• [SECURITY] [DSA 5050-1] linux security update

    From Salvatore Bonaccorso@21:1/5 to All on Thu Jan 20 17:50:01 2022
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5050-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 20, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : linux
    CVE ID : CVE-2021-4155 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713
    CVE-2021-28714 CVE-2021-28715 CVE-2021-39685 CVE-2021-45095
    CVE-2021-45469 CVE-2021-45480 CVE-2022-0185 CVE-2022-23222 Debian Bug : 988044 996974

    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information


    Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP
    IOCTL in the XFS filesystem allowed for a size increase of files
    with unaligned size. A local attacker can take advantage of this
    flaw to leak data on the XFS filesystem.

    CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)

    Juergen Gross reported that malicious PV backends can cause a denial
    of service to guests being serviced by those backends via high
    frequency events, even if those backends are running in a less
    privileged environment.

    CVE-2021-28714, CVE-2021-28715 (XSA-392)

    Juergen Gross discovered that Xen guests can force the Linux
    netback driver to hog large amounts of kernel memory, resulting in
    denial of service.


    Szymon Heidrich discovered a buffer overflow vulnerability in the
    USB gadget subsystem, resulting in information disclosure, denial of
    service or privilege escalation.


    It was discovered that the Phone Network protocol (PhoNet) driver
    has a reference count leak in the pep_sock_accept() function.


    Wenqing Liu reported an out-of-bounds memory access in the f2fs
    implementation if an inode has an invalid last xattr entry. An
    attacker able to mount a specially crafted image can take advantage
    of this flaw for denial of service.


    A memory leak flaw was discovered in the __rds_conn_create()
    function in the RDS (Reliable Datagram Sockets) protocol subsystem.


    William Liu, Jamie Hill-Daniel, Isaac Badipe, Alec Petridis, Hrvoje
    Misetic and Philip Papurt discovered a heap-based buffer overflow
    flaw in the legacy_parse_param function in the Filesystem Context
    functionality, allowing an local user (with CAP_SYS_ADMIN capability
    in the current namespace) to escalate privileges.


    'tr3e' discovered that the BPF verifier does not properly restrict
    several *_OR_NULL pointer types allowing these types to do pointer
    arithmetic. A local user with the ability to call bpf(), can take
    advantage of this flaw to excalate privileges. Unprivileged calls to
    bpf() are disabled by default in Debian, mitigating this flaw.

    For the stable distribution (bullseye), these problems have been fixed in version 5.10.92-1. This version includes changes which were aimed to
    land in the next Debian bullseye point release.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to its security
    tracker page at:

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmHpj+RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T3pg/+O3hQq7q+8FQ70/0kCWXk1tfmjkBJHVQENcy3qLjaQEL6bFX/mCh799QL G+NtbCiA1+x/eVbXpzqhZeVXrf+5mn6hqKAfQJ9C74XYfEMt5KQiwZ4yMJrTOZkx xXObcech/KORcUAUAjhKW/3bOS/n5gkTxi2Z1mJtVwgU1OdRkeQV/mB6V2nGWO4V yg4tAfDUjgUIEl2w1qT4s4SaaoAMNcLJmjPUXwiLyhHNT6zGSWcKhd2U80avcdMx 9YMmOH8EfA7htOA2SJRUNfFUyRQAKJO3GUdBNAEwFzbswG/oohgcCjC6jaEVKBge Ygzyvyx7m5eL3giJnTtR8A79bINXgT/KA6wDtQzZeQUFxUsOl3efEG3I8yFz57aL ZHjYm/aklhrb2e+66HHLznwa7dg9Sc2bZ3NvYVrhX8bxMSq4q2RLzxg0FPoz7fas f9YiZkn2hefilw+n8Of6zT7Ui9dXaR1o2JZaFDmUwvZN6MKnlySHu6AWUgjeT6T1 L2IZbuzmT4fquP0LiaKUd3fr9i4fF1fBNp7Kdv383wfNRJO/wP4cKTgv5WeDuEXy rp9k5XR4Q6F9aU4InMq0KeqpZ1rWW5gBOJ3htFmNbzEebM3AQRM1MXd/1FLk8EzI +MDOP6xf+fVMiW6dsx+4QpvG7yEIzmnbraNKFfzp8VxofW0SZGk=
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)