Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1101 linux-4.19 security update 31 March 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux kernel Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-28660 CVE-2021-28038 CVE-2021-27365 CVE-2021-27364 CVE-2021-27363 CVE-2021-26932 CVE-2021-26931 CVE-2021-26930 CVE-2021-3428 CVE-2021-3348 CVE-2020-27171 CVE-2020-27170 Reference: ESB-2021.1002 ESB-2021.0837 ESB-2021.0648 Original Bulletin: http://www.debian.org/lts/security/2021/dla-2610 - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2610-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Ben Hutchings March 30, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : linux-4.19 Version : 4.19.181-1~deb9u1 CVE ID : CVE-2020-27170 CVE-2020-27171 CVE-2021-3348 CVE-2021-3428 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 Debian Bug : 983595 Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks. CVE-2020-27170, CVE-2020-27171 Piotr Krysiuk discovered flaws in the BPF subsystem's checks for information leaks through speculative execution. A local user could use these to obtain sensitive information from kernel memory. CVE-2021-3348 ADlab of venustech discovered a race condition in the nbd block driver that can lead to a use-after-free. A local user with access to an nbd block device could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. CVE-2021-3428 Wolfgang Frisch reported a potential integer overflow in the ext4 filesystem driver. A user permitted to mount arbitrary filesystem images could use this to cause a denial of service (crash). CVE-2021-26930 (XSA-365) Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Sch=F6nherr discovered that the Xen block backend driver (xen-blkback) did not handle grant mapping errors correctly. A malicious guest could exploit this bug to cause a denial of service (crash), or possibly an information leak or privilege escalation, within the domain running the backend, which is typically dom0. CVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038 (XSA-367) Jan Beulich discovered that the Xen support code and various Xen backend drivers did not handle grant mapping errors correctly. A malicious guest could exploit these bugs to cause a denial of service (crash) within the domain running the backend, which is typically dom0. CVE-2021-27363 Adam Nichols reported that the iSCSI initiator subsystem did not properly restrict access to transport handle attributes in sysfs. On a system acting as an iSCSI initiator, this is an information leak to local users and makes it easier to exploit CVE-2021-27364. CVE-2021-27364 Adam Nichols reported that the iSCSI initiator subsystem did not properly restrict access to its netlink management interface. On a system acting as an iSCSI initiator, a local user could use these to cause a denial of service (disconnection of storage) or possibly for privilege escalation. CVE-2021-27365 Adam Nichols reported that the iSCSI initiator subsystem did not correctly limit the lengths of parameters or "passthrough PDUs" sent through its netlink management interface. On a system acting as an iSCSI initiator, a local user could use these to leak the contents of kernel memory, to cause a denial of service (kernel memory corruption or crash), and probably for privilege escalation. CVE-2021-28660 It was discovered that the rtl8188eu WiFi driver did not correctly limit the length of SSIDs copied into scan results. An attacker within WiFi range could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system. For Debian 9 stretch, these problems have been fixed in version 4.19.181-1~deb9u1. This update additionally fixes Debian bug #983595, and includes many more bug fixes from stable updates 4.19.172-4.19.181 inclusive. We recommend that you upgrade your linux-4.19 packages. For the detailed security status of linux-4.19 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux-4.19 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - --Ben Hutchings [W]e found...that it wasn't as easy to get programs right as we had thought. I realized that a large part of my life from then on was going to be spent in finding mistakes in my own programs. - Maurice Wilkes, 1949 - -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmBjm/YACgkQ57/I7JWG EQmdnxAAh9fYUMhGJ17wKm3VR5Nm6HlNAywhFEEGhgeCaZYmpKl0d9jyJahzAdrw Vc7JKhYDHAdEEw2LNSIsGxn2H8sUcBv9RjQqEA9ZfsbubX171CtmDqF3Gb+vZkCG ySuUMEz5jRkotbDeWCPQ88V6E1gMahJivipgevw19TtYGdfnkyCjueV4cRG0VaTy zAW45C++pvms6swXfBhd+OLi1t41xfKF9CdgPwHvuJUKBSSFhRUaSBs2ww8u124S NYLGr9f1+ovYt1yNoItH+40wwLR1gg3/oV2fD8ilCNPSF+zJ6g1ve9LXHDdFk69z ThMfUT0PrY8vchFQ/zb4fL49wBB81+x9SqyopDzJ9pv2Agqcy5582Yo583WSkzkg zog//hBaTKK3Cz6opHMEiVSuA8dLiCPpAG5rWFvUmu6FilNvdz+mHAjaW5pmWLPf cuvfJKPKpvpuPwQOkNuQXMVP4ksdG8A/lDT56kFEPwBT4KsrSZyU6DYh5XX1Kv2y WMVOdBXGT/HF8RwpC/qJibUv6jjkNGh79PW9bjaF5kmljm+d3xeyEVa626is0Ulq 3c95zho9dpgcuXi+QButGjwoR+LTCF5SPkRVU/FiRnAKwXXIFWGhDMXC90E1zKX2 DwWw619RQ5E/IkDBK79EbQhiXrnOYFEPzTn5lGbsP9jsWbium0E= =AhfC - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYGPXveNLKJtyKPYoAQgQzhAAlhzhUr+uw5vEPivm0hDu3AjG1yUH9kTv n2/G7n4XFOZYBTSYlifB9fnPhWw4A94mxlIob/GK6a6Lq3vgPwn8ZDSTeN6GPwR+ OFCZMTQGQH+NXu3i1SNNf4VeWYDoK+maOzAWIU6PEy4vrPdB/nMISzt0rtdUR+Rb p8b59u/4sFOV3LXx7rSO1OaxQrh+bSRh4+sBQf1bqOw4PScV3hI2Fdp/QdAF1JFb 00NjxmJTJ5ug7Nwec1PbzaYBBk5QYghdriPY1eYJl6dycn9ScMzbEoDg9FmcdLjp pd6yGJoEd00+iaAEL2VDbeKQJQWTh9KNaT2A7oKpC91spQl+dthUXf7Xa7a9WZTU 8uj60aNiuf30+OuSr8x9nUMmZj4oxBXIhK+VvcGJM/lmbKIGLVkw7Zb3oaQhe+OQ uvVGDlH6S8CK93p8hfldMXOA/thn9LZmcsI2yDEEyZ7Yx04N4qHZ06jskuMNuzx7 cYdJq1gCctagZ9s1VqRdQi1YHKryVK7UIdZp+qWkyY3tybpLy4rO/XcpLiI6G3Tz H7+RMQIZNsfhtjHZPJuja60pg+WtX/YKKWGzsU7vsVE431RpR2hSYmyHaBWhfjeI nxMLtwhb9BHfQ4U+JaeZ1wk7sVUctsuw1x0M+yOqYVZVGF+/E1FHdiZQJjinis6j ZGJLFP2lZwQ= =FoSr -----END PGP SIGNATURE-----