[SECURITY] [DSA 5051-1] aide security update

2022-01-20 Thread Salvatore Bonaccorso 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-5051-1   secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 20, 2022  https://www.debian.org/security/faq
- -

Package: aide
CVE ID : CVE-2021-45417

David Bouman discovered a heap-based buffer overflow vulnerability in
the base64 functions of aide, an advanced intrusion detection system,
which can be triggered via large extended file attributes or ACLs. This
may result in denial of service or privilege escalation.

For the oldstable distribution (buster), this problem has been fixed
in version 0.16.1-1+deb10u1.

For the stable distribution (bullseye), this problem has been fixed in
version 0.17.3-4+deb11u1.

We recommend that you upgrade your aide packages.

For the detailed security status of aide please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/aide

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmHpqF1fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0R6uxAAohkCxTNn/+/sf9ywHCqNq0fcygIsqFvY1K9pvXu9goQHei088JyYtcf7
XiUZIqz1EQWlu02lAJmUlOk1VOpe/A9n39jSC9CghWyhAI1WLArM2vM+XV22MRDB
mXB1ncaQsOT/9wpcPHx1P2m7esRZ50LWKF1fllF0aufF/LLrqihfKapuWXa1CG8t
DVd8yLfnoNvtj4LMvPpziyrwPBeVFlFT2n3NGa5MtpUBmf6y2n+N85wm5I1n1NQf
cuHJ6BryLTSZAxT9VJaTetoErxVK3QhWh2jmP6AEKCUn5KsX1pX6NWhpa5eMhBF0
86b+rQaLAbCj6Qdm/pEPCgGCq/EzzMt6rztF68BDmkoVNR2reA4PCQy7KwWUq0o1
HUPaAhbJDAr46iG/45/NuVPA/5Z//VZOsUqBMyIhWQR/EwM3HczVNMmyTrTZaZAA
aiePsIzqqECkGZMquFRTPpe8wLKAfckYq3rkCnXx35SWWSiG+UGJA/rVV7R73gm3
FdlaCap7RGE7OiDAU8YPrUgvnht+6hJjnpUVtoP66WSzURk5Gx6L5Kd8eM/4265k
Tu8qI9FzfR5XDhqgHPB0siImGKq6iedngo/NJundUPQ6+NQpKTmkJ/yPZ+wDaO6U
k5UH+wknjv6/nzJM6KxyvECiYtKylzSrPynoimGvt/DedY+35cs=
=yndN
-END PGP SIGNATURE-

[SECURITY] [DSA 5050-1] linux security update

2022-01-20 Thread Salvatore Bonaccorso 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-5050-1   secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 20, 2022  https://www.debian.org/security/faq
- -

Package: linux
CVE ID : CVE-2021-4155 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713
 CVE-2021-28714 CVE-2021-28715 CVE-2021-39685 CVE-2021-45095
 CVE-2021-45469 CVE-2021-45480 CVE-2022-0185 CVE-2022-23222
Debian Bug : 988044 996974

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2021-4155

Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP
IOCTL in the XFS filesystem allowed for a size increase of files
with unaligned size. A local attacker can take advantage of this
flaw to leak data on the XFS filesystem.

CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)

Juergen Gross reported that malicious PV backends can cause a denial
of service to guests being serviced by those backends via high
frequency events, even if those backends are running in a less
privileged environment.

CVE-2021-28714, CVE-2021-28715 (XSA-392)

Juergen Gross discovered that Xen guests can force the Linux
netback driver to hog large amounts of kernel memory, resulting in
denial of service.

CVE-2021-39685

Szymon Heidrich discovered a buffer overflow vulnerability in the
USB gadget subsystem, resulting in information disclosure, denial of
service or privilege escalation.

CVE-2021-45095

It was discovered that the Phone Network protocol (PhoNet) driver
has a reference count leak in the pep_sock_accept() function.

CVE-2021-45469

Wenqing Liu reported an out-of-bounds memory access in the f2fs
implementation if an inode has an invalid last xattr entry. An
attacker able to mount a specially crafted image can take advantage
of this flaw for denial of service.

CVE-2021-45480

A memory leak flaw was discovered in the __rds_conn_create()
function in the RDS (Reliable Datagram Sockets) protocol subsystem.

CVE-2022-0185

William Liu, Jamie Hill-Daniel, Isaac Badipe, Alec Petridis, Hrvoje
Misetic and Philip Papurt discovered a heap-based buffer overflow
flaw in the legacy_parse_param function in the Filesystem Context
functionality, allowing an local user (with CAP_SYS_ADMIN capability
in the current namespace) to escalate privileges.

CVE-2022-23222

'tr3e' discovered that the BPF verifier does not properly restrict
several *_OR_NULL pointer types allowing these types to do pointer
arithmetic. A local user with the ability to call bpf(), can take
advantage of this flaw to excalate privileges. Unprivileged calls to
bpf() are disabled by default in Debian, mitigating this flaw.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.92-1. This version includes changes which were aimed to
land in the next Debian bullseye point release.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmHpj+RfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T3pg/+O3hQq7q+8FQ70/0kCWXk1tfmjkBJHVQENcy3qLjaQEL6bFX/mCh799QL
G+NtbCiA1+x/eVbXpzqhZeVXrf+5mn6hqKAfQJ9C74XYfEMt5KQiwZ4yMJrTOZkx
xXObcech/KORcUAUAjhKW/3bOS/n5gkTxi2Z1mJtVwgU1OdRkeQV/mB6V2nGWO4V
yg4tAfDUjgUIEl2w1qT4s4SaaoAMNcLJmjPUXwiLyhHNT6zGSWcKhd2U80avcdMx
9YMmOH8EfA7htOA2SJRUNfFUyRQAKJO3GUdBNAEwFzbswG/oohgcCjC6jaEVKBge
Ygzyvyx7m5eL3giJnTtR8A79bINXgT/KA6wDtQzZeQUFxUsOl3efEG3I8yFz57aL
ZHjYm/aklhrb2e+66HHLznwa7dg9Sc2bZ3NvYVrhX8bxMSq4q2RLzxg0FPoz7fas
f9YiZkn2hefilw+n8Of6zT7Ui9dXaR1o2JZaFDmUwvZN6MKnlySHu6AWUgjeT6T1
L2IZbuzmT4fquP0LiaKUd3fr9i4fF1fBNp7Kdv383wfNRJO/wP4cKTgv5WeDuEXy
rp9k5XR4Q6F9aU4InMq0KeqpZ1rWW5gBOJ3htFmNbzEebM3AQRM1MXd/1FLk8EzI
+MDOP6xf+fVMiW6dsx+4QpvG7yEIzmnbraNKFfzp8VxofW0SZGk=
=SlPI
-END PGP SIGNATURE-

[SECURITY] [DSA 5049-1] flatpak security update

2022-01-20 Thread Sebastien Delafond 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-5049-1   secur...@debian.org
https://www.debian.org/security/   Sebastien Delafond
January 20, 2022  https://www.debian.org/security/faq
- -

Package: flatpak
CVE ID : CVE-2021-43860 CVE-2022-21682

Several vulnerabilities were discovered in Flatpak, an application
deployment framework for desktop apps.

CVE-2021-43860

Ryan Gonzalez discovered that Flatpak didn't properly validate
that the permissions displayed to the user for an app at install
time match the actual permissions granted to the app at
runtime. Malicious apps could therefore grant themselves
permissions without the consent of the user.

CVE-2022-21682

Flatpak didn't always prevent a malicious flatpak-builder user
from writing to the local filesystem.

For the stable distribution (bullseye), these problems have been fixed
in version 1.10.7-0+deb11u1.

Please note that flatpak-builder also needed an update for
compatibility, and is now at version 1.0.12-1+deb11u1 in bullseye.

We recommend that you upgrade your flatpak and flatpak-builder
packages.

For the detailed security status of flatpak please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/flatpak

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmHpgJoACgkQEL6Jg/PV
nWRyUQgAu1+LB+AIijfPxQvVTzAY2yjOGG1vycEOaPr2U1k5PA+zygYxvGDZzPqs
5cenbSA/aXacL4dwXlA7VJ+xgRi7ZgqEZN9qiO9cyt381RnIVTppkhpfJv0IEf0a
MywZjPp4LzSHD8v8oTfJFcXbjbOr9zEPCh8Yn4zcLShEeQYzMLQLO5yJLcLWqbf5
OV9zWlLFhEdb8tZFVMzpHk1WZBv2/Bp5v7nQXBWuDfBZXmorzLkq5epNgjkvi0Lc
uYGhJx620eALeCvimXlGc7O9yhvjMNfWf1niQ5hkBcii3uLpaCtcfBBYzg2jlbcl
V3yYN2wjXy3SvLKK13ZONM0QQxjW9Q==
=UXE7
-END PGP SIGNATURE-