Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.4496
linux-5.10 new package
12 September 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux kernel
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-36946 CVE-2022-36879 CVE-2022-29901
CVE-2022-29900 CVE-2022-26373 CVE-2022-2588
CVE-2022-2586 CVE-2022-2585
Original Bulletin:
https://www.debian.org/lts/security/2022/dla-3102
Comment: CVSS (Max): 7.8 CVE-2022-2588 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD, [Red Hat]
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3102-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Ben Hutchings
September 11, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : linux-5.10
Version : 5.10.136-1~deb10u3
CVE ID : CVE-2022-2585 CVE-2022-2586 CVE-2022-2588 CVE-2022-26373
CVE-2022-29900 CVE-2022-29901 CVE-2022-36879 CVE-2022-36946
Linux 5.10 has been packaged for Debian 10 as linux-5.10. This
provides a supported upgrade path for systems that currently use
kernel packages from the "buster-backports" suite.
There is no need to upgrade systems using Linux 4.19, as that kernel
version will also continue to be supported in the LTS period.
The "apt full-upgrade" command will *not* automatically install the
updated kernel packages. You should explicitly install one of the
following metapackages first, as appropriate for your system:
linux-image-5.10-686
linux-image-5.10-686-pae
linux-image-5.10-amd64
linux-image-5.10-arm64
linux-image-5.10-armmp
linux-image-5.10-armmp-lpae
linux-image-5.10-cloud-amd64
linux-image-5.10-cloud-arm64
linux-image-5.10-rt-686-pae
linux-image-5.10-rt-amd64
linux-image-5.10-rt-arm64
linux-image-5.10-rt-armmp
For example, if the command "uname -r" currently shows
"5.10.0-0.deb10.16-amd64", you should install linux-image-5.10-amd64.
This backport does not include the following binary packages:
bpftool hyperv-daemons libcpupower-dev libcpupower1
linux-compiler-gcc-8-arm linux-compiler-gcc-8-x86 linux-cpupower
linux-libc-dev usbip
Older versions of most of those are built from the linux source
package in Debian 10.
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2022-2585
A use-after-free flaw in the implementation of POSIX CPU timers
may result in denial of service or in local privilege escalation.
CVE-2022-2586
A use-after-free in the Netfilter subsystem may result in local
privilege escalation for a user with the CAP_NET_ADMIN capability
in any user or network namespace.
CVE-2022-2588
Zhenpeng Lin discovered a use-after-free flaw in the cls_route
filter implementation which may result in local privilege
escalation for a user with the CAP_NET_ADMIN capability in any
user or network namespace.
CVE-2022-26373
It was discovered that on certain processors with Intel's Enhanced
Indirect Branch Restricted Speculation (eIBRS) capabilities there
are exceptions to the documented properties in some situations,
which may result in information disclosure.
Intel's explanation of the issue can be found at
https://www.intel.com/content/www/us/en/developer/articles/technical/
software-security-guidance/advisory-guidance/post-barrier-return-stack
-buffer-predictions.html
CVE-2022-29900
Johannes Wikner and Kaveh Razavi reported that for AMD/Hygon
processors, mis-trained branch predictions for return instructions
may allow arbitrary speculative code execution under certain
microarchitecture-dependent conditions.
A list of affected AMD CPU types can be found at
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
CVE-2022-29901
Johannes Wikner and Kaveh Razavi reported that for Intel
processors (Intel Core generation 6, 7 and 8), protections against
speculative branch target injection attacks were insufficient in
some circumstances, which may allow arbitrary speculative code
execution under certain microarchitecture-dependent conditions.
More information can be found at
https://www.intel.com/content/www/us/en/developer/articles/technical/
software-security-guidance/advisory-guidance/return-stack-buffer-
underflow.html
CVE-2022-36879
A flaw was discovered in xfrm_expand_policies in the xfrm
subsystem which can cause a reference count to be dropped twice.
CVE-2022-36946
Domingo Dirutigliano and Nicola Guerrera reported a memory
corruption flaw in the Netfilter subsystem which may result in
denial of service.
For Debian 10 buster, these problems have been fixed in version
5.10.136-1~deb10u3. This update additionally includes many more bug
fixes from stable updates 5.10.128-5.10.136 inclusive.
We recommend that you upgrade your linux-5.10 packages.
For the detailed security status of linux-5.10 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux-5.10
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmMeOGMACgkQ57/I7JWG
EQmUwg/+JeXYnFy4rEmmzTIEir8Haz/qlw7D0VE/UOpSJPUdxUj88YFbuicW5nvs
eOYQYr1lZ6tMDFf7pgff2C19ZlVR1EOIpVDXgqxyQtM8zw0yKH6p+35Bi5PZaVDN
u/MMTViIYnUDCMAiPokP13spEWaVRqtBZowZFMpHtlXde7vSSp7s+tge4tCqzDGm
FBAcYNs39hVyrrfMDORkN9GFFhd2GBUXa451Hfoydtyf9t5159Mn7WDdE/Qn69PO
+VvT6c5NAPD55q6966MyI2i7aIVwzqyE7sQDkXzf1kmCvzGoxUIP4l2QhTJKWZEV
GzpOt69X1ZVWwrlkFnVZW+ld4oksDmRf/lDQmQySm8RBNEtEZ6ddqj6LtHkgDaFQ
PUFgA/adgzeF2xWpGLJGWqBQw5cLNIw1UiXiPrMsddwKW1NZ1xRV8zo51bMezFwD
wE/1IiH1nBv/sfoCZ+qet4cRMxxlizZU6CACImmN+aUxRiBUSYUmF2fO/XoRuShu
Qa6MMmsOJ19/BMilJOKjlsp/Jg0sBOIF/uEpNn7pOwSANjlp8PClqWCXUOz9TboM
z8C9C2CDiyY3KtJvcO6sc1SlUr8sTacS4fMQM9aqD5BDwPm6DFjznQ1+Omm7MPT2
wop7uHpDY7YQc+QXghVMTxxHG9aKJI6Xdm/1eRuK2LYbHufetQ8=
=sD/3
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYx6P/skNZI30y1K9AQj89w/+PfwSPKyAP5rUOO14ZNMvrnoPe1quDaPs
D29ZFiBS9LLIWsVPr1KcDT5wDvEmvTjMKXAgeXzkmgjmOR6ch4lGoYwn5oDR0e0b
bgDmGVDCLSKW0lKBDBvvOnu8FnTS8c3eeXskPboHv5Fcqa70+HsuqxEvGUgO3HhR
EfrbHpz4d7NsqFXjWrNLuS4WQ4VrLLrx6Em9wYj6DlXhJwcs8H/JCIdACiKVK+rR
djzJvwg0k1faxNK7G9cJrtumP080sRnOBVal5gknCwaR3eLXaOoYVstLhcNPO0zi
yUbGJlQefmxXP9A1lgFSysRIdLDMKqvN4JM0c0fS9XUYjOa4MrwENcS0Om86SzW3
y45jm45EqwOaR5IuO0Kg+ytqu3BukR6J//TWO3HG7zMD2lPpLngwW5TSiWcHBOBH
I41UjiugFlMn5Q5RtRhd9Y5vPXDE9yQHHHJd5g6goZObRUD4WkOs77ZXbAAR8CCj
yGPXwQuhYQ5j4wT/yYlQH0khY9PjIniW/eiHe8i/JVVYUiucC5Z2kq4NUSpfP10f
LjMfN98WngM/vfVtyeY76MyQ9wYLt4RfI31wvtuQ1ncoCRs4s5RJIm9O3Ax5ohNs
6BzUwRVvLlzWJNkcOUs1ljf/00X4feKnLbUeNorwi3/DX38ezTNUquE+b6gR8KwO
0P3DzWFxEdM=
=t8R/
-----END PGP SIGNATURE-----