Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1705 linux security update 15 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: linux kernel Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-11091 CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 Reference: ASB-2019.0138 Original Bulletin: http://www.debian.org/security/2019/dsa-4444 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4444-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Debian Bug : 928125 Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into temporary microarchitectural structures (buffers). This flaw could allow an attacker controlling an unprivileged process to read sensitive information, including from the kernel and all other processes running on the system or cross guest/host boundaries to read host memory. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details. To fully resolve these vulnerabilities it is also necessary to install updated CPU microcode. An updated intel-microcode package (only available in Debian non-free) will be provided via a separate DSA. The updated CPU microcode may also be available as part of a system firmware ("BIOS") update. In addition, this update includes a fix for a regression causing deadlocks inside the loopback driver, which was introduced by the update to 4.9.168 in the last Stretch point release. For the stable distribution (stretch), these problems have been fixed in version 4.9.168-1+deb9u2. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlzbK/hfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RDbhAAkCG4A3Yx+lAGMIgm9lXWeacyTFQ7RhS0NzQ+7rewiQZti4JphoEnuub1 sq9GH041twKbQQKJiuRD7AvKIzt8hfziQVBvIs+Nojp3fOHU9TIDqqENmfBYflkQ qvP/tP5vqXREMihV6zGAzK47lfIvEztAQYiZymD4zMzWF0QrY/9/uEQFgwgD5AaP xvreR+M2tsWQR3MZOAfWlTbX9nSbyV2K7nULs5y+g0ko8sbJDxNhfKO/6yauSiHK pq6I3Fg56PsNtse/r/II9jlGE9DYvC+cI9vRNEBZep9A0dmRqN8j3sk0jmNVfi/F Tm3jWFgtRtaa6ANMeBHIBQzkGjML6GbE68Iyf0+EGZ7ZrXSeAIi4InYFCNJA7w5/ K0Nu2nCMAaxVwYPAO7mvNxAnKgOPLE+e7fYNlqztpHOO/nXNmOG7zknqstlkS+Vc LfsjAiqtAGw6PubdXMSc5BVrdQQTmT3tvqg4BW2i3bWeaW43MyQRc1cizplVrNLt KKgC1qNLGIvSZLejDF5KXX8VT50UEa05QshRHWu9Ckkvid2hedzipZkTsN5tsRoc XuCtYsbZqawHmExfyryqtkhTc4pti2nvHPzcMpJtmXtdkkvxh3ZYXbTR0vsSwJHt rLY3ms+Sw/DT0kdXgEb1gz4prezXcINgPhGDiP/hbRaQnsP2x7U= =ukU9 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXNtU5WaOgq3Tt24GAQizyg//RaN8rVL5pGIylwMv2E+y4MNb2mBiqdQu SRMymNgD8Rw1pKJEyrWEw2dOWCReJjf5Ed8LJ+GM2MNxXFHx00RWo0ySkvNCnTpt qW49XCjJg9wQizVsoJp7tb4A6n2eD1osXKqpwbTDj9TIAeW7FF9ixnZvEPBG2aYu he02fLcuDhdAGYRORwa3H2G88qL/U+mLVi+IfGHamoPG7PX9WUZM6M8RkTH2dDt9 pxhfZuYA7qJ0ROAh74nmfOGOdJfKVqDQFO0m6WWo1uCKPb4SjXJb5589oMsul3If pY/5TfpNDOjBvHbZePr6xKp0tqNEMxFtrH1/Y8e0adIF3RcEABTLcR68TNrA8tHO Wl8YXojEgJVi80DBsrcb4fCcKoyfqtvhFXlTwVjw0CXGVPqiWoexJ42kK/ZDn73C gYHW7vkBLHtGPOVMFMlEujdKYdTIWSStOSMZrOWOjvA4Vuew7idWL5wAt9xuAf8g xUpeqc6tFPpvVi4WilMLIaM51pWQlRHB8UiunElAuFGUFzACWwcg10jXoxZ/Qg26 wjXMUzusBAItPPzBdz+iJSh9LsEYRuhL72my6I4oUfA2DWq7lHTQGn4tHdZoD3XA 2+i0Pzqm1ZWkQOb3amVgwPJNPXvb/bDGkhp/XopNtY2wqx7GG2umCz3jw/N/P1W3 K6cxrP8+HnA= =0yqf -----END PGP SIGNATURE-----