[SECURITY] [DLA 2323-1] linux-4.19 new package

---

Debian LTS Advisory DLA-2323-1 [email protected]
https://www.debian.org/lts/security/
August 12, 2020 https://wiki.debian.org/LTS

Package : linux-4.19
Version : 4.19.132-1~deb9u1
CVE ID : CVE-2019-18814 CVE-2019-18885 CVE-2019-20810 CVE-2020-10766
CVE-2020-10767 CVE-2020-10768 CVE-2020-12655 CVE-2020-12771
CVE-2020-13974 CVE-2020-15393
Debian Bug : 958300 960493 962254 963493 964153 964480 965365

Linux 4.19 has been packaged for Debian 9 as linux-4.19. This
provides a supported upgrade path for systems that currently use
kernel packages from the "stretch-backports" suite.

There is no need to upgrade systems using Linux 4.9, as that kernel
version will also continue to be supported in the LTS period.

This backport does not include the following binary packages:

hyperv-daemons libbpf-dev libbpf4.19 libcpupower-dev libcpupower1
liblockdep-dev liblockdep4.19 linux-compiler-gcc-6-arm
linux-compiler-gcc-6-x86 linux-cpupower linux-libc-dev lockdep
usbip

Older versions of most of those are built from the linux source
package in Debian 9.

The kernel images and modules will not be signed for use on systems
with Secure Boot enabled, as there is no support for this in Debian 9.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or information leak.

CVE-2019-18814

Navid Emamdoost reported a potential use-after-free in the
AppArmor security module, in the case that audit rule
initialisation fails.  The security impact of this is unclear.

CVE-2019-18885

The 'bobfuzzer' team discovered that crafted Btrfs volumes could
trigger a crash (oops).  An attacker able to mount such a volume
could use this to cause a denial of service.

CVE-2019-20810

A potential memory leak was discovered in the go7007 media driver.
The security impact of this is unclear.

CVE-2020-10766

Anthony Steinhauser reported a flaw in the mitigation for
Speculative Store Bypass (CVE-2018-3639) on x86 CPUs.  A local
user could use this to temporarily disable SSB mitigation in other
users' tasks.  If those other tasks run sandboxed code, this would
allow that code to read sensitive information in the same process
but outside the sandbox.

CVE-2020-10767

Anthony Steinhauser reported a flaw in the mitigation for Spectre
variant 2 (CVE-2017-5715) on x86 CPUs.  Depending on which other
mitigations the CPU supports, the kernel might not use IBPB to
mitigate Spectre variant 2 in user-space.  A local user could use
this to read sensitive information from other users' processes.

CVE-2020-10768

Anthony Steinhauser reported a flaw in the mitigation for Spectre
variant 2 (CVE-2017-5715) on x86 CPUs.  After a task force-
disabled indirect branch speculation through prctl(), it could
still re-enable it later, so it was not possible to override a
program that explicitly enabled it.

CVE-2020-12655

Zheng Bin reported that crafted XFS volumes could trigger a system
hang.  An attacker able to mount such a volume could use this to
cause a denial of service.

CVE-2020-12771

Zhiqiang Liu reported a bug in the bcache block driver that could
lead to a system hang.  The security impact of this is unclear.

CVE-2020-13974

Kyungtae Kim reported a potential integer overflow in the vt
(virtual terminal) driver.  The security impact of this is
unclear.

CVE-2020-15393

Kyungtae Kim reported a memory leak in the usbtest driver.  The
security impact of this is unclear.

For Debian 9 "Stretch", these problems have been fixed in version
4.19.132-1~deb9u1. This update additionally fixes Debian bugs
#958300, #960493, #962254, #963493, #964153, #964480, and #965365; and
includes many more bug fixes from stable updates 4.19.119-4.19.132
inclusive.

We recommend that you upgrade your linux-4.19 packages.

For the detailed security status of linux-4.19 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux-4.19

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

–
Ben Hutchings - Debian developer, member of kernel, installer and LTS teams
Attachment:
signature.asc
Description: This is a digitally signed message part