데비안 프로젝트(The Debian Project)에서 개발하는 데비안(Debian) 9 Stretch (Stable)와 8 Jessie (OldStable) 리눅스 커널의 새로운 기능 추가나 버그 수정 또는 보안 취약점 문제를 해결한 커널 4.9.110-1 버전, 3.16.57-2 버전이 업데이트를 통해 배포되었습니다.
--
이번 리눅스 커널 업데이트에는 다음과 같은 다수의 보안 취약점에 대한 보안 패치가 각각 포함되어 있습니다.
linux (4.9.110-1) stretch
* New upstream stable update: 4.9.108
- usbip: vhci_sysfs: fix potential Spectre v1 (CVE-2017-5753)
- [x86] kvm: use correct privilege level for sgdt/sidt/fxsave/fxrstor access (CVE-2018-10853)
- vhost: fix info leak due to uninitialized memory (CVE-2018-1118)
* ext4: add corruption check in ext4_xattr_set_entry() (CVE-2018-10879)
* ext4: always verify the magic number in xattr blocks (CVE-2018-10879)
* ext4: always check block group bounds in ext4_init_block_bitmap() (CVE-2018-10878)
* ext4: make sure bitmaps and the inode table don't overlap with bg descriptors (CVE-2018-10878)
* ext4: only look at the bg_flags field if it is valid (CVE-2018-10876)
* ext4: verify the depth of extent tree in ext4_find_extent() (CVE-2018-10877)
* ext4: clear i_data in ext4_inode_info when removing inline data (CVE-2018-10881)
* ext4: never move the system.data xattr out of the inode body (CVE-2018-10880)
* jbd2: don't mark block as modified if the handle is out of credits (CVE-2018-10883)
* ext4: avoid running out of journal credits when appending to an inline file (CVE-2018-10883)
* ext4: add more inode number paranoia checks (CVE-2018-10882)
* sr: pass down correctly sized SCSI sense buffer (CVE-2018-11506)
* jfs: Fix inconsistency between memory allocation and ea_buf->max_size (CVE-2018-12233)
* New upstream stable update: 4.9.89
- CIFS: Enable encryption during session setup phase (CVE-2018-1066)
- drm: udl: Properly check framebuffer mmap offsets (CVE-2018-8781)
- staging: ncpfs: memory corruption in ncp_read_kernel() (CVE-2018-8822)
- kvm/x86: fix icebp instruction handling (CVE-2018-1087)
- [x86] x86/entry/64: Don't use IST entry for #BP stack (CVE-2018-8897)
- dccp: check sk for closed state in dccp_sendmsg() (CVE-2018-1130)
- perf/hwbp: Simplify the perf-hwbp code, fix documentation (CVE-2018-1000199)
- media: usbtv: prevent double free in error case (CVE-2017-17975)
- net: hns: Fix ethtool private flags (CVE-2017-18222)
- scsi: libsas: fix memory leak in sas_smp_get_phy_events() (CVE-2018-7757)
- ext4: fail ext4_iget for root directory if unallocated (CVE-2018-1092)
- random: fix crng_ready() test (CVE-2018-1108)
- cdrom: information leak in cdrom_ioctl_media_changed() (CVE-2018-10940)
- ext4: add validity checks for bitmap block numbers (CVE-2018-1093)
- perf/core: Fix the perf_cpu_time_max_percent check (CVE-2018-18255)
- f2fs: fix a dead loop in f2fs_fiemap() (CVE-2018-18257)
- proc: do not access cmdline nor environ from file-backed areas (CVE-2018-1120)
- kernel/exit.c: avoid undefined behaviour when calling wait4() (CVE-2018-10087)
- usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (CVE-2018-5814)
- [x86] x86/process: Allow runtime control of Speculative Store Bypass (CVE-2018-3639)
- scsi: libsas: defer ata device eh commands to libata (CVE-2018-10021)
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (CVE-2018-1000204)
- kernel/signal.c: avoid undefined behaviour in kill_something_info (CVE-2018-10124)
- mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() (CVE-2018-8087)
- fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). (CVE-2018-6412)
linux (3.16.57-2) jessie-security
* mmc/host: Ignore ABI changes (fixes FTBFS on armhf)
* New upstream stable update: 3.16.57
- cifs: empty TargetInfo leads to crash on recovery (CVE-2018-1066)
- ext4: add validity checks for bitmap block numbers (CVE-2018-1093)
- dccp: check sk for closed state in dccp_sendmsg() (CVE-2018-1130)
- cdrom: information leak in cdrom_ioctl_media_changed() (CVE-2018-10940)
- [x86] Update mitigation for Meltdown (CVE-2017-5754):
- [x86] Add support for microcode-based mitigation of Spectre v2 (CVE-2017-5715):
- posix-timers: Protect posix clock array access against speculation (CVE-2017-5753)
* [x86] fpu: Default eagerfpu if FPU and FXSR are enabled (CVE-2018-3665)
* usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (CVE-2018-5814)
* futex: Remove requirement for lock_page() in get_futex_key() (CVE-2018-9422)
* [x86[ kvm: use correct privilege level for sgdt/sidt/fxsave/fxrstor access (CVE-2018-10853)
* sr: pass down correctly sized SCSI sense buffer (CVE-2018-11506)
* jfs: Fix inconsistency between memory allocation and ea_buf->max_size (CVE-2018-12233)
* scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (CVE-2018-1000204)
자세한 업데이트 내역은 아래 링크의 Changelog 정보를 참고하기 바랍니다.
--
[영향을 받는 리눅스 커널 및 업데이트 버전]
□ 데비안 9 Stretch (Stable)
※ 커널 4.9 → 커널 4.9.110-1 버전으로 업데이트
https://tracker.debian.org/media/packages/l/linux/changelog-4.9.110-1
※ 2020년 Full 지원 종료 예정 및 2022년 6월 장기 지원 (LTS) 종료 예정
--
□ 데비안 8 Jessie (OldStable) / 리눅스민트데비안에디션(LMDE) 2 Betsy
※ 커널 3.16 → 커널 3.16.57-2 버전으로 업데이트
https://tracker.debian.org/media/packages/l/linux/changelog-3.16.57-2
※ 2018년 6월 Full 지원 종료 예정 및 2020년 4월 장기 지원 (LTS) 종료 예정
--
□ 데비안 7 Wheezy
※ 2018년 5월 31일 지원 종료
--
배포판의 종류와 커널 버전을 알기 위해서는 터미널에서 다음의 명령어를 입력하기 바랍니다.
$ lsb_release -a && uname -a
--
그러므로 데비안 및 LMDE 사용자는 터미널에서 다음의 명령어를 입력하여 최신 버전으로 업데이트하기 바랍니다.
$ sudo apt-get update && sudo apt-get dist-upgrade -y && sudo apt-get autoremove --purge && sudo apt-get autoclean
아울러 업데이트를 적용하기 위해서는 마지막에 반드시 재부팅을 하기 바랍니다.
--
리눅스민트데비안에디션(LMDE) 2 Betsy는 데비안 8 Jessie (OldStable)을 변형한 배포판입니다.
::: 본 문서의 무단전재 및 재배포를 금지합니다 :::
'IT & Security > 리눅스 :: 보안' 카테고리의 다른 글
데비안(Debian) 리눅스 커널 업데이트 - 4.9.110-3+deb9u1 (0) | 2018.08.10 |
---|---|
우분투(Ubuntu) LTS 리눅스 커널 업데이트 - 4.15.0-30 (0) | 2018.08.10 |
우분투(Ubuntu) LTS 리눅스 커널 업데이트 - 4.4.0-131 (0) | 2018.07.29 |
우분투(Ubuntu) LTS 리눅스 커널 업데이트 - 4.15.0-29 (0) | 2018.07.23 |
칼리 리눅스(Kali Linux) 커널 업데이트 - 4.16.16-2kali2 (0) | 2018.07.07 |