The recently released Debian GNU / Linux 10 "Buster" series of the first operating system Linux kernel security update, now available to resolve the local privilege escalation vulnerability.
Earlier this month released the latest Debian GNU / Linux 10 "Buster" operating system has just won its first Linux kernel security updates to address security vulnerabilities in Google Project Zero's Jann Horn found in the ptrace subsystem in the Linux kernel ( 2019-13272-CVE ), which allows local users to gain root privileges.
"Jann Horn found in the Linux kernel ptrace subsystem mishandled the process ptrace want to create a relationship of credentials management, allows local users to gain root privileges in some cases," Salvatore Bonaccorso published last week in the security bulletin in He wrote.
These problems also affect the old Debian GNU / Linux 9 "Stretch" and Debian GNU / Linux 8 "Jessie" family of operating systems, but Debian Project has released all supported versions of the kernel security patches. Therefore, we recommend that users install the update as soon as possible to the new kernel version.
Urges all Debian users update their systems
If you use any supported computer on Debian GNU / Linux operating system versions, it is recommended that you update them to the new kernel version as soon as possible, that is Debian GNU / 4.19.37-5 + deb10u1 Debian GNU on 10 Linux / Linux 8 "Jessie" "Buster" on, 4.9.168-1 + deb9u4, Debian GNU / Linux 9 "Stretch" and 3.16.70-1 + deb8u1.
应该注意的是,Debian GNU/Linux 10 “Buster”的Linux内核安全更新还包括由TCP重传队列实现中的CVE-2019-11478漏洞的原始修复引入的回归补丁。 Debian项目建议所有用户立即更新其安装以解决这些问题。