Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5402-1] linux security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5402-1] linux security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5402-1] linux security update
  • Date: Sat, 13 May 2023 11:20:28 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1pxnIa-007gln-Ma AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=5WWwQCvrd7+COKOHEWOzpzod42N9NV3+850FXL8T1fw=; b=f6 HGRTaumu1LoJDA2+0yDggOl5TOkRuMUAaI/Zq5Cd3f7XqHf1kRXu9a6MP7WkD6frtiTxXneJIFt8W NitS3ZSTa5SJ7x9lg8bCpq+RiJl1YEYTfHQhl9P236aTTFOu1N69wfQwLHX1RxGOhD6KlyMfAmlOP V3s5foeq6MYQovYZIb+bf4Grs5BYqQL/D3hK1IVZxxDe2Hk2WUP6WoR1zY4kX9aQ5k8piZQaqybJH 5w/XlCgDmGpUOMuMUykuujGytmY8LSJdwrjGKPmOlw0CxLWwafNx419rBWtkQVgEAvgMt1YNswRAD XT5sTvKW5IIEol8Y20CsUOy04Yaq3OeQ==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Sat, 13 May 2023 11:20:52 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <vGyF9ldZUWD.A.PME.UK3XkB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5402-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 13, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2023-0386 CVE-2023-31436 CVE-2023-32233

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2023-0386

It was discovered that under certain conditions the overlayfs
filesystem implementation did not properly handle copy up
operations. A local user permitted to mount overlay mounts in user
namespaces can take advantage of this flaw for local privilege
escalation.

CVE-2023-31436

Gwangun Jung reported a a flaw causing heap out-of-bounds read/write
errors in the traffic control subsystem for the Quick Fair Queueing
scheduler (QFQ) which may result in information leak, denial of
service or privilege escalation.

CVE-2023-32233

Patryk Sondej and Piotr Krysiuk discovered a use-after-free flaw in
the Netfilter nf_tables implementation when processing batch
requests, which may result in local privilege escalation for a user
with the CAP_NET_ADMIN capability in any user or network namespace.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.179-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRfblBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S/ehAAimoZ2PphbMF53apge94ZKEnKKG2k43nEIDBumQsa8tFCmVxHKrxTV+qo
2OnkmuXO2W7kexlHNtnHfKie7pYI+0vLrxNQqyBBDHfUAvUC7cvVgZUG+O+K9v+r
TY60UJBkVwW3bY99MUMtwSsy0pN7dHqc/YQTWacPYSVuZ/GRn5/PLhDu9p6vdROD
BxYtcGF93I0EfGgjCqPZ16rivCwtIck4/GaQCBgypDa2N0h92Y/uTEebaA3LEC72
DuiJc1kPHpecGe11Xay1+KVt0q3CjwAxbjj740t/ySn+OzGqbSRpLk5IIsLuZL8F
hh+tsB3PDTpO9yOVNokO7h0wlja03uVFyddwPf8jkv0fsFo26OTkl1aISA6/gmT2
hymNBwPs5OAxX2f7Fe9jwHllBlLCb+xwiejBcrdNUMOsG2Krd7B5ABlj4shQPylQ
9NxPHgk9GrCjBFcRaCPoQBaIw5AT7R3Rv7xkyH/XzlXCvuckiJlZMwIw7AVDnRtv
orZ42xSxaZu1AyIVv48f2JinLrLTBIjj7BQrzq5M+9SXL3bGbv9ChzwoxSK7STc4
UJ13fZxmQbC50c0xmT1VbiYDIeE85cCOkuF+Heyqw3vJioFFl9tHEt8GT1FrHoUl
9IcX1l0CB62Sh7s8jdFnvSVur5ZfZbXyUIxWeNIHrF9PinQsVJY=
=sqnY
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5402-1] linux security update, Salvatore Bonaccorso, 13.05.2023

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang