Debian LTS Advisory ([SECURITY] [DLA 1531-1] linux-4.9 security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-6554 A memory leak in the irda_bind function in the irda subsystem was discovered. A local user can take advantage of this flaw to cause a denial of service (memory consumption). CVE-2018-6555 A flaw was discovered in the irda_setsockopt function in the irda subsystem, allowing a local user to cause a denial of service (use-after-free and system crash). CVE-2018-7755 Brian Belleville discovered a flaw in the fd_locked_ioctl function in the floppy driver in the Linux kernel. The floppy driver copies a kernel pointer to user memory in response to the FDGETPRM ioctl. A local user with access to a floppy drive device can take advantage of this flaw to discover the location kernel code and data. Description truncated. Please see the references for more information.

linux-4.9 on Debian Linux

This check tests the installed software version using the apt package manager.

For Debian 8 'Jessie', these problems have been fixed in version 4.9.110-3+deb9u5~deb8u1. We recommend that you upgrade your linux-4.9 packages.