it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 4843-1] linux security update
- Date: Mon, 01 Feb 2021 14:39:40 +0000
- List-archive: https://lists.debian.org/msgid-search/E1l6aMe-0005Wb-43 AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=2Ny0vNCFj6ywF7J7IdPw0CqtcDHaGkITot5yq5MMolU=; b=e+ l5mLi79faIpBg0wARCrcdLqxAGpH+KqLPFDjZSJK5Q0Myfv2b/ZJ+Cg7Pnaol+Oguhm/eIfrNhpsY cvU1rOixzzU83oNOPxtskhNkXiIGGyASjtX2h2hP9Q9ozb9euzg5W9iUdS/API0ulV++BfuQ0fOHu 3hznbZf7Cx/AetaKkoW26kz3+e+dGtAWmHWg+J+Jpky6jIja6X1LG4d3LEM8bmqlBIvZPppklGt4X YtprIW7M553RZUIuUURtm0DTu+giQnvDEcDq/VKVEKJZi0CR07jyRjZmKBuh6SY7LpFYh9Bzrk+Dh ahHsqyBtjZdASkDx2xOmfE2nL87yLeOw==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Mon, 1 Feb 2021 14:39:59 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <jLXWs0HxBO.A.gi._KBGgB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4843-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 01, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374
CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661
CVE-2020-36158 CVE-2021-3347 CVE-2021-20177
Debian Bug : 970736 972345 977048 977615
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2020-27815
A flaw was reported in the JFS filesystem code allowing a local
attacker with the ability to set extended attributes to cause a
denial of service.
CVE-2020-27825
Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace
ring buffer resizing logic due to a race condition, which could
result in denial of service or information leak.
CVE-2020-27830
Shisong Qin reported a NULL pointer dereference flaw in the Speakup
screen reader core driver.
CVE-2020-28374
David Disseldorp discovered that the LIO SCSI target implementation
performed insufficient checking in certain XCOPY requests. An
attacker with access to a LUN and knowledge of Unit Serial Number
assignments can take advantage of this flaw to read and write to any
LIO backstore, regardless of the SCSI transport settings.
CVE-2020-29568 (XSA-349)
Michael Kurth and Pawel Wieczorkiewicz reported that frontends can
trigger OOM in backends by updating a watched path.
CVE-2020-29569 (XSA-350)
Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free
flaw which can be triggered by a block frontend in Linux blkback. A
misbehaving guest can trigger a dom0 crash by continuously
connecting / disconnecting a block frontend.
CVE-2020-29660
Jann Horn reported a locking inconsistency issue in the tty
subsystem which may allow a local attacker to mount a
read-after-free attack against TIOCGSID.
CVE-2020-29661
Jann Horn reported a locking issue in the tty subsystem which can
result in a use-after-free. A local attacker can take advantage of
this flaw for memory corruption or privilege escalation.
CVE-2020-36158
A buffer overflow flaw was discovered in the mwifiex WiFi driver
which could result in denial of service or the execution of
arbitrary code via a long SSID value.
CVE-2021-3347
It was discovered that PI futexes have a kernel stack use-after-free
during fault handling. An unprivileged user could use this flaw to
crash the kernel (resulting in denial of service) or for privilege
escalation.
CVE-2021-20177
A flaw was discovered in the Linux implementation of string matching
within a packet. A privileged user (with root or CAP_NET_ADMIN) can
take advantage of this flaw to cause a kernel panic when inserting
iptables rules.
For the stable distribution (buster), these problems have been fixed in
version 4.19.171-2.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAXj9pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Tf5Q//RdQojeX7VtJ61PsVXRszZh9DJ3PUo64NheFU+QWUYO7F6NUD3fMxiS9K
I8Sgfsm28x7RBambjW6TZYseJhQd9aSvaANnPdUj/eZ9P3xBhXFM8wzISosUWgfO
2IIV40oOVj943+BzfIQiq1mgQtwLjh3pNTZAEpjnzD96Tc9tXGyW9/3iGkUHIQjv
gUTSvoLIUAI4XfNNUjnok+6kPDyEEIdiwJaGDG+UPZ6HNL/hrG3A4klQc+X7KK5K
NCOzl4Wl5pZN7u2Ietn3sFMsNJkMrsfLlVyj8J9PgNwbFQh/+RuvzFcONlQ8iaD9
kx42gkLwjl+hM2UeCpvQndzwqXKPKc6CjFemDj7KWzVA+KkVBRTXCGb9K9CasZOZ
0e/cu+5rjYGubIE3e/jo3Gmhp/fm9fXHESbruxuP+gjdbKcyrGrokNucjRvp6FPP
rCX+e7OjsZwWGBIcAw+gDAZkDO7PFEoRtlByF2LmxxNvTufZQZHX8NwVyABCdpZi
VQLLeQNXN1pJ4d1NPWgTlKfEmH0sGVQRHCliTkBZmIjvo+y1JClUDBAlWOS4YYQL
4Z4oe1qtOX9z+NkqDqcbgfWw69Q2PipNN3TR5YcBXvOtVhvL+/WFGiooJDqxkdCD
j3wO/r/1gut/bK/OJnjmOB9J5OXP+cHxYtrhPqXFy2Hzkgj1CRU=
=u23W
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 4843-1] linux security update, Salvatore Bonaccorso, 01.02.2021
Archiv bereitgestellt durch MHonArc 2.6.24.