Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4505 linux security update 21 December 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: linux kernel Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-28974 CVE-2020-27675 CVE-2020-27673 CVE-2020-25705 CVE-2020-25704 CVE-2020-25669 CVE-2020-25668 CVE-2020-25656 CVE-2020-25645 CVE-2020-14351 CVE-2020-8694 CVE-2020-0427 Reference: ASB-2020.0018 ESB-2020.4410 ESB-2020.4391 ESB-2020.4377 ESB-2020.4375 Original Bulletin: https://www.debian.org/lts/security/2020/dla-2494 - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2494-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Ben Hutchings December 18, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : linux Version : 4.9.246-2 CVE ID : CVE-2020-0427 CVE-2020-8694 CVE-2020-14351 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705 CVE-2020-27673 CVE-2020-27675 CVE-2020-28974 Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks. CVE-2020-0427 Elena Petrova reported a bug in the pinctrl subsystem that can lead to a use-after-free after a device is renamed. The security impact of this is unclear. CVE-2020-8694 Multiple researchers discovered that the powercap subsystem allowed all users to read CPU energy meters, by default. On systems using Intel CPUs, this provided a side channel that could leak sensitive information between user processes, or from the kernel to user processes. The energy meters are now readable only by root, by default. This issue can be mitigated by running: chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj This needs to be repeated each time the system is booted with an unfixed kernel version. CVE-2020-14351 A race condition was discovered in the performance events subsystem, which could lead to a use-after-free. A local user permitted to access performance events could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. Debian's kernel configuration does not allow unprivileged users to access peformance events by default, which fully mitigates this issue. CVE-2020-25645 A flaw was discovered in the interface driver for GENEVE encapsulated traffic when combined with IPsec. If IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel, tunneled data isn't correctly routed over the encrypted link and sent unencrypted instead. CVE-2020-25656 Yuan Ming and Bodong Zhao discovered a race condition in the virtual terminal (vt) driver that could lead to a use-after-free. A local user with the CAP_SYS_TTY_CONFIG capability could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. CVE-2020-25668 Yuan Ming and Bodong Zhao discovered a race condition in the virtual terminal (vt) driver that could lead to a use-after-free. A local user with access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. CVE-2020-25669 Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd) that could lead to a use-after-free. On a system using this driver, a local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. CVE-2020-25704 kiyin discovered a potential memory leak in the performance events subsystem. A local user permitted to access performance events could use this to cause a denial of service (memory exhaustion). Debian's kernel configuration does not allow unprivileged users to access peformance events by default, which fully mitigates this issue. CVE-2020-25705 Keyu Man reported that strict rate-limiting of ICMP packet transmission provided a side-channel that could help networked attackers to carry out packet spoofing. In particular, this made it practical for off-path networked attackers to "poison" DNS caches with spoofed responses ("SAD DNS" attack). This issue has been mitigated by randomising whether packets are counted against the rate limit. CVE-2020-27673 / XSA-332 Julien Grall from Arm discovered a bug in the Xen event handling code. Where Linux was used in a Xen dom0, unprivileged (domU) guests could cause a denial of service (excessive CPU usage or hang) in dom0. CVE-2020-27675 / XSA-331 Jinoh Kang of Theori discovered a race condition in the Xen event handling code. Where Linux was used in a Xen dom0, unprivileged (domU) guests could cause a denial of service (crash) in dom0. CVE-2020-28974 Yuan Ming discovered a bug in the virtual terminal (vt) driver that could lead to an out-of-bounds read. A local user with access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG capability, could possibly use this to obtain sensitive information from the kernel or to cause a denial of service (crash). The specific ioctl operation affected by this bug (KD_FONT_OP_COPY) has been disabled, as it is not believed that any programs depended on it. For Debian 9 stretch, these problems have been fixed in version 4.9.246-2. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Ben Hutchings - Debian developer, member of kernel, installer and LTS teams - -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl/cnQsACgkQ57/I7JWG EQk3NBAAj5MCLkVMZRyFdhlukymD1hNBdUSScQ5c0j3wbVGMFqGzdUMSOldmgVpQ SLy1R32kIDcgTiqBzZfLla/tUAIZMud3JY/Y37RXJMQaYoq1usyqNYyPnYiYZMZj oCqxdjN/QzLV0ZMh6ayzZK7Monx0mzUnD/5AJwzu67HtABiQJ8XiWOG4q6OKBeKX KWacTrnpi0XSGncuckolVUUm/v8bn8yqX1dUKwZB8MIzOTJRBiFmOwd0dtrsvdkU 05bDcdtXz0F565qm1+Z0Hvr85PMiGS9TCER+G8rZCxmjQY5j1bzf1D+I0ZZRe8eu EnOdN/FO53osF60ZnKyvEtUAt4Y2zF9DaaZX7fzzJuuqlTvjitQXdtgvwiou8a+8 ALLFCWkfIeK8UhNr3qsrTp9K/ca1Lk4XxTxFQ2vmZjZ3picrITfjKZbUT689yLPF hnlc/kcuV/X9JIeairtHDcTk5TIVQWInAQ4FL9kdMHfhzZbAlRY7wMcyfj9M4tuR w5SNkDe7uL2DTX7Ax1WVx9jkCQeMDvPBu9tbxXZ47bgxwYKn901fh2c55PNsnNJ4 XEcoc7+gEZUyQQYvo7VdR7JHafJpKZjyoibLeGFvVFM1EQPJmmoK6YDtxTA/xYWJ kv/L02caAuNV/3Z7q24kHLgYo62+OVejkufsp84DWAiAiYaJ/xk= =LP1Q - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX9/g6eNLKJtyKPYoAQhwhA//YqmKizc0QggUtJLuIEMnBx/75wkjEtL8 ErMOmmzSpM9gPZxjp8cAyP097CBjDivl+PtuEapP2ooa0d1eLfn6UTzYWBgQS3rW DoOLeeRtjTPRQ99Fw+Xt/UYHrTZ3uKrlA+gIQDuOq/qW19KEeN0BgyUWPgMxbBEy 0G4xdILBtq+6svQNIFGCFtITa61FXaSN+0/9Wg3H82dQQaWtSyPDLKgVw9Fn/q8u qvSZm7HPq9v576jPtjDnMLMMeKZ3ghwaU+KNKb3njg1NNpVP7cJzYv882u25ROO2 KuRsCd/ZDw3FrC4MV+QxqFcr3EsKD84BKISlQi4eKhTB2jH0GVJIgOFQze9IzYz+ DtaOcIk/lyBYg4g+0JN1J6vxeJfv+X++6AcELhrLEi57tRF8NPWdNdICvI6pTQOU EfRmYk+P8OBJ3f0lu6vNCFMwDLUdyHAZY65lRMqeeyzA76VTgI+aykIDDwhfFhIw CnBjOKTL8zDoGCXQJ0zr7y5nvgotC2VfhupXBkIdulfgjRvr+JOkF4oJlAJrNXNa 5DGtWdJ8CaRoCTUDCmJLHAajg9OSF/+g/hWi//lD9qYXsuQNlkRIaA/5wtPRP1Kh Ein68LLy9ZSfBKKaFbds66767crDrH9ZZQ/Dd25X9b561wjdD4vWRNuJPzmG1QTj SQch9bJCTg4= =WM2o -----END PGP SIGNATURE-----