As demonstrated yesterday with the LibreOffice 6.2.7 updates and Firefox 69.0.1, all software that exists and will exist is buggy. Many of them are small problems that make their use somewhat annoying, such as the touchpad in LibreOffice that is corrected in v6.3.0 of the office suite, but others are security flaws or vulnerabilities like the ones it has corrected Debian a few hours ago.
To be more specific, Debian Project has fixed a total of 5 vulnerabilities that affected the last two versions of your operating system, or what is the same, Debian 10 Buster and Debian 9 Stretch. The worst thing is not the number of vulnerabilities repaired, relatively low if we take into account that here we have talked about up to a hundred, but that three of them are of high severity and two of them of medium severity.
Debian Buster and Stretch had 5 vulnerabilities that they have already fixed
The 5 security flaws that have been corrected are the following:
- CVE-2019-15902- A bug that reintroduced a Specter V1 vulnerability in the ptrace subsystem of the Linux kernel and could be exploited remotely. Severity: high.
- CVE-2019-14821- A local attacker with access to / dev / kvm could escalate his privileges and corrupt memory or crash the system. Severity: medium. Requires local access.
- CVE-2019-15117: present in the usb-audio driver, it could allow an attacker to add USB devices to crash the system. Severity: medium. Requires local access
- CVE-2019-14835: a bug in the cvhost_net network backend controller for KVM hosts that could allow an attacker controlling a virtual machine to cause memory corruption or crash the system, as well as escalate his privileges on the host system. Severity: high. Requires local access.
- CVE-2019-15118: Also present in the usb-audio driver, it could allow an attacker to add USB devices to escalate privileges and cause denial of service (DoS), system hangs or memory corruption. Severity: medium. Requires local access
The new kernel versions are 4.19.67-2 + deb10u1 for Debian 10 and 4.9.189-3 + deb9u1 for Debian 9. For the changes to take effect, will have to restart The operating system.