1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
#use wml::debian::translation-check translation="31a8c119aea5d07630c347cb815b6f825446e5aa" mindelta="-1"
# 주의: 불완전한 번역. 번역을 마친 다음 위의 'mindelta="-1"'을 지우십시오.
<define-tag description>보안 업데이트</define-tag>
<define-tag moreinfo>
<p>권한 상승, 서비스 거부 또는 정보유출을 이끌 수 있는 여러 취약점이 리눅스 커널에서 발견되었습니다.
</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-8824">CVE-2017-8824</a>
<p>Mohamed Ghannam discovered that the DCCP implementation did not
correctly manage resources when a socket is disconnected and
reconnected, potentially leading to a use-after-free. A local
user could use this for denial of service (crash or data
corruption) or possibly for privilege escalation. On systems that
do not already have the dccp module loaded, this can be mitigated
by disabling it:
<code>echo >> /etc/modprobe.d/disable-dccp.conf install dccp false</code></p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-16538">CVE-2017-16538</a>
<p>Andrey Konovalov reported that the dvb-usb-lmedm04 media driver
did not correctly handle some error conditions during
initialisation. A physically present user with a specially
designed USB device can use this to cause a denial of service
(crash).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-16644">CVE-2017-16644</a>
<p>Andrey Konovalov reported that the hdpvr media driver did not
correctly handle some error conditions during initialisation. A
physically present user with a specially designed USB device can
use this to cause a denial of service (crash).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-16995">CVE-2017-16995</a>
<p>Jann Horn discovered that the Extended BPF verifier did not
correctly model the behaviour of 32-bit load instructions. A
local user can use this for privilege escalation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17448">CVE-2017-17448</a>
<p>Kevin Cernekee discovered that the netfilter subsystem allowed
users with the CAP_NET_ADMIN capability in any user namespace, not
just the root namespace, to enable and disable connection tracking
helpers. This could lead to denial of service, violation of
network security policy, or have other impact.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17449">CVE-2017-17449</a>
<p>Kevin Cernekee discovered that the netlink subsystem allowed
users with the CAP_NET_ADMIN capability in any user namespace
to monitor netlink traffic in all net namespaces, not just
those owned by that user namespace. This could lead to
exposure of sensitive information.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17450">CVE-2017-17450</a>
<p>Kevin Cernekee discovered that the xt_osf module allowed users
with the CAP_NET_ADMIN capability in any user namespace to modify
the global OS fingerprint list.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17558">CVE-2017-17558</a>
<p>Andrey Konovalov reported that that USB core did not correctly
handle some error conditions during initialisation. A physically
present user with a specially designed USB device can use this to
cause a denial of service (crash or memory corruption), or
possibly for privilege escalation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17712">CVE-2017-17712</a>
<p>Mohamed Ghannam discovered a race condition in the IPv4 raw socket
implementation. A local user could use this to obtain sensitive
information from the kernel.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17741">CVE-2017-17741</a>
<p>Dmitry Vyukov reported that the KVM implementation for x86 would
over-read data from memory when emulating an MMIO write if the
kvm_mmio tracepoint was enabled. A guest virtual machine might be
able to use this to cause a denial of service (crash).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17805">CVE-2017-17805</a>
<p>It was discovered that some implementations of the Salsa20 block
cipher did not correctly handle zero-length input. A local user
could use this to cause a denial of service (crash) or possibly
have other security impact.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17806">CVE-2017-17806</a>
<p>It was discovered that the HMAC implementation could be used with
an underlying hash algorithm that requires a key, which was not
intended. A local user could use this to cause a denial of
service (crash or memory corruption), or possibly for privilege
escalation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17807">CVE-2017-17807</a>
<p>Eric Biggers discovered that the KEYS subsystem lacked a check for
write permission when adding keys to a process's default keyring.
A local user could use this to cause a denial of service or to
obtain sensitive information.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17862">CVE-2017-17862</a>
<p>Alexei Starovoitov discovered that the Extended BPF verifier
ignored unreachable code, even though it would still be processed
by JIT compilers. This could possibly be used by local users for
denial of service. It also increases the severity of bugs in
determining unreachable code.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17863">CVE-2017-17863</a>
<p>Jann Horn discovered that the Extended BPF verifier did not
correctly model pointer arithmetic on the stack frame pointer.
A local user can use this for privilege escalation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-17864">CVE-2017-17864</a>
<p>Jann Horn discovered that the Extended BPF verifier could fail to
detect pointer leaks from conditional code. A local user could
use this to obtain sensitive information in order to exploit
other vulnerabilities.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000407">CVE-2017-1000407</a>
<p>Andrew Honig reported that the KVM implementation for Intel
processors allowed direct access to host I/O port 0x80, which
is not generally safe. On some systems this allows a guest
VM to cause a denial of service (crash) of the host.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000410">CVE-2017-1000410</a>
<p>Ben Seri reported that the Bluetooth subsystem did not correctly
handle short EFS information elements in L2CAP messages. An
attacker able to communicate over Bluetooth could use this to
obtain sensitive information from the kernel.</p></li>
</ul>
<p>The various problems in the Extended BPF verifier can be mitigated by
disabling use of Extended BPF by unprivileged users:
<code>sysctl kernel.unprivileged_bpf_disabled=1</code></p>
<p>Debian disables unprivileged user namespaces by default, but if they
are enabled (via the <code>kernel.unprivileged_userns_clone</code> sysctl) then
<a href="https://security-tracker.debian.org/tracker/CVE-2017-17448">\
CVE-2017-17448</a> can be exploited by any local user.</p>
<p>안정 배포판(stretch)를 위해, 이 문제는
버전 4.9.65-3+deb9u1에서 수정되었습니다.</p>
<p>리눅스 패키지를 업그레이드 할 것을 권고합니다.</p>
<p>리눅스의 자세한 보안 상태에 대해서는 아래 보안 추적 페이지를 참고하세요:
<a
href="https://security-tracker.debian.org/tracker/linux">https://security-tracker.debian.org/tracker/linux</a></p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2017/dsa-4073.data"
|