ESB-2018.1260 - [Debian] linux-tools: Access privileged data - Existing account 2018-04-26

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1260
                        linux-tools security update
                               26 April 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux-tools
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Access Privileged Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-5715  

Reference:         ASB-2018.0009
                   ASB-2018.0002.4
                   ESB-2018.0044
                   ESB-2018.0042.2

Original Bulletin: 
   http://www.debian.org/security/2018/dsa-4179

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4179-1                   security@debian.org
https://www.debian.org/security/                            Ben Hutchings
April 24, 2018                        https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : linux-tools

This update doesn't fix a vulnerability in linux-tools, but provides
support for building Linux kernel modules with the "retpoline"
mitigation for CVE-2017-5715 (Spectre variant 2).

This update also includes bug fixes from the upstream Linux 3.16 stable
branch up to and including 3.16.56.

For the oldstable distribution (jessie), this problem has been fixed
in version 3.16.56-1.

We recommend that you upgrade your linux-tools packages.

For the detailed security status of linux-tools please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/linux-tools

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrfLWxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TCNBAAkmZlNuXx/bOIDLWZoKJvSUL6a8FylzBpdyFYILGcF8bU9CUjQM1M8QD1
bzl+kiWt6UJ5swpujfqfjkYTen4/42FYbMSrrAKy1wygCISyH5MrsKlymmOWNPK3
NVXzxKg4XAYoof16BvYvTavjOhsxHDqtTh0ehwLmqCpzTKvJ05miA8upxxQ1klmU
LpsB3QoRaBnPm0qST4FUgEroZxvByTe3RqbHoYoRFXjV3ffmAnVyZKQF3p0PfpGZ
zgt0MepINIk3mzpNBqpEFAGbB09mnEC/D8Jko/G0NTZgJzAUdEsauqOs7Q7sPlxb
zuG1gS2oxKI+4uXw5mdUPPfWcQHkNTu6W3QaBVyw9D5S7MPUaSppNMgs53e0lCzP
KGAwvV4f+tWvsSVSVKb6qXXdILLFo5FfmQRtwvB3d8dJpq8Zc3yDiL2RqPM9sSMz
eZw/g2aN1OhVfPSglu53aVRfUok8rCxA3KujNG8vvzE8KoWp8aFauNH/XTlXe6ph
o/8/urw2mPuPhGAiwOhgA3uUtsMaXpbvIjhkzO2bmJm19ewj7LW2S7/ufhBjNzvq
Cte8X6V3+X20GIp4e4QIsdDlGeHYFBm+HOhPCDyWdZ/82AaWHsWKHP6QyKN6+c54
lX9EJ/g4wFt0Y8ueOgFf5d/Y1Ck9BcZp+Pc2TjEmtq5aOHHchYE=
=4qrq
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWuEZ2Yx+lLeg9Ub1AQjy+A//TzYDBq4sUAu/oY+Sx1qh1TRPm9n4b+Mz
tnku1ZzSL5vZuWnVIc96TOIZ+6D+xbFihELQnip5TviYyp0j2jPiupVDdvZbBYER
6W5fAq7Lg0PdBHXKjaF4OD1JG/Zijf5dac5+AhktFWaTq6K3SQTCZxDcy0YJLxDo
2IPnuqQiHe77fGYNVbrKEz1Xy9P0AZsljsUTQZs2c6g5NjpDUbiLEgntSju4ocuo
fO7Yv5Ew6S6nTfG+Pd6Px4IKiToN1B7ushAzJgEUZDJh4guOJuQVOdcSEGER0Lg6
kzwfmBUIRNFsr0JDqsk33Mb6OA6hNz2uXOBFemLmKjukDp3TT5c+nsf5hv3sqM4c
dhEYdcYzC4L31qqDl19QRbPmV2rxAD3TbSvUJTYvjs6XbEM2h9CbhR2uGI+D3dWj
BkTH6C5WjUP1/6QyTxu0exeUwbpCtO8sWzNCKs0cGtaKLqDHWU7QuWv+oKUuHGKK
M7jJQjFjlY4Nqfw2sjHwgQ9ZWTzyBFU5g3NfHA65cAzgCWvB18uT066vUFMLT0WK
3mCp7/55U2jUXvESTbx4OsjpBkFt3OAP+7Pvq7ZVLFKkgTd8rI6yAo05OFb/35kd
DC2GbBYiJguSw2rE4NAzUUDWIU+m68U/PUrYgQUUDqqAR/ai2EYPH53h66i7CSV8
NBHFLwyUD5g=
=mSvm
-----END PGP SIGNATURE-----

« Back to bulletins