|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for linux (DLA-2420-1)|
|Summary:||The remote host is missing an update for the 'linux'; package(s) announced via the DLA-2420-1 advisory.|
The remote host is missing an update for the 'linux'
package(s) announced via the DLA-2420-1 advisory.
Several vulnerabilities have been discovered in the Linux kernel that
may lead to the execution of arbitrary code, privilege escalation,
denial of service or information leaks.
A potential out-of-bounds read was discovered in the F2FS
implementation. A user permitted to mount and access arbitrary
filesystems could potentially use this to cause a denial of
service (crash) or to read sensitive information.
Navid Emamdoost discovered potential memory leaks in the ath9k and
ath9k_htc drivers. The security impact of these is unclear.
'Team bobfuzzer' reported a bug in Btrfs that could lead to a
use-after-free, and could be triggered by crafted filesystem
images. A user permitted to mount and access arbitrary
filesystems could use this to cause a denial of service (crash or
memory corruption) or possibly for privilege escalation.
Andy Nguyen discovered a flaw in the Bluetooth implementation in
the way L2CAP packets with A2MP CID are handled. A remote attacker
within a short distance, knowing the victim's Bluetooth device
address, can send a malicious l2cap packet and cause a denial of
service or possibly arbitrary code execution with kernel
Andy Nguyen discovered a flaw in the Bluetooth implementation.
Stack memory is not properly initialised when handling certain AMP
packets. A remote attacker within a short distance, knowing the
victim's Bluetooth device address address, can retrieve kernel
Zheng Bin reported that crafted XFS volumes could trigger a system
hang. An attacker able to mount such a volume could use this to
cause a denial of service.
Zhiqiang Liu reported a bug in the bcache block driver that could
lead to a system hang. The security impact of this is unclear.
It was discovered that the PCIe Virtual Function I/O (vfio-pci)
driver allowed users to disable a device's memory space while it
was still mapped into a process. On some hardware platforms,
local users or guest virtual machines permitted to access PCIe
Virtual Functions could use this to cause a denial of service
(hardware error and crash).
Vasily Averin of Virtuozzo discovered a potential heap buffer
overflow in the netfilter nf_contrack_h323 module. When this
module is used to perform connection tracking for TCP/IPv6, a
remote attacker could use this to cause a denial of service (crash
or memory corruption) or possibly for remote code execution with
A bug was discovered in the ext4 filesystem that could lead to an
Description truncated. Please see the references for more information.
'linux' package(s) on Debian Linux.
For Debian 9 stretch, these problems have been fixed in version
4.9.240-1. This update additionally includes many more bug fixes from
stable updates 4.9.229-4.9.240 inclusive.
We recommend that you upgrade your linux packages.
Common Vulnerability Exposure (CVE) ID: CVE-2019-9445|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.