Debian Project’s Ben Hutchings reports on a new Linux kernel security update for the Debian GNU/Linux 9 “Stretch” operating system series that fixes several vulnerabilities discovered recently.
According to the latest DSA 4073-1 Debian Security Advisory, it would appear that a total of 18 security vulnerabilities ranging from information leaks, privilege escalation, and denial of service were fixed in the Linux 4.9 LTS kernel of the Debian GNU/Linux 9 “Stretch” operating system.
Issues have been found in Linux kernel’s DCCP implementation, the dvb-usb-lmedm04 media driver, the hdpvr media driver, the Extended BPF verifier, the netfilter subsystem, the netlink subsystem, the xt_osf module, the USB core, and the IPv4 raw socket implementation.
In addition, Linux kernel’s HMAC implementation, KEYS subsystem, KVM implementation for Intel processors, Bluetooth subsystem, and the Extended BPF verifier were also affected in some way. Debian Project recommends disabling use of the Extended BPF verifier for unprivileged users (sysctl kernel.unprivileged_bpf_disabled=1).
For more details check out CVE-2017-8824, CVE-2017-16538, CVE-2017-16644, CVE-2017-16995, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017-17712, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2017-17862, CVE-2017-17863, CVE-2017-17864, CVE-2017-1000407, and CVE-2017-1000410.
“Debian disables unprivileged user namespaces by default, but if they are enabled (via the kernel.unprivileged_userns_clone sysctl) then CVE-2017-17448 can be exploited by any local user,” reads the security advisory. “We recommend that you upgrade your linux packages.”
Users are urged to update their system immediately
Users are urged to update their Debian GNU/Linux 9 “Stretch” installations running Linux kernel 4.9 LTS as soon as possible to version 4.9.65-3+deb9u1 in order to fix all these problems. Please keep in mind to reboot your computers after installing the new kernel update.
Debian GNU/Linux 9 “Stretch” is the latest stable series of the Debian GNU/Linux operating system. The newest point release, Debian GNU/Linux 9.3, was announced earlier this month along with Debian GNU/Linux 8.10 “Jessie.” If you want to install it, you can download the ISO images right now from our website.