Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1101
linux-4.19 security update
31 March 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux kernel
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-28660 CVE-2021-28038 CVE-2021-27365
CVE-2021-27364 CVE-2021-27363 CVE-2021-26932
CVE-2021-26931 CVE-2021-26930 CVE-2021-3428
CVE-2021-3348 CVE-2020-27171 CVE-2020-27170
Reference: ESB-2021.1002
ESB-2021.0837
ESB-2021.0648
Original Bulletin:
http://www.debian.org/lts/security/2021/dla-2610
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2610-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Ben Hutchings
March 30, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : linux-4.19
Version : 4.19.181-1~deb9u1
CVE ID : CVE-2020-27170 CVE-2020-27171 CVE-2021-3348 CVE-2021-3428
CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363
CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660
Debian Bug : 983595
Several vulnerabilities have been discovered in the Linux kernel that
may lead to the execution of arbitrary code, privilege escalation,
denial of service, or information leaks.
CVE-2020-27170, CVE-2020-27171
Piotr Krysiuk discovered flaws in the BPF subsystem's checks for
information leaks through speculative execution. A local user
could use these to obtain sensitive information from kernel
memory.
CVE-2021-3348
ADlab of venustech discovered a race condition in the nbd block
driver that can lead to a use-after-free. A local user with
access to an nbd block device could use this to cause a denial of
service (crash or memory corruption) or possibly for privilege
escalation.
CVE-2021-3428
Wolfgang Frisch reported a potential integer overflow in the
ext4 filesystem driver. A user permitted to mount arbitrary
filesystem images could use this to cause a denial of service
(crash).
CVE-2021-26930 (XSA-365)
Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan
H. Sch=F6nherr discovered that the Xen block backend driver
(xen-blkback) did not handle grant mapping errors correctly.
A malicious guest could exploit this bug to cause a denial of
service (crash), or possibly an information leak or privilege
escalation, within the domain running the backend, which is
typically dom0.
CVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038 (XSA-367)
Jan Beulich discovered that the Xen support code and various Xen
backend drivers did not handle grant mapping errors correctly.
A malicious guest could exploit these bugs to cause a denial of
service (crash) within the domain running the backend, which is
typically dom0.
CVE-2021-27363
Adam Nichols reported that the iSCSI initiator subsystem did not
properly restrict access to transport handle attributes in sysfs.
On a system acting as an iSCSI initiator, this is an information
leak to local users and makes it easier to exploit CVE-2021-27364.
CVE-2021-27364
Adam Nichols reported that the iSCSI initiator subsystem did not
properly restrict access to its netlink management interface.
On a system acting as an iSCSI initiator, a local user could use
these to cause a denial of service (disconnection of storage) or
possibly for privilege escalation.
CVE-2021-27365
Adam Nichols reported that the iSCSI initiator subsystem did not
correctly limit the lengths of parameters or "passthrough PDUs"
sent through its netlink management interface. On a system acting
as an iSCSI initiator, a local user could use these to leak the
contents of kernel memory, to cause a denial of service (kernel
memory corruption or crash), and probably for privilege
escalation.
CVE-2021-28660
It was discovered that the rtl8188eu WiFi driver did not correctly
limit the length of SSIDs copied into scan results. An attacker
within WiFi range could use this to cause a denial of service
(crash or memory corruption) or possibly to execute code on a
vulnerable system.
For Debian 9 stretch, these problems have been fixed in version
4.19.181-1~deb9u1. This update additionally fixes Debian bug
#983595, and includes many more bug fixes from stable updates
4.19.172-4.19.181 inclusive.
We recommend that you upgrade your linux-4.19 packages.
For the detailed security status of linux-4.19 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux-4.19
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --Ben Hutchings
[W]e found...that it wasn't as easy to get programs right as we had
thought. I realized that a large part of my life from then on was going
to be spent in finding mistakes in my own programs.
- Maurice Wilkes, 1949
- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmBjm/YACgkQ57/I7JWG
EQmdnxAAh9fYUMhGJ17wKm3VR5Nm6HlNAywhFEEGhgeCaZYmpKl0d9jyJahzAdrw
Vc7JKhYDHAdEEw2LNSIsGxn2H8sUcBv9RjQqEA9ZfsbubX171CtmDqF3Gb+vZkCG
ySuUMEz5jRkotbDeWCPQ88V6E1gMahJivipgevw19TtYGdfnkyCjueV4cRG0VaTy
zAW45C++pvms6swXfBhd+OLi1t41xfKF9CdgPwHvuJUKBSSFhRUaSBs2ww8u124S
NYLGr9f1+ovYt1yNoItH+40wwLR1gg3/oV2fD8ilCNPSF+zJ6g1ve9LXHDdFk69z
ThMfUT0PrY8vchFQ/zb4fL49wBB81+x9SqyopDzJ9pv2Agqcy5582Yo583WSkzkg
zog//hBaTKK3Cz6opHMEiVSuA8dLiCPpAG5rWFvUmu6FilNvdz+mHAjaW5pmWLPf
cuvfJKPKpvpuPwQOkNuQXMVP4ksdG8A/lDT56kFEPwBT4KsrSZyU6DYh5XX1Kv2y
WMVOdBXGT/HF8RwpC/qJibUv6jjkNGh79PW9bjaF5kmljm+d3xeyEVa626is0Ulq
3c95zho9dpgcuXi+QButGjwoR+LTCF5SPkRVU/FiRnAKwXXIFWGhDMXC90E1zKX2
DwWw619RQ5E/IkDBK79EbQhiXrnOYFEPzTn5lGbsP9jsWbium0E=
=AhfC
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYGPXveNLKJtyKPYoAQgQzhAAlhzhUr+uw5vEPivm0hDu3AjG1yUH9kTv
n2/G7n4XFOZYBTSYlifB9fnPhWw4A94mxlIob/GK6a6Lq3vgPwn8ZDSTeN6GPwR+
OFCZMTQGQH+NXu3i1SNNf4VeWYDoK+maOzAWIU6PEy4vrPdB/nMISzt0rtdUR+Rb
p8b59u/4sFOV3LXx7rSO1OaxQrh+bSRh4+sBQf1bqOw4PScV3hI2Fdp/QdAF1JFb
00NjxmJTJ5ug7Nwec1PbzaYBBk5QYghdriPY1eYJl6dycn9ScMzbEoDg9FmcdLjp
pd6yGJoEd00+iaAEL2VDbeKQJQWTh9KNaT2A7oKpC91spQl+dthUXf7Xa7a9WZTU
8uj60aNiuf30+OuSr8x9nUMmZj4oxBXIhK+VvcGJM/lmbKIGLVkw7Zb3oaQhe+OQ
uvVGDlH6S8CK93p8hfldMXOA/thn9LZmcsI2yDEEyZ7Yx04N4qHZ06jskuMNuzx7
cYdJq1gCctagZ9s1VqRdQi1YHKryVK7UIdZp+qWkyY3tybpLy4rO/XcpLiI6G3Tz
H7+RMQIZNsfhtjHZPJuja60pg+WtX/YKKWGzsU7vsVE431RpR2hSYmyHaBWhfjeI
nxMLtwhb9BHfQ4U+JaeZ1wk7sVUctsuw1x0M+yOqYVZVGF+/E1FHdiZQJjinis6j
ZGJLFP2lZwQ=
=FoSr
-----END PGP SIGNATURE-----