Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2437
linux security update
21 July 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux kernel
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Root Compromise -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-34693 CVE-2021-33909 CVE-2021-21781
CVE-2021-3609 CVE-2020-36311
Reference: ESB-2021.2409
ESB-2021.2368
ESB-2021.2249
ESB-2021.2221
Original Bulletin:
https://www.debian.org/lts/security/2021/dla-2713
https://www.debian.org/lts/security/2021/dla-2713-2
https://www.debian.org/lts/security/2021/dla-2714
https://www.debian.org/security/2021/dsa-4941
Comment: This bulletin contains four (4) Debian security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2713-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Ben Hutchings
July 20, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : linux
Version : 4.9.272-2
CVE ID : CVE-2021-3609 CVE-2021-21781 CVE-2021-33909 CVE-2021-34693
Debian Bug : 990072
Brief introduction
CVE-2021-3609
Norbert Slusarek reported a race condition vulnerability in the CAN
BCM networking protocol, allowing a local attacker to escalate
privileges.
CVE-2021-21781
"Lilith >_>" of Cisco Talos discovered that the Arm initialisation
code does not fully initialise the "sigpage" that is mapped into
user-space processes to support signal handling. This could
result in leaking sensitive information, particularly when the
system is rebooted.
CVE-2021-33909
The Qualys Research Labs discovered a size_t-to-int conversion
vulnerability in the Linux kernel's filesystem layer. An
unprivileged local attacker able to create, mount, and then delete a
deep directory structure whose total path length exceeds 1GB, can
take advantage of this flaw for privilege escalation.
Details can be found in the Qualys advisory at
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
CVE-2021-34693
Norbert Slusarek discovered an information leak in the CAN BCM
networking protocol. A local attacker can take advantage of this
flaw to obtain sensitive information from kernel stack memory.
For Debian 9 stretch, these problems have been fixed in version
4.9.272-2.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
Ben Hutchings - Debian developer, member of kernel, installer and LTS teams
- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmD3KRQACgkQ57/I7JWG
EQkQ4BAAucKOKH7NonKgVYxmp7x+Ez7rdyaUOTaCe04Upz/shEyCCkUjtf+EXMv/
M5i23Zflvj18+rS1J3ak+GX2BAD3cUv3T4fggmbfrFOfZCTd7CoJ4fWkSnPUB540
8MFMV1QUPphUnpjDMndsno9F0ofY9rFURVZgCcOcXOPjDL5yigtnouswZSrkq3d4
TXWmuvafP1cD5yY+Zd5ctauWxlF+Rrc8AetyLiVh8op3frbeqYlMkmxc8KzBwA8b
7xMBTP9SGdbx6ifchI1OFqVEvjV5GaoYr6ggah9zDC14kdTHXdClY/gQflCpl2EH
d8VEQwpZePaxrodvg+w1mC0O0SnRkE7FaMD7tfcGmvYAghaWaFCoO5U+5dUAmsx5
bj94Cnsb0MGQFT5LEFp2Z4wl6qlxyP9YEYug7HPdvQ1bOB3d2fReDBFOoZ0Cu8G/
I/q/PaQfHujM5O7zC4NQYGrpdazCirnDu715BmDzFk2jgDD/qK4mSu3grScN1v+I
fpjA3b1EE7bTPgkWd66rf4eif+kOojLYhXQXT/KZwHILRP+LOVe3pxUUaURQbO40
mEniJbKc5KQDBgWQ22Al8GYoCPGthMT2kz2DMXdLQ4H4IfUrYsVETH8cI2QarJCg
c1lIFUObzC8qkQB9807SjENZXdievP51XLi4jVLOgq8UlPM90jw=
=caTZ
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2713-2 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Ben Hutchings
July 20, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : linux
Version : 4.9.272-2
CVE ID : CVE-2021-3609 CVE-2021-21781 CVE-2021-33909 CVE-2021-34693
Debian Bug : 990072
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
This updated advisory text fills in information omitted in the
original advisory.
CVE-2021-3609
Norbert Slusarek reported a race condition vulnerability in the CAN
BCM networking protocol, allowing a local attacker to escalate
privileges.
CVE-2021-21781
"Lilith >_>" of Cisco Talos discovered that the Arm initialisation
code does not fully initialise the "sigpage" that is mapped into
user-space processes to support signal handling. This could
result in leaking sensitive information, particularly when the
system is rebooted.
CVE-2021-33909
The Qualys Research Labs discovered a size_t-to-int conversion
vulnerability in the Linux kernel's filesystem layer. An
unprivileged local attacker able to create, mount, and then delete a
deep directory structure whose total path length exceeds 1GB, can
take advantage of this flaw for privilege escalation.
Details can be found in the Qualys advisory at
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
CVE-2021-34693
Norbert Slusarek discovered an information leak in the CAN BCM
networking protocol. A local attacker can take advantage of this
flaw to obtain sensitive information from kernel stack memory.
For Debian 9 stretch, these problems have been fixed in version
4.9.272-2. This additionally fixes a regression in the previous
update (#990072) that affected LXC.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
Ben Hutchings - Debian developer, member of kernel, installer and LTS teams
- --------------------------------------------------------------------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2714-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Ben Hutchings
July 20, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : linux-4.19
Version : 4.19.194-3~deb9u1
CVE ID : CVE-2020-36311 CVE-2021-3609 CVE-2021-33909 CVE-2021-34693
Debian Bug : 990072
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
This update is not yet available for the armhf (ARM EABI hard-float)
architecture.
CVE-2020-36311
A flaw was discovered in the KVM subsystem for AMD CPUs, allowing an
attacker to cause a denial of service by triggering destruction of a
large SEV VM.
CVE-2021-3609
Norbert Slusarek reported a race condition vulnerability in the CAN
BCM networking protocol, allowing a local attacker to escalate
privileges.
CVE-2021-33909
The Qualys Research Labs discovered a size_t-to-int conversion
vulnerability in the Linux kernel's filesystem layer. An
unprivileged local attacker able to create, mount, and then delete a
deep directory structure whose total path length exceeds 1GB, can
take advantage of this flaw for privilege escalation.
Details can be found in the Qualys advisory at
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
CVE-2021-34693
Norbert Slusarek discovered an information leak in the CAN BCM
networking protocol. A local attacker can take advantage of this
flaw to obtain sensitive information from kernel stack memory.
For Debian 9 stretch, these problems have been fixed in version
4.19.194-3~deb9u1. This additionally fixes a regression in the
previous update (#990072) that affected LXC.
We recommend that you upgrade your linux-4.19 packages.
For the detailed security status of linux-4.19 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux-4.19
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
Ben Hutchings - Debian developer, member of kernel, installer and LTS teams
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4941-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 20, 2021 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2020-36311 CVE-2021-3609 CVE-2021-33909 CVE-2021-34693
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2020-36311
A flaw was discovered in the KVM subsystem for AMD CPUs, allowing an
attacker to cause a denial of service by triggering destruction of a
large SEV VM.
CVE-2021-3609
Norbert Slusarek reported a race condition vulnerability in the CAN
BCM networking protocol, allowing a local attacker to escalate
privileges.
CVE-2021-33909
The Qualys Research Labs discovered a size_t-to-int conversion
vulnerability in the Linux kernel's filesystem layer. An
unprivileged local attacker able to create, mount, and then delete a
deep directory structure whose total path length exceeds 1GB, can
take advantage of this flaw for privilege escalation.
Details can be found in the Qualys advisory at
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
CVE-2021-34693
Norbert Slusarek discovered an information leak in the CAN BCM
networking protocol. A local attacker can take advantage of this
flaw to obtain sensitive information from kernel stack memory.
For the stable distribution (buster), these problems have been fixed in
version 4.19.194-3.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmD2xvFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Tp/g//af2JkknfeqLs9FHFlqiYvIl1co4zEOW6e4BO8WAtvB3q5+scTNiFgN/W
66o9sDTi+Bnuhxja/lsZEkwM5QnrcPCSndUuY8EIOBDRdAla9R3xf4vUSYQ4KVb8
re3NmfzlkiLiGd6JRZXeV8+8stUjbLc6e0EG36S2HJ6hDs7pOA+vxcR/ui8yf15e
p9egIKOqznhsNFHgrZRm4R1yqgNzfkFBWeSgfuFZGsFi9b2I3FJQKDTx0TXwxerB
PKtvstJ1/xKbtK8m5IdntLOPeUPXuUlhoff4cN192IRNrPCcUXf7vRJoGg6A7WP2
dfvErldL8AsJHMBEs6YqEQSajFMoJX2590Bt8VK1xZwvhirSB7ZClk4+boh8OhlG
apKj/OPIi3KGPt2s8t23zq3cU6aAFyTp6VQacuS+kR/2bdF0H3iQKcB5I4HFSSx9
BxK0ZpcZSw4axt35lfVhqnoeARb2GtUBqO77CWOOdtXcxDACD3VQ8PiqxxfpGS26
V/ASWmWzCeoGs+FQ5iRoN2JC5i9VcJX32r0fbNVvj7BG+ZQBe5XZ30eOalQLPs4/
SQnBoWuMnIpl/5+6FxkPXiqzkDGnkUm2ep2gXhdFrJmn/3ugpMiAPEuETo7Q2Lfj
Ze6DKkHJPBK2BaKs1UgWPNvQBVQrcs0rKMLEf6LxS0eAJHlcCdo=
=dhUe
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYPdbSeNLKJtyKPYoAQj43RAAlN6OcPOOxpY70HiUOFINJ+YI00TrGD8i
4IhsdxEEy1q6zaTEB6qXOytcSp9Y9XrOxdRoLJo4G92+BZk8hozMT2Z8DNrQ4w5O
x4r1qEOPuTZjzzlmtfTsHFjVLOAVXLhxpoj1sh4+O+GFwH3TBvD7GfW1wy5SCur0
vaOyekjUqioF2qa6wPJZZ3EaaBkd8AwfZLecO10tkDoDSTZkxTIT1RgKQSMy+coT
NLajnHlrWwNTUBR5EivTAelLgoJ1CnGjcRV+vq7/Xo++7Gz3xsFSBttQOUmzo2mM
ehWN302D+fgTYqlVvwfQ0ZFGnd8HOYKyOQoruhu/o966FDbESK2pdYCcq087ImP9
aXSCT9XCESbXVk4QykldQrapWGdy2S9u3iMsr40+W0uTRiOtlUEngfQPhcd6QH7T
X9owRpP0+PYSo9uiBkVHH8dILLxw1RNjT9F5x4Wj7mhjbXCm3PXIa/gC1bogSrWA
P31Ede+Woc2FUGTl2tRuzbS49RzaKXVmoZq8Jzmy1l75UFUjtkbuSfLLuSkiL3S7
HkXUHxx7zv6I0PEYPIJeN+HjxMhY3s92qw3VU74q1ncvuD+Ll25F6cJIIsGTJz4Z
Cs38OcwDtGIwBEr0CGKxCkjyR8WrbXMUDHMzL+kx+LC/3ugdQ0LPe6RNXCsRX1j8
jioVhMliHHk=
=Y9aD
-----END PGP SIGNATURE-----