Debian Project for its stable supported release released a new Linux kernel security updates to address the possible risk of the user's computer multiple vulnerabilities.
The new Linux kernel security update is available for Debian GNU / Linux 10 "Buster" and Debian GNU / Linux 9 "Stretch" family of operating systems, resolves 14 vulnerabilities various security researchers found. Debian Project urges all users to install the update as soon as possible.
In patching security holes, we can mention the competitive conditions that support Serial Attached SCSI (SAS) devices libsas subsystem, subsystem block potential double free, and the two can make it easier for an attacker to exploit the issue other vulnerabilities.
In addition, security patches to solve the Linux kernel vfio achieve, vhost driver, IPv4 multicast routing to achieve, no Transactional Memory (TM) is PowerPC (ppc64el) system and a variety of drivers needed to connect the Bluetooth adapter UART found problem. This may lead to a denial of service.
It also fixes an existing 4-year-old vulnerability has not been fully resolved, which may lead to a denial of service operation (unexpected NMI) Xen guests on the host. However, the researchers point out, fix for this issue is not compatible with QEMU versions prior to 2.5.
Users must update their systems immediately
The new Linux kernel security patch also fixes may be used after the release found in the TCP socket implementation, which may allow a local user to upgrade his / her rights or result in memory corruption or system crash, and gtco driver error USB input for tablet computers, allowing the physical presence of malicious USB device user to upgrade his / her privileges or cause a denial of service.
While the floppy disk now extinct, but there are two issues that affect floppy driver of the Linux kernel, a potential zone of zero defects and lack of bounds checking errors, both vulnerabilities allow a local attacker to cause a denial of access to and from the floppy disk I / O acquire or obtain sensitive information outside of the kernel memory buffer.
Generates an IP packet ID is also found that using a weak hash function, which can keep track of their communication with the computer when the respective different network from various remote servers. To resolve this issue, now use "siphash" hash function rather than a "jhash".
Last but not least, the new Debian Linux kernel patch mitigates the impact of most x86 subtype known security vulnerabilities Spectre variant 1 processor when accessed from user mode kernel, which obviously can skip condition SWAPGS instruction. Although the i386 kernel is not affected, but by using a memory barrier to limit speculative execution to fix the problem.
"It was found that most of the x86 processor may speculatively SWAPGS skip condition instruction mode used by the user from entering the core, and / or may speculatively execute it skip it. This is Spectre variant of subtype 1 it may allow local users to obtain sensitive information, "read from the kernel or another process security bulletin .
All these security vulnerabilities are now in the latest stable Debian GNU / Linux 10 "Buster" series as well as the old operating system stable Debian GNU / Linux 9 "Stretch" series operating system has been repaired. Debian GNU / Linux 10 "Buster" users should install the kernel version 4.19.37-5 + deb10u2, and Debian GNU / Linux 9 "Stretch" Users must install the kernel version 4.9.168-1 + deb9u5.