Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4941-1] linux security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4941-1] linux security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4941-1] linux security update
  • Date: Tue, 20 Jul 2021 12:53:32 +0000
  • Authentication-results: mail02.piratenpartei.de; dkim=none; spf=none (mail02.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1m5pFc-00076h-2M AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=5UEa3v1hoAHpUKIWjsxOjS1oiLrYWLhrRcwyed2k8RM=; b=lI FyVKBEC3I09FN2Vy2wwI7rR7MAxxkT8XrmtjT9P9n/jiRqfFarIf5rJDJZAc88oUDxZJx0AFyKTQR EnmiSxkYlTEFX01AEFyNkYPnPxOkhrpO1KheAmbH39gp9nyFOIIUqbvF8naJr+I6n84QSEy6JJgfQ 3Yq4w4vsbvJb6wIiOT76kyepX8wArw+XexTaU6oVjVHn06w9jUeadttO6YcvZTS2ba7Zq8DXTLcXm dsbZqZBz6uN5M6Gapkc4tRnl9Y6Wrcyx8Q8uQgAM4hZaqVrYeqP0wyUoNQ78yjbKr5ITImlmtn6m/ ROmlTIPLNlu9Sz90ydMZeaTGWBhdU+Gw==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Tue, 20 Jul 2021 12:53:52 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <WHSBSBVSpQO.A.AAE.fds9gB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4941-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 20, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2020-36311 CVE-2021-3609 CVE-2021-33909 CVE-2021-34693

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2020-36311

A flaw was discovered in the KVM subsystem for AMD CPUs, allowing an
attacker to cause a denial of service by triggering destruction of a
large SEV VM.

CVE-2021-3609

Norbert Slusarek reported a race condition vulnerability in the CAN
BCM networking protocol, allowing a local attacker to escalate
privileges.

CVE-2021-33909

The Qualys Research Labs discovered a size_t-to-int conversion
vulnerability in the Linux kernel's filesystem layer. An
unprivileged local attacker able to create, mount, and then delete a
deep directory structure whose total path length exceeds 1GB, can
take advantage of this flaw for privilege escalation.

Details can be found in the Qualys advisory at

https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt

CVE-2021-34693

Norbert Slusarek discovered an information leak in the CAN BCM
networking protocol. A local attacker can take advantage of this
flaw to obtain sensitive information from kernel stack memory.

For the stable distribution (buster), these problems have been fixed in
version 4.19.194-3.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmD2xvFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Tp/g//af2JkknfeqLs9FHFlqiYvIl1co4zEOW6e4BO8WAtvB3q5+scTNiFgN/W
66o9sDTi+Bnuhxja/lsZEkwM5QnrcPCSndUuY8EIOBDRdAla9R3xf4vUSYQ4KVb8
re3NmfzlkiLiGd6JRZXeV8+8stUjbLc6e0EG36S2HJ6hDs7pOA+vxcR/ui8yf15e
p9egIKOqznhsNFHgrZRm4R1yqgNzfkFBWeSgfuFZGsFi9b2I3FJQKDTx0TXwxerB
PKtvstJ1/xKbtK8m5IdntLOPeUPXuUlhoff4cN192IRNrPCcUXf7vRJoGg6A7WP2
dfvErldL8AsJHMBEs6YqEQSajFMoJX2590Bt8VK1xZwvhirSB7ZClk4+boh8OhlG
apKj/OPIi3KGPt2s8t23zq3cU6aAFyTp6VQacuS+kR/2bdF0H3iQKcB5I4HFSSx9
BxK0ZpcZSw4axt35lfVhqnoeARb2GtUBqO77CWOOdtXcxDACD3VQ8PiqxxfpGS26
V/ASWmWzCeoGs+FQ5iRoN2JC5i9VcJX32r0fbNVvj7BG+ZQBe5XZ30eOalQLPs4/
SQnBoWuMnIpl/5+6FxkPXiqzkDGnkUm2ep2gXhdFrJmn/3ugpMiAPEuETo7Q2Lfj
Ze6DKkHJPBK2BaKs1UgWPNvQBVQrcs0rKMLEf6LxS0eAJHlcCdo=
=dhUe
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4941-1] linux security update, Salvatore Bonaccorso, 20.07.2021

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang