[gull] [SECURITY] [DSA 5257-1] linux security update

Concombre Masqué phil at gnou.ch
Wed Oct 19 10:30:56 CEST 2022 

Hé les deux « vieux » GRUMPIDANT :) l’historique me concernant c’est que je me suis un peu fait troué par le bug wifi.
D’où ma réactivité sur cette upgrade du noyau.

Je taquine avec « grumpitant » (l’historique est une contraction de « grumpy » et « stupidant » en amérloque - flatteur, hein?) mais reste qu’il y a une cralée de CVE il me semble sur cette mise à jour du noyau.

Et l’activité de cette liste est si faible. Je pose cette question une seconde fois, combien y-a-t’il d’inscrit encore sur cette vieille mailing-liste?

Allez pas de flamewars sur mes des mots taquins, SVP, c’est un clin d’oeil, pour rire.


Aplouche.


> Le 19 oct. 2022 à 08:23, Concombre Masqué <phil at gnou.ch> a écrit :
> 
> Suffisamment importante pour justifier un fwd. à la liste du GULL.
> 
>> Début du message réexpédié :
>> 
>> De: Salvatore Bonaccorso <carnil at debian.org <mailto:carnil at debian.org>>
>> Objet: [SECURITY] [DSA 5257-1] linux security update
>> Date: 18 octobre 2022 à 23:06:43 UTC+2
>> À: debian-security-announce at lists.debian.org <mailto:debian-security-announce at lists.debian.org>
>> Renvoyé-De: debian-security-announce at lists.debian.org <mailto:debian-security-announce at lists.debian.org>
>> Répondre à: debian-security-announce-request at lists.debian.org <mailto:debian-security-announce-request at lists.debian.org>
>> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>> 
>> - -------------------------------------------------------------------------
>> Debian Security Advisory DSA-5257-1                   security at debian.org <mailto:security at debian.org>
>> https://www.debian.org/security/ <https://www.debian.org/security/>                     Salvatore Bonaccorso
>> October 18, 2022                      https://www.debian.org/security/faq <https://www.debian.org/security/faq>
>> - -------------------------------------------------------------------------
>> 
>> Package        : linux
>> CVE ID         : CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-2602
>>                 CVE-2022-2663 CVE-2022-3061 CVE-2022-3176 CVE-2022-3303
>>                 CVE-2022-20421 CVE-2022-39188 CVE-2022-39842 CVE-2022-40307
>>                 CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721
>>                 CVE-2022-42722
>> 
>> Several vulnerabilities have been discovered in the Linux kernel that
>> may lead to a privilege escalation, denial of service or information
>> leaks.
>> 
>> CVE-2021-4037
>> 
>>    Christian Brauner reported that the inode_init_owner function for
>>    the XFS filesystem in the Linux kernel allows local users to create
>>    files with an unintended group ownership allowing attackers to
>>    escalate privileges by making a plain file executable and SGID.
>> 
>> CVE-2022-0171
>> 
>>    Mingwei Zhang reported that a cache incoherence issue in the SEV API
>>    in the KVM subsystem may result in denial of service.
>> 
>> CVE-2022-1184
>> 
>>    A flaw was discovered in the ext4 filesystem driver which can lead
>>    to a use-after-free. A local user permitted to mount arbitrary
>>    filesystems could exploit this to cause a denial of service (crash
>>    or memory corruption) or possibly for privilege escalation.
>> 
>> CVE-2022-2602
>> 
>>    A race between handling an io_uring request and the Unix socket
>>    garbage collector was discovered. An attacker can take advantage of
>>    this flaw for local privilege escalation.
>> 
>> CVE-2022-2663
>> 
>>    David Leadbeater reported flaws in the nf_conntrack_irc
>>    connection-tracking protocol module.  When this module is enabled
>>    on a firewall, an external user on the same IRC network as an
>>    internal user could exploit its lax parsing to open arbitrary TCP
>>    ports in the firewall, to reveal their public IP address, or to
>>    block their IRC connection at the firewall.
>> 
>> CVE-2022-3061
>> 
>>    A flaw was discovered in the i740 driver which may result in denial
>>    of service.
>> 
>>    This driver is not enabled in Debian's official kernel
>>    configurations.
>> 
>> CVE-2022-3176
>> 
>>    A use-after-free flaw was discovered in the io_uring subsystem which
>>    may result in local privilege escalation to root.
>> 
>> CVE-2022-3303
>> 
>>    A race condition in the snd_pcm_oss_sync function in the sound
>>    subsystem in the Linux kernel due to improper locking may result in
>>    denial of service.
>> 
>> CVE-2022-20421
>> 
>>    A use-after-free vulnerability was discovered in the
>>    binder_inc_ref_for_node function in the Android binder driver. On
>>    systems where the binder driver is loaded, a local user could
>>    exploit this for privilege escalation.
>> 
>> CVE-2022-39188
>> 
>>    Jann Horn reported a race condition in the kernel's handling of
>>    unmapping of certain memory ranges.  When a driver created a
>>    memory mapping with the VM_PFNMAP flag, which many GPU drivers do,
>>    the memory mapping could be removed and freed before it was
>>    flushed from the CPU TLBs.  This could result in a page use-after-
>>    free.  A local user with access to such a device could exploit
>>    this to cause a denial of service (crash or memory corruption) or
>>    possibly for privilege escalation.
>> 
>> CVE-2022-39842
>> 
>>    An integer overflow was discovered in the pxa3xx-gcu video driver
>>    which could lead to a heap out-of-bounds write.
>> 
>>    This driver is not enabled in Debian's official kernel
>>    configurations.
>> 
>> CVE-2022-40307
>> 
>>    A race condition was discovered in the EFI capsule-loader driver,
>>    which could lead to use-after-free.  A local user permitted to
>>    access this device (/dev/efi_capsule_loader) could exploit this to
>>    cause a denial of service (crash or memory corruption) or possibly
>>    for privilege escalation.  However, this device is normally only
>>    accessible by the root user.
>> 
>> CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
>> 
>>    Soenke Huster discovered several vulnerabilities in the mac80211
>>    subsystem triggered by WLAN frames which may result in denial of
>>    service or the execution or arbitrary code.
>> 
>> For the stable distribution (bullseye), these problems have been fixed in
>> version 5.10.149-1.
>> 
>> We recommend that you upgrade your linux packages.
>> 
>> For the detailed security status of linux please refer to its security
>> tracker page at:
>> https://security-tracker.debian.org/tracker/linux <https://security-tracker.debian.org/tracker/linux>
>> 
>> Further information about Debian Security Advisories, how to apply
>> these updates to your system and frequently asked questions can be
>> found at: https://www.debian.org/security/
>> 
>> Mailing list: debian-security-announce at lists.debian.org
>> -----BEGIN PGP SIGNATURE-----
>> 
>> iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNPFS5fFIAAAAAALgAo
>> aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
>> NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
>> z0Q8oBAAh2sxVENkXNYsl1xX4jU6yCJ/vLuG8HklJE+cChdxFSwjrz5fE9Y36viE
>> 4M08WedXuAuSRKT9pCvPvvv+YNdjUaTIMHHLxCbWmWPfPboz6GRqk0RFEKABZe1t
>> M5W9CqEYgp9LRTPyOYFoOpMSnWQ1a3XyhLHSl2hUX9bw1GC5ovCKpUNoZ+FE0v90
>> v9uqM+8zdXmxe1tbAmjndCYzOoT9vaqqlU5OAaWQpqozRsa8Rv6/XiJ6mMVk8DUU
>> QFLoGVqoIeWRc6CYSzzNeAVOX8v4vScILk/FW1HW/WfhrqCFBwEORo4jz/2o49HN
>> 4h/HxGlWtj/yiCUvRMR6RkQGJJOEr9vQa8Boe9z5rLzCQAPDZplp9iSu1/sdSqtV
>> C1wJNaTfB8di1vwEUAra/bHTty7rUwc0rPBTmKFxwnPW0IOyX4Nsb4lSsbSRtnHm
>> +80T8+WFWT0CMKpwOkP4GzwlZ9h7MeAKHwZpyyHc+84IS4RKl0SDkaHY/aOQ9pYB
>> vrl2CV+hSxw/YzpeF9w56LQ6YWzO27NmUid0nw+YFcSc0D35hvsFo+AsQ4Kkdc4p
>> 94SkSq7zuhtdZDh1D5ZtBDfryxG2xWzgAEKcCyNTHW19iZO50K+YHzLbWzom9J6h
>> hI8jM/zBEGvZD8EdM3Vc710+QF6Yie1zOLNDRxNj0Zfu+0k1uXo=
>> =gJNm
>> -----END PGP SIGNATURE-----
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://forum.linux-gull.ch/pipermail/gull/attachments/20221019/6ed91fac/attachment.html>

More information about the gull mailing list