Protect yourself against future threats.
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2024.2306
linux security update
15 April 2024
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2023-6270 CVE-2024-1151 CVE-2024-23850
CVE-2024-23851 CVE-2024-26585 CVE-2024-26586
CVE-2024-26593 CVE-2024-26603 CVE-2024-26622
CVE-2023-7042 CVE-2023-52616 CVE-2023-52617
CVE-2023-52618 CVE-2023-52619 CVE-2023-52620
CVE-2023-52621 CVE-2023-52622 CVE-2023-52623
CVE-2023-52630 CVE-2023-52631 CVE-2023-52632
CVE-2023-52633 CVE-2023-52635 CVE-2023-52637
CVE-2023-52638 CVE-2023-52639 CVE-2023-52640
CVE-2023-52641 CVE-2024-0841 CVE-2024-22099
CVE-2024-24857 CVE-2024-24858 CVE-2024-26582
CVE-2024-26583 CVE-2024-26584 CVE-2024-26590
CVE-2024-26606 CVE-2024-26621 CVE-2024-26626
CVE-2024-26629 CVE-2024-26639 CVE-2024-26640
CVE-2024-26641 CVE-2024-26642 CVE-2024-26643
CVE-2024-26651 CVE-2024-26654 CVE-2024-26659
CVE-2023-52604 CVE-2024-26660 CVE-2024-26627
CVE-2024-26601 CVE-2024-26663 CVE-2023-52607
CVE-2024-26664 CVE-2023-52602 CVE-2024-26665
CVE-2023-52599 CVE-2023-52603 CVE-2024-26667
CVE-2024-26581 CVE-2023-52600 CVE-2024-26671
CVE-2023-52584 CVE-2024-26625 CVE-2023-52606
CVE-2024-26679 CVE-2024-26680 CVE-2023-52597
CVE-2024-26698 CVE-2024-26700 CVE-2023-52595
CVE-2024-26687 CVE-2024-26706 CVE-2024-26689
CVE-2024-26695 CVE-2024-26696 CVE-2024-26697
CVE-2023-52601 CVE-2023-52593 CVE-2024-26702
CVE-2024-26704 CVE-2023-52587 CVE-2024-26707
CVE-2024-26726 CVE-2024-26712 CVE-2024-26714
CVE-2024-26715 CVE-2024-26717 CVE-2023-52598
CVE-2024-26720 CVE-2024-26722 CVE-2024-26723
CVE-2023-52583 CVE-2023-52589 CVE-2024-26731
CVE-2024-26733 CVE-2023-52594 CVE-2023-52588
CVE-2024-26737 CVE-2024-26600 CVE-2024-26741
CVE-2024-26602 CVE-2024-26742 CVE-2024-26743
CVE-2024-26747 CVE-2024-26748 CVE-2024-26744
CVE-2024-26750 CVE-2024-26751 CVE-2024-26752
CVE-2024-26753 CVE-2024-26745 CVE-2024-26735
CVE-2023-28746 CVE-2024-26761 CVE-2024-26763
CVE-2024-26764 CVE-2024-26765 CVE-2024-26766
CVE-2024-26769 CVE-2024-26771 CVE-2024-26772
CVE-2024-26773 CVE-2024-26774 CVE-2024-26775
CVE-2024-26776 CVE-2024-26749 CVE-2024-26778
CVE-2024-26779 CVE-2024-26780 CVE-2024-26781
CVE-2024-26782 CVE-2024-26787 CVE-2024-26788
CVE-2024-26789 CVE-2024-26790 CVE-2024-26791
CVE-2023-47233 CVE-2024-26736 CVE-2024-26795
CVE-2024-26798 CVE-2024-26800 CVE-2024-26801
CVE-2024-26802 CVE-2024-26803 CVE-2024-26804
CVE-2024-26805 CVE-2024-26809 CVE-2024-26810
CVE-2024-26811 CVE-2024-26812 CVE-2024-26754
CVE-2024-26814 CVE-2024-26815 CVE-2024-26816
CVE-2024-27437 CVE-2024-26759 CVE-2024-0340
CVE-2024-26760 CVE-2024-26777 CVE-2023-52434
CVE-2023-52435 CVE-2024-2201 CVE-2023-2176
CVE-2024-26792 CVE-2024-26793 CVE-2024-26710
CVE-2024-26727 CVE-2024-26813 CVE-2024-26673
CVE-2024-26718 CVE-2024-26675 CVE-2024-26676
CVE-2024-26681 CVE-2024-26684 CVE-2024-26685
CVE-2024-26686 CVE-2024-26688 CVE-2023-52429
Original Bulletin:
https://lists.debian.org/debian-security-announce/2024/msg00066.html
Comment: CVSS (Max): 8.0 CVE-2023-52434 (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: OpenAnolis, Red Hat, [NIST], Intel Corporation
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5658-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 13, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2023-2176 CVE-2023-6270 CVE-2023-7042 CVE-2023-28746
CVE-2023-47233 CVE-2023-52429 CVE-2023-52434 CVE-2023-52435
CVE-2023-52583 CVE-2023-52584 CVE-2023-52587 CVE-2023-52588
CVE-2023-52589 CVE-2023-52593 CVE-2023-52594 CVE-2023-52595
CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600
CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604
CVE-2023-52606 CVE-2023-52607 CVE-2023-52616 CVE-2023-52617
CVE-2023-52618 CVE-2023-52619 CVE-2023-52620 CVE-2023-52621
CVE-2023-52622 CVE-2023-52623 CVE-2023-52630 CVE-2023-52631
CVE-2023-52632 CVE-2023-52633 CVE-2023-52635 CVE-2023-52637
CVE-2023-52638 CVE-2023-52639 CVE-2023-52640 CVE-2023-52641
CVE-2024-0340 CVE-2024-0841 CVE-2024-1151 CVE-2024-2201
CVE-2024-22099 CVE-2024-23850 CVE-2024-23851 CVE-2024-24857
CVE-2024-24858 CVE-2024-26581 CVE-2024-26582 CVE-2024-26583
CVE-2024-26584 CVE-2024-26585 CVE-2024-26586 CVE-2024-26590
CVE-2024-26593 CVE-2024-26600 CVE-2024-26601 CVE-2024-26602
CVE-2024-26603 CVE-2024-26606 CVE-2024-26621 CVE-2024-26622
CVE-2024-26625 CVE-2024-26626 CVE-2024-26627 CVE-2024-26629
CVE-2024-26639 CVE-2024-26640 CVE-2024-26641 CVE-2024-26642
CVE-2024-26643 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659
CVE-2024-26660 CVE-2024-26663 CVE-2024-26664 CVE-2024-26665
CVE-2024-26667 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675
CVE-2024-26676 CVE-2024-26679 CVE-2024-26680 CVE-2024-26681
CVE-2024-26684 CVE-2024-26685 CVE-2024-26686 CVE-2024-26687
CVE-2024-26688 CVE-2024-26689 CVE-2024-26695 CVE-2024-26696
CVE-2024-26697 CVE-2024-26698 CVE-2024-26700 CVE-2024-26702
CVE-2024-26704 CVE-2024-26706 CVE-2024-26707 CVE-2024-26710
CVE-2024-26712 CVE-2024-26714 CVE-2024-26715 CVE-2024-26717
CVE-2024-26718 CVE-2024-26720 CVE-2024-26722 CVE-2024-26723
CVE-2024-26726 CVE-2024-26727 CVE-2024-26731 CVE-2024-26733
CVE-2024-26735 CVE-2024-26736 CVE-2024-26737 CVE-2024-26741
CVE-2024-26742 CVE-2024-26743 CVE-2024-26744 CVE-2024-26745
CVE-2024-26747 CVE-2024-26748 CVE-2024-26749 CVE-2024-26750
CVE-2024-26751 CVE-2024-26752 CVE-2024-26753 CVE-2024-26754
CVE-2024-26759 CVE-2024-26760 CVE-2024-26761 CVE-2024-26763
CVE-2024-26764 CVE-2024-26765 CVE-2024-26766 CVE-2024-26769
CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26774
CVE-2024-26775 CVE-2024-26776 CVE-2024-26777 CVE-2024-26778
CVE-2024-26779 CVE-2024-26780 CVE-2024-26781 CVE-2024-26782
CVE-2024-26787 CVE-2024-26788 CVE-2024-26789 CVE-2024-26790
CVE-2024-26791 CVE-2024-26792 CVE-2024-26793 CVE-2024-26795
CVE-2024-26798 CVE-2024-26800 CVE-2024-26801 CVE-2024-26802
CVE-2024-26803 CVE-2024-26804 CVE-2024-26805 CVE-2024-26809
CVE-2024-26810 CVE-2024-26811 CVE-2024-26812 CVE-2024-26813
CVE-2024-26814 CVE-2024-26815 CVE-2024-26816 CVE-2024-27437
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
For the stable distribution (bookworm), these problems have been fixed in
version 6.1.85-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYaIyZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RN3A/9HbzpFDgN8uqJJVEHYgDh38m+h/8maSC2qL3G9ZPEckWX6MLBm+yBWcJ0
l/DesFcqc5Lh25bgWSO2jJ4TY4+dbTRFzFcJ/aTnbOKGoGCUQt0W9ZHFVwmkPKQN
tbZm1W1K3u/5dz8qow1ntsQuBarD0uDpImbhOZdrk+n88yKVB4lqAqNgel6EPt03
6SYAz/A3S1A3cgTEwz9udrA6du7yX/2vFwd9g4CO96VflHBgsHSnWAnmJZScZjIA
MT8jWGEXUw0zPg78w6AieLWhXTRe/bRxzhPRtYMOwXu1rX3wcPO8cbF9+hgbdj9w
VD+qKTP3PWzP7nxJ3KLRUf8NvHjOI5CvVJFR3UFVlOE+BtYO//POTZI9eUv9tU3x
vqXXTuHN+uXHkOtvRImx0Hf6FxjQbdh6IuvK6ipb/YH6IE2jZOw94AYi75UkDkgf
VBbQf7eShv81Z05tZQo1rFHQMYBbGjtpudJllQ8/zmbv+hM9WuL4NCkw6EQytFPU
51lVn/8Cqx1wt0IAmKr4FQ3hz/d766jgQvByFQWhqs1ZD7vQy2SxbzzTsKT1Zlha
GsRB5LNZXvIwZi/A4ls7+4YM4urbRljMFgU7sUaNl+nbhqcw0y/AoLcUGO+7vl6L
S/9Mmm8mnmXvTTYCgw9tuLo/wCP9UlF5PTEsZTQyslJYVxu/bvQ=
=IM/D
-----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT----------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================