Suffisamment importante pour justifier un fwd. à la liste du GULL. > Début du message réexpédié : > > De: Salvatore Bonaccorso <car...@debian.org> > Objet: [SECURITY] [DSA 5257-1] linux security update > Date: 18 octobre 2022 à 23:06:43 UTC+2 > À: debian-security-annou...@lists.debian.org > Renvoyé-De: debian-security-annou...@lists.debian.org > Répondre à: debian-security-announce-requ...@lists.debian.org > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-5257-1 secur...@debian.org > https://www.debian.org/security/ Salvatore Bonaccorso > October 18, 2022 https://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : linux > CVE ID : CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-2602 > CVE-2022-2663 CVE-2022-3061 CVE-2022-3176 CVE-2022-3303 > CVE-2022-20421 CVE-2022-39188 CVE-2022-39842 CVE-2022-40307 > CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 > CVE-2022-42722 > > Several vulnerabilities have been discovered in the Linux kernel that > may lead to a privilege escalation, denial of service or information > leaks. > > CVE-2021-4037 > > Christian Brauner reported that the inode_init_owner function for > the XFS filesystem in the Linux kernel allows local users to create > files with an unintended group ownership allowing attackers to > escalate privileges by making a plain file executable and SGID. > > CVE-2022-0171 > > Mingwei Zhang reported that a cache incoherence issue in the SEV API > in the KVM subsystem may result in denial of service. > > CVE-2022-1184 > > A flaw was discovered in the ext4 filesystem driver which can lead > to a use-after-free. A local user permitted to mount arbitrary > filesystems could exploit this to cause a denial of service (crash > or memory corruption) or possibly for privilege escalation. > > CVE-2022-2602 > > A race between handling an io_uring request and the Unix socket > garbage collector was discovered. An attacker can take advantage of > this flaw for local privilege escalation. > > CVE-2022-2663 > > David Leadbeater reported flaws in the nf_conntrack_irc > connection-tracking protocol module. When this module is enabled > on a firewall, an external user on the same IRC network as an > internal user could exploit its lax parsing to open arbitrary TCP > ports in the firewall, to reveal their public IP address, or to > block their IRC connection at the firewall. > > CVE-2022-3061 > > A flaw was discovered in the i740 driver which may result in denial > of service. > > This driver is not enabled in Debian's official kernel > configurations. > > CVE-2022-3176 > > A use-after-free flaw was discovered in the io_uring subsystem which > may result in local privilege escalation to root. > > CVE-2022-3303 > > A race condition in the snd_pcm_oss_sync function in the sound > subsystem in the Linux kernel due to improper locking may result in > denial of service. > > CVE-2022-20421 > > A use-after-free vulnerability was discovered in the > binder_inc_ref_for_node function in the Android binder driver. On > systems where the binder driver is loaded, a local user could > exploit this for privilege escalation. > > CVE-2022-39188 > > Jann Horn reported a race condition in the kernel's handling of > unmapping of certain memory ranges. When a driver created a > memory mapping with the VM_PFNMAP flag, which many GPU drivers do, > the memory mapping could be removed and freed before it was > flushed from the CPU TLBs. This could result in a page use-after- > free. A local user with access to such a device could exploit > this to cause a denial of service (crash or memory corruption) or > possibly for privilege escalation. > > CVE-2022-39842 > > An integer overflow was discovered in the pxa3xx-gcu video driver > which could lead to a heap out-of-bounds write. > > This driver is not enabled in Debian's official kernel > configurations. > > CVE-2022-40307 > > A race condition was discovered in the EFI capsule-loader driver, > which could lead to use-after-free. A local user permitted to > access this device (/dev/efi_capsule_loader) could exploit this to > cause a denial of service (crash or memory corruption) or possibly > for privilege escalation. However, this device is normally only > accessible by the root user. > > CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722 > > Soenke Huster discovered several vulnerabilities in the mac80211 > subsystem triggered by WLAN frames which may result in denial of > service or the execution or arbitrary code. > > For the stable distribution (bullseye), these problems have been fixed in > version 5.10.149-1. > > We recommend that you upgrade your linux packages. > > For the detailed security status of linux please refer to its security > tracker page at: > https://security-tracker.debian.org/tracker/linux > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -----BEGIN PGP SIGNATURE----- > > iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNPFS5fFIAAAAAALgAo > aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 > NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND > z0Q8oBAAh2sxVENkXNYsl1xX4jU6yCJ/vLuG8HklJE+cChdxFSwjrz5fE9Y36viE > 4M08WedXuAuSRKT9pCvPvvv+YNdjUaTIMHHLxCbWmWPfPboz6GRqk0RFEKABZe1t > M5W9CqEYgp9LRTPyOYFoOpMSnWQ1a3XyhLHSl2hUX9bw1GC5ovCKpUNoZ+FE0v90 > v9uqM+8zdXmxe1tbAmjndCYzOoT9vaqqlU5OAaWQpqozRsa8Rv6/XiJ6mMVk8DUU > QFLoGVqoIeWRc6CYSzzNeAVOX8v4vScILk/FW1HW/WfhrqCFBwEORo4jz/2o49HN > 4h/HxGlWtj/yiCUvRMR6RkQGJJOEr9vQa8Boe9z5rLzCQAPDZplp9iSu1/sdSqtV > C1wJNaTfB8di1vwEUAra/bHTty7rUwc0rPBTmKFxwnPW0IOyX4Nsb4lSsbSRtnHm > +80T8+WFWT0CMKpwOkP4GzwlZ9h7MeAKHwZpyyHc+84IS4RKl0SDkaHY/aOQ9pYB > vrl2CV+hSxw/YzpeF9w56LQ6YWzO27NmUid0nw+YFcSc0D35hvsFo+AsQ4Kkdc4p > 94SkSq7zuhtdZDh1D5ZtBDfryxG2xWzgAEKcCyNTHW19iZO50K+YHzLbWzom9J6h > hI8jM/zBEGvZD8EdM3Vc710+QF6Yie1zOLNDRxNj0Zfu+0k1uXo= > =gJNm > -----END PGP SIGNATURE----- >
_______________________________________________ gull mailing list gull@forum.linux-gull.ch https://forum.linux-gull.ch/mailman/listinfo/gull
