
https://xenbits.xen.org/xsa/advisory-270.html
CVE-2018-18021
It was discovered that the KVM subsystem on the arm64 platform does
not properly handle the KVM_SET_ON_REG ioctl. An attacker who can
create KVM based virtual machines can take advantage of this flaw
for denial of service (hypervisor panic) or privilege escalation
(arbitrarily redirect the hypervisor flow of control with full
register control).
For the stable distribution (stretch), these problems have been fixed in
version 4.9.110-3+deb9u6.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlu7uMNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RtEg/8DXFvVd/xcV3Wz5bm2v+UUbzQwz5rsbzGZDNagWw/17c/S7HpDe3gvgSN
tw9JzMt+6ZIHTBN7owc6wNjh6e8t38rCTBaQCJwAe3plNTKI0VtamHkzozgS80mm
VSv92jLSYHx19wi9ThXkxVCKzVdTSeJv+fBi7OVJoErcKj4iSmDVHZjOsTmuCkmw
1j2Lvy8DUBdkXpS2FbG03DnszkHU62Z4gF3WCcga/TG/bOApI8dCwrb3+CDrBw/N
+IP2SGTb3MB/OK4iLJcKf5mv0Pg1bxflWRw12kRtEDk5auoYtyp9Ce9w5UqyPYtj
+zxmvytKSQWHMz3Tx5TM3rQz8LfWCFLjfiNm18NzXSg8bnznXtnL+1CypdVclJx8
gol89yjhBoMX26S426hVvMeQPntd1pg5eOtos8DwEe5SHg9gfpyMDDvuvNCcoXV2
37rYW0BeuBUfkOZnUnXR4B2T11ejuzGc33sA6WlRprele10kpR0JeT3RPxBYRoAe
O1uew8o+IPTvUsUrNorBMeaWrwzqCDmpkWJDoumyNvLKtXm9F2KVbT5cLoD1kRW+
VQ/oy7oItKRQttSbagAsipCVO9er/B4vjSAahuUnXS+OtctwJX3VFbVFyK2LYk9D
OHvDu8iDZsWc6/TDoAXlAEtzwRpwOjypvD8NaB88EQbBWaGVX6U=
=RKUP
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed