Debian Security Advisory DSA 4082-1 (linux - security update)

Published: 2018-01-08 23:00:00
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

Affected Versions:
linux on Debian Linux

Recommendations:
For the oldstable distribution (jessie), these problems have been fixed in version 3.16.51-3+deb8u1. We recommend that you upgrade your linux Linux Distribution Packages. For the detailed security status of linux please refer to its security tracker page linked in the references.

Summary:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5754 Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Meltdown and is addressed in the Linux kernel for the Intel x86-64 architecture by a patch set named Kernel Page Table Isolation, enforcing a near complete separation of the kernel and userspace address maps and preventing the attack. This solution might have a performance impact, and can be disabled at boot time by passing pti=off to the kernel command line. Description truncated. Please see the references for more information.

Detection Method:
This check tests the installed software version using the apt Linux Distribution Package manager.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2017-1000407
https://nvd.nist.gov/vuln/detail/CVE-2017-1000410
https://nvd.nist.gov/vuln/detail/CVE-2017-15868
https://nvd.nist.gov/vuln/detail/CVE-2017-16538
https://nvd.nist.gov/vuln/detail/CVE-2017-16939
https://nvd.nist.gov/vuln/detail/CVE-2017-17448
https://nvd.nist.gov/vuln/detail/CVE-2017-17449
https://nvd.nist.gov/vuln/detail/CVE-2017-17450
https://nvd.nist.gov/vuln/detail/CVE-2017-17558
https://nvd.nist.gov/vuln/detail/CVE-2017-17741
https://nvd.nist.gov/vuln/detail/CVE-2017-17805
https://nvd.nist.gov/vuln/detail/CVE-2017-17806
https://nvd.nist.gov/vuln/detail/CVE-2017-17807
https://nvd.nist.gov/vuln/detail/CVE-2017-5754
https://nvd.nist.gov/vuln/detail/CVE-2017-8824

References:

https://www.debian.org/security/2018/dsa-4082.html
https://security-tracker.debian.org/tracker/linux

Search
Severity
High
CVSS Score
7.2

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.