|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for linux (DLA-2241-1)|
|Summary:||The remote host is missing an update for the 'linux'; package(s) announced via the DLA-2241-1 advisory.|
The remote host is missing an update for the 'linux'
package(s) announced via the DLA-2241-1 advisory.
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
A race condition was found in the ext4 filesystem implementation.
A local user could exploit this to cause a denial of service
CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613
Wen Xu from SSLab at Gatech reported that crafted Btrfs volumes
could trigger a crash (Oops) and/or out-of-bounds memory access.
An attacker able to mount such a volume could use this to cause a
denial of service or possibly for privilege escalation.
Mitchell Frank of Cisco discovered that when the IEEE 802.11
(WiFi) stack was used in AP mode with roaming, it would trigger
roaming for a newly associated station before the station was
authenticated. An attacker within range of the AP could use this
to cause a denial of service, either by filling up a switching
table or by redirecting traffic away from other stations.
Jungyeon discovered that a crafted filesystem can cause the ext4
implementation to deallocate or reallocate journal blocks. A user
permitted to mount filesystems could use this to cause a denial of
service (crash), or possibly for privilege escalation.
It was discovered that the ext4 filesystem driver did not safely
handle unlinking of an inode that, due to filesystem corruption,
already has a link count of 0. An attacker able to mount
arbitrary ext4 volumes could use this to cause a denial of service
(memory corruption or crash) or possibly for privilege escalation.
Tristan Madani reported a race condition in the blktrace debug
facility that could result in a use-after-free. A local user able
to trigger removal of block devices could possibly use this to
cause a denial of service (crash) or for privilege escalation.
The syzbot tool found that the input subsystem did not fully
validate keycode changes, which could result in a heap
out-of-bounds write. A local user permitted to access the device
node for an input or VT device could possibly use this to cause a
denial of service (crash or memory corruption) or for privilege
Jann Horn reported that the Android ashmem driver did not prevent
read-only files from being memory-mapped and then remapped as
read-write. However, Android drivers are not enabled in Debian
Researchers at VU Amsterdam discovered that on some Intel CPUs
supporting the RDRAND and RDSEED instructions, part of a random
value generated by these instructions may be use ...
Description truncated. Please see the references for more information.
'linux' package(s) on Debian Linux.
For Debian 8 'Jessie', these problems have been fixed in version
We recommend that you upgrade your linux packages. Binary packages for
the EABI ARM (armel) architecture are not yet available, and a separate
announcement will be made when they are.
Common Vulnerability Exposure (CVE) ID: CVE-2015-8839|
BugTraq ID: 85798
RedHat Security Advisories: RHSA-2017:1842
RedHat Security Advisories: RHSA-2017:2077
RedHat Security Advisories: RHSA-2017:2669
Common Vulnerability Exposure (CVE) ID: CVE-2019-5108
Debian Security Information: DSA-4698 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-0009
Common Vulnerability Exposure (CVE) ID: CVE-2020-0543
SuSE Security Announcement: openSUSE-SU-2020:0818 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:0965 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:0985 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-1749
Common Vulnerability Exposure (CVE) ID: CVE-2020-2732
Debian Security Information: DSA-4667 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-8647
SuSE Security Announcement: openSUSE-SU-2020:0388 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-8648
SuSE Security Announcement: openSUSE-SU-2020:0336 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-8649
Common Vulnerability Exposure (CVE) ID: CVE-2020-9383
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.