Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5324-1] linux security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5324-1] linux security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5324-1] linux security update
  • Date: Mon, 23 Jan 2023 20:11:44 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1pK3AO-006ihI-7r AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=39Pq4j1LwvcLolZNps6+Qgs1w/hDNszikJDUDe9JLTI=; b=RS Ms1p2y59Pc36gbtCDpD6PdpCXDuZZZNcMbEhYTurcNOde/NW1bqexQk6qGbZnDj8IRjTL1eWSzPWw a9eF57uWuLJuZZxbJ+O3bPmQKbzPrfFMBPz6Z4x10drKPEmp98kmj+pVtEI7K2PQGLRYJNLWiUClB pTIR9egWytSSfCmBR0EyHzPBS1YDA7u2mE3WloayT2uvMX6hLLbBGD5siHMZfKLCG3RCIrnq2boPg v6HCVsGpcZGQYQAhUDl2YmR98Z9G3l2yriF2UXymwvPGhAz+rKUjD5WyeDtN/6thCMxCLHuUwr9+C skXMGLtoEjK9BPUfAAhHIIUOLxeoxteQ==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Mon, 23 Jan 2023 20:12:09 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <nrCoxOdTAQG.A.NnF.ZouzjB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5324-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 23, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2022-2873 CVE-2022-3545 CVE-2022-3623 CVE-2022-4696
CVE-2022-36280 CVE-2022-41218 CVE-2022-45934 CVE-2022-47929
CVE-2023-0179 CVE-2023-0266 CVE-2023-0394 CVE-2023-23454
CVE-2023-23455

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2022-2873

Zheyu Ma discovered that an out-of-bounds memory access flaw in the
Intel iSMT SMBus 2.0 host controller driver may result in denial of
service (system crash).

CVE-2022-3545

It was discovered that the Netronome Flow Processor (NFP) driver
contained a use-after-free flaw in area_cache_get(), which may
result in denial of service or the execution of arbitrary code.

CVE-2022-3623

A race condition when looking up a CONT-PTE/PMD size hugetlb page
may result in denial of service or an information leak.

CVE-2022-4696

A use-after-free vulnerability was discovered in the io_uring
subsystem.

CVE-2022-36280

An out-of-bounds memory write vulnerability was discovered in the
vmwgfx driver, which may allow a local unprivileged user to cause a
denial of service (system crash).

CVE-2022-41218

Hyunwoo Kim reported a use-after-free flaw in the Media DVB core
subsystem caused by refcount races, which may allow a local user to
cause a denial of service or escalate privileges.

CVE-2022-45934

An integer overflow in l2cap_config_req() in the Bluetooth subsystem
was discovered, which may allow a physically proximate attacker to
cause a denial of service (system crash).

CVE-2022-47929

Frederick Lawler reported a NULL pointer dereference in the traffic
control subsystem allowing an unprivileged user to cause a denial of
service by setting up a specially crafted traffic control
configuration.

CVE-2023-0179

Davide Ornaghi discovered incorrect arithmetics when fetching VLAN
header bits in the netfilter subsystem, allowing a local user to
leak stack and heap addresses or potentially local privilege
escalation to root.

CVE-2023-0266

A use-after-free flaw in the sound subsystem due to missing locking
may result in denial of service or privilege escalation.

CVE-2023-0394

Kyle Zeng discovered a NULL pointer dereference flaw in
rawv6_push_pending_frames() in the network subsystem allowing a
local user to cause a denial of service (system crash).

CVE-2023-23454

Kyle Zeng reported that the Class Based Queueing (CBQ) network
scheduler was prone to denial of service due to interpreting
classification results before checking the classification
return code.

CVE-2023-23455

Kyle Zeng reported that the ATM Virtual Circuits (ATM) network
scheduler was prone to a denial of service due to interpreting
classification results before checking the classification
return code.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.162-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPO6CtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Ra0w//fLN39l/vLOzDs++lrDvYDVGpTFS/D3CfMq6ucxI36BEoxPXk5aKyH/la
red6SnuLf7lI+4CcH3vvLpo1vHreqOXRXoE/u1JdWij9vvLHyHjJKLgCkn43UlLN
ukdEnmls3DCJr42apdHhV7nyjLXfBzocgOfq8+oOUHS2/K2SPYc1dqtn96Dsmogu
nH/Mcorr9kHX1wjWtCPQCCSsjo3+xxRzc1WDpbdqolox979s7hFSIqZ65T74w/mV
KksIg/4CJHNlwo/piiwH6/Gi419v6Tj4HPUPcJpFEJou6adnnXqrBX+aNE9WvHEe
Y/Fmj2DSxBvCJ+MKzCVWNf94lfjxcb4mE8VlUxUTa6BR0BGC7/iKDz0HglYPnbue
zdNMEUcsgw3pxLB9sorFmcPbKOgzquwp2WLGCPxw04UMDmK5bBTZ/zKVa1b639C9
BGeOmDCfg9+b33Er9pKvvuky/C3divGbZ3TnWKcztVPR33Y2e2E1WtvvbLtayFsO
0ezn8r7vNCu+3hBTT09wXJQzil7o1zyfb9MwtzgSuxksLoFbm/B21rw1KEzTgyCC
FiQDJF2OQNmzKJokNgsmpIknx75/x1WG1UQbMeO15tZW8zSjItrDtiydw8Uyrs+8
BU0Ta3tiqtyOrlc22k+K2yDWrg16pRw9ik3iNokYgM7z/RcHwv4=
=7Ixp
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5324-1] linux security update, Salvatore Bonaccorso, 23.01.2023

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang