Debian 9 fixes 18 critical security vulnerabilities in Linux 4.9 LTS kernel

The Debian project recently released a new Linux kernel security update for the Debian GNU/Linux 9 “Stretch” family of operating systems that fixes several recently discovered vulnerabilities.

According to the latest DSA 4073-1 Debian Security Advisory, there are 18 security vulnerabilities in the Linux 4.9 LTS kernel on the Debian GNU / Linux 9 “Stretch” operating system, including issues such as information disclosure, privilege escalation, and denial of service.

The notification shows that the DCCP implementation of the Linux kernel, the dvb-USB-lmedm04 driver, the hdpvr media driver, the extended BPF verifier, the Netfilter subsystem, the Netlink subsystem, the xt_osf module, the USB core, and the IPv4 native socket implementations exist problem. In addition, the HMAC implementation of the Linux kernel, the KEYS subsystem, the KVM implementation of the Intel processor, the Bluetooth subsystem, and the extended BPF validator are somewhat affected. The Debian project suggests disabling unauthorized users from using extended BPF validators ( sysctl kernel.unprivileged_bpf_disabled = 1).

See CVE-2017-8824, CVE-2017-16538, CVE-2017-16644, CVE-2017-16995, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450 for more details. CVE-2017-17558, CVE-2017-17712, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE- 2017-17807, CVE-2017-17862, CVE-2017-17863, CVE- 2017-17864, CVE-2017-1000407 and CVE-2017-1000410.

Debian disables unprivileged user namespaces by default, but if enabled (via kernel.unprivileged_userns_clone sysctl) then CVE-2017-17448 can be leveraged by any local user, so it is recommended to upgrade the Linux package.

Recommend users to update the system immediately

To solve all these problems, Debian urges users to update Debian GNU / Linux 9 “Stretch” installations running Linux kernel 4.9 LTS to version 4.9.65-3 + deb9u1 as soon as possible and restart the computer after installing new kernel updates.

Debian GNU / Linux 9 “Stretch” is the latest stable release of the Debian GNU / Linux operating system. Earlier this month, Debian GNU / Linux 9.3 released the latest version of Debian GNU / Linux 8.10 “Jessie.” If you want to install this version, you can download the ISO image from the relevant channel.

Source: Softpedia