Univention Bugzilla – Bug 53606
linux: Multiple issues (5.0)
Last modified: 2021-07-28 19:17:59 CEST
New Debian linux 4.19.194-3 fixes: This update addresses the following issues: * DoS by triggering destruction of a large SEV VM (CVE-2020-36311) * race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609) * size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * allows local users to obtain sensitive information from stack memory because of uninitialized data structure in net/can/bcm.c (CVE-2021-34693)
--- mirror/ftp/pool/main/l/linux/linux_4.19.194-1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/linux_4.19.194-3.dsc @@ -1,3 +1,16 @@ +4.19.194-3 [Sun, 18 Jul 2021 08:52:00 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * [x86] KVM: SVM: Periodically schedule when unregistering regions on destroy + (CVE-2020-36311) + * can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693) + * can: bcm: delay release of struct bcm_op after synchronize_rcu() + (CVE-2021-3609) + * seq_file: Disallow extremely large seq buffer allocations (CVE-2021-33909) + +4.19.194-2 [Mon, 21 Jun 2021 10:46:20 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * proc: Track /proc/$pid/attr/ opener mm_struct (Closes: #990072) + 4.19.194-1 [Thu, 10 Jun 2021 20:49:34 +0200] Salvatore Bonaccorso <carnil@debian.org>: * New upstream stable update: <http://piuparts.knut.univention.de/5.0-0/#7329167776236306682>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-0] d70293d717 Bug #53606: linux 4.19.194-3 doc/errata/staging/linux.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x55>
<https://errata.software-univention.de/#/?erratum=5.0x59>