Debian updates its kernel to fix bugs found in Buster, Stretch and Jessie

New kernel in Debian 10

Canonical releases many minor Ubuntu kernel updates to fix various security flaws. Many of these bugs appear in non-LTS versions of the kernel, and is that Canonical releases news at least twice every year, in April and October. The operating system on which it is based is more robust, in part because it introduces new features more slowly. But that does not mean that it is free from flaws and Debian launched yesterday new kernel versions for your operating system.

Debian 10 was released earlier this month and you have already received your first kernel security update. This is a bug discovered by Jann Horn of Google Project Zero, a security initiative of the search engine company that, honestly, I do not know if it is more famous for helping to find security flaws or for publishing them before the creators of the search engine. software in question have corrected the bug. In any case, the flaw discovered by Horn has been cataloged as high severity.

Debian 10 receives its first kernel security update

The bug that the new kernel version fixes is the CVE-2018-13272 and describes a security problem that «a local attacker could use to gain super user (root) access by taking advantage of certain scenarios with a parent-child process relationship, where the parent drops privileges and calls execve (potentially allowing an attacker control)«. Failure affects Buster, Stretch and Jessie.

The new kernel versions are 19.37-5 + deb10u1 in «Buster», 4.9.168-1 + deb9u4 in "Stretch" and 3.16.70-1 + deb8u1 Jessie. Debian version 10 also includes a patch for a regression introduced in the original patch for vulnerability CVE-2019-11478 in the implementation of the TCP retransmission queue. As we can expect on a critical severity bug, Debian Project recommends updating as soon as possible.


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published.

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.