Hé les deux « vieux » GRUMPIDANT :) l’historique me concernant c’est que je me suis un peu fait troué par le bug wifi. D’où ma réactivité sur cette upgrade du noyau.
Je taquine avec « grumpitant » (l’historique est une contraction de « grumpy » et « stupidant » en amérloque - flatteur, hein?) mais reste qu’il y a une cralée de CVE il me semble sur cette mise à jour du noyau. Et l’activité de cette liste est si faible. Je pose cette question une seconde fois, combien y-a-t’il d’inscrit encore sur cette vieille mailing-liste? Allez pas de flamewars sur mes des mots taquins, SVP, c’est un clin d’oeil, pour rire. Aplouche. > Le 19 oct. 2022 à 08:23, Concombre Masqué <p...@gnou.ch> a écrit : > > Suffisamment importante pour justifier un fwd. à la liste du GULL. > >> Début du message réexpédié : >> >> De: Salvatore Bonaccorso <car...@debian.org <mailto:car...@debian.org>> >> Objet: [SECURITY] [DSA 5257-1] linux security update >> Date: 18 octobre 2022 à 23:06:43 UTC+2 >> À: debian-security-annou...@lists.debian.org >> <mailto:debian-security-annou...@lists.debian.org> >> Renvoyé-De: debian-security-annou...@lists.debian.org >> <mailto:debian-security-annou...@lists.debian.org> >> Répondre à: debian-security-announce-requ...@lists.debian.org >> <mailto:debian-security-announce-requ...@lists.debian.org> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> - ------------------------------------------------------------------------- >> Debian Security Advisory DSA-5257-1 secur...@debian.org >> <mailto:secur...@debian.org> >> https://www.debian.org/security/ <https://www.debian.org/security/> >> Salvatore Bonaccorso >> October 18, 2022 https://www.debian.org/security/faq >> <https://www.debian.org/security/faq> >> - ------------------------------------------------------------------------- >> >> Package : linux >> CVE ID : CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-2602 >> CVE-2022-2663 CVE-2022-3061 CVE-2022-3176 CVE-2022-3303 >> CVE-2022-20421 CVE-2022-39188 CVE-2022-39842 CVE-2022-40307 >> CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 >> CVE-2022-42722 >> >> Several vulnerabilities have been discovered in the Linux kernel that >> may lead to a privilege escalation, denial of service or information >> leaks. >> >> CVE-2021-4037 >> >> Christian Brauner reported that the inode_init_owner function for >> the XFS filesystem in the Linux kernel allows local users to create >> files with an unintended group ownership allowing attackers to >> escalate privileges by making a plain file executable and SGID. >> >> CVE-2022-0171 >> >> Mingwei Zhang reported that a cache incoherence issue in the SEV API >> in the KVM subsystem may result in denial of service. >> >> CVE-2022-1184 >> >> A flaw was discovered in the ext4 filesystem driver which can lead >> to a use-after-free. A local user permitted to mount arbitrary >> filesystems could exploit this to cause a denial of service (crash >> or memory corruption) or possibly for privilege escalation. >> >> CVE-2022-2602 >> >> A race between handling an io_uring request and the Unix socket >> garbage collector was discovered. An attacker can take advantage of >> this flaw for local privilege escalation. >> >> CVE-2022-2663 >> >> David Leadbeater reported flaws in the nf_conntrack_irc >> connection-tracking protocol module. When this module is enabled >> on a firewall, an external user on the same IRC network as an >> internal user could exploit its lax parsing to open arbitrary TCP >> ports in the firewall, to reveal their public IP address, or to >> block their IRC connection at the firewall. >> >> CVE-2022-3061 >> >> A flaw was discovered in the i740 driver which may result in denial >> of service. >> >> This driver is not enabled in Debian's official kernel >> configurations. >> >> CVE-2022-3176 >> >> A use-after-free flaw was discovered in the io_uring subsystem which >> may result in local privilege escalation to root. >> >> CVE-2022-3303 >> >> A race condition in the snd_pcm_oss_sync function in the sound >> subsystem in the Linux kernel due to improper locking may result in >> denial of service. >> >> CVE-2022-20421 >> >> A use-after-free vulnerability was discovered in the >> binder_inc_ref_for_node function in the Android binder driver. On >> systems where the binder driver is loaded, a local user could >> exploit this for privilege escalation. >> >> CVE-2022-39188 >> >> Jann Horn reported a race condition in the kernel's handling of >> unmapping of certain memory ranges. When a driver created a >> memory mapping with the VM_PFNMAP flag, which many GPU drivers do, >> the memory mapping could be removed and freed before it was >> flushed from the CPU TLBs. This could result in a page use-after- >> free. A local user with access to such a device could exploit >> this to cause a denial of service (crash or memory corruption) or >> possibly for privilege escalation. >> >> CVE-2022-39842 >> >> An integer overflow was discovered in the pxa3xx-gcu video driver >> which could lead to a heap out-of-bounds write. >> >> This driver is not enabled in Debian's official kernel >> configurations. >> >> CVE-2022-40307 >> >> A race condition was discovered in the EFI capsule-loader driver, >> which could lead to use-after-free. A local user permitted to >> access this device (/dev/efi_capsule_loader) could exploit this to >> cause a denial of service (crash or memory corruption) or possibly >> for privilege escalation. However, this device is normally only >> accessible by the root user. >> >> CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, >> CVE-2022-42722 >> >> Soenke Huster discovered several vulnerabilities in the mac80211 >> subsystem triggered by WLAN frames which may result in denial of >> service or the execution or arbitrary code. >> >> For the stable distribution (bullseye), these problems have been fixed in >> version 5.10.149-1. >> >> We recommend that you upgrade your linux packages. >> >> For the detailed security status of linux please refer to its security >> tracker page at: >> https://security-tracker.debian.org/tracker/linux >> <https://security-tracker.debian.org/tracker/linux> >> >> Further information about Debian Security Advisories, how to apply >> these updates to your system and frequently asked questions can be >> found at: https://www.debian.org/security/ >> >> Mailing list: debian-security-annou...@lists.debian.org >> -----BEGIN PGP SIGNATURE----- >> >> iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNPFS5fFIAAAAAALgAo >> aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 >> NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND >> z0Q8oBAAh2sxVENkXNYsl1xX4jU6yCJ/vLuG8HklJE+cChdxFSwjrz5fE9Y36viE >> 4M08WedXuAuSRKT9pCvPvvv+YNdjUaTIMHHLxCbWmWPfPboz6GRqk0RFEKABZe1t >> M5W9CqEYgp9LRTPyOYFoOpMSnWQ1a3XyhLHSl2hUX9bw1GC5ovCKpUNoZ+FE0v90 >> v9uqM+8zdXmxe1tbAmjndCYzOoT9vaqqlU5OAaWQpqozRsa8Rv6/XiJ6mMVk8DUU >> QFLoGVqoIeWRc6CYSzzNeAVOX8v4vScILk/FW1HW/WfhrqCFBwEORo4jz/2o49HN >> 4h/HxGlWtj/yiCUvRMR6RkQGJJOEr9vQa8Boe9z5rLzCQAPDZplp9iSu1/sdSqtV >> C1wJNaTfB8di1vwEUAra/bHTty7rUwc0rPBTmKFxwnPW0IOyX4Nsb4lSsbSRtnHm >> +80T8+WFWT0CMKpwOkP4GzwlZ9h7MeAKHwZpyyHc+84IS4RKl0SDkaHY/aOQ9pYB >> vrl2CV+hSxw/YzpeF9w56LQ6YWzO27NmUid0nw+YFcSc0D35hvsFo+AsQ4Kkdc4p >> 94SkSq7zuhtdZDh1D5ZtBDfryxG2xWzgAEKcCyNTHW19iZO50K+YHzLbWzom9J6h >> hI8jM/zBEGvZD8EdM3Vc710+QF6Yie1zOLNDRxNj0Zfu+0k1uXo= >> =gJNm >> -----END PGP SIGNATURE----- >> >
_______________________________________________ gull mailing list gull@forum.linux-gull.ch https://forum.linux-gull.ch/mailman/listinfo/gull
