Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Linux Security Update ( Bookworm )

The Debian Project News and Announcements curated from official Debian news and rss feeds.

All information here is for reading only, please do not reply to threads in this forum.
Post Reply
Message
Author
Fossy
df -h | participant
df -h | participant
Posts: 342
Joined: 2021-08-06 12:45
Has thanked: 34 times
Been thanked: 31 times

Linux Security Update ( Bookworm )

#1 Post by Fossy »

Debian Security Advisory DSA-5593-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 01, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2023-6531 CVE-2023-6622 CVE-2023-6817 CVE-2023-6931
CVE-2023-51779 CVE-2023-51780 CVE-2023-51781 CVE-2023-51782

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2023-6531

Jann Horn discovered a use-after-free flaw due to a race condition
problem when the unix garbage collector's deletion of a SKB races
with unix_stream_read_generic() on the socket that the SKB is
queued on.

CVE-2023-6622

Xingyuan Mo discovered a flaw in the netfilter subsystem which may
result in denial of service or privilege escalation for a user with
the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-6817

Xingyuan Mo discovered that a use-after-free in Netfilter's
implementation of PIPAPO (PIle PAcket POlicies) may result in denial
of service or potential local privilege escalation for a user with
the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-6931

Budimir Markovic reported a heap out-of-bounds write vulnerability
in the Linux kernel's Performance Events system which may result in
denial of service or privilege escalation.

CVE-2023-51779

It was discovered that a race condition in the Bluetooth subsystem
in the bt_sock_ioctl handling may lead to a use-after-free.

CVE-2023-51780

It was discovered that a race condition in the ATM (Asynchronous
Transfer Mode) subsystem may lead to a use-after-free.

CVE-2023-51781

It was discovered that a race condition in the Appletalk subsystem
may lead to a use-after-free.

CVE-2023-51782

It was discovered that a race condition in the Amateur Radio X.25
PLP (Rose) support may lead to a use-after-free.

For the stable distribution (bookworm), these problems have been fixed in
version 6.1.69-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
ASUS GL753VD / X550LD / K54HR / X751LAB ( x2 )
Bookworm12.5_Cinnamon / Calamares Single Boot installations
Firefox ESR / DuckDuckGo / Thunderbird / LibreOffice / GIMP / eID Software
https://cdimage.debian.org/debian-cd/cu ... so-hybrid/
Top
Post Reply

Return to “Debian News”