-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 09 Jun 2020 18:20:21 +0100 Binary: linux-doc-4.9 linux-headers-4.9.0-0.bpo.12-common linux-headers-4.9.0-0.bpo.12-common-rt linux-manual-4.9 linux-source-4.9 linux-support-4.9.0-0.bpo.12 Source: linux-4.9 Architecture: all source Version: 4.9.210-1+deb9u1~deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Ben Hutchings <benh@debian.org> Closes: 952660 Description: linux-doc-4.9 - Linux kernel specific documentation for version 4.9 linux-headers-4.9.0-0.bpo.12-common - Common header files for Linux 4.9.0-0.bpo.12 linux-headers-4.9.0-0.bpo.12-common-rt - Common header files for Linux 4.9.0-0.bpo.12-rt linux-manual-4.9 - Linux kernel API manual pages for version 4.9 linux-source-4.9 - Linux kernel source for version 4.9 with Debian patches linux-support-4.9.0-0.bpo.12 - Support files for Linux 4.9 Changes: linux-4.9 (4.9.210-1+deb9u1~deb8u1) jessie-security; urgency=medium . * Backport to jessie; no further changes required . linux (4.9.210-1+deb9u1) stretch-security; urgency=high . [ Salvatore Bonaccorso ] * selinux: properly handle multiple messages in selinux_netlink_send() (CVE-2020-10751) * fs/namespace.c: fix mountpoint reference counter race (CVE-2020-12114) * USB: core: Fix free-while-in-use bug in the USB S-Glibrary (CVE-2020-12464) * scsi: sg: add sg_remove_request in sg_common_write * scsi: sg: add sg_remove_request in sg_write (CVE-2020-12770) * USB: gadget: fix illegal array access in binding with UDC (CVE-2020-13143) * netlabel: cope with NULL catmap (CVE-2020-10711) * fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (CVE-2020-10732) * kernel/relay.c: handle alloc_percpu returning NULL in relay_open (CVE-2019-19462) * mm: Fix mremap not considering huge pmd devmap (CVE-2020-10757) . [ Ben Hutchings ] * [arm64] Enforce BBM for huge IO/VMAP mappings (CVE-2019-2182): - arm64: mm: BUG on unsupported manipulations of live kernel mappings - arm64: don't open code page table entry creation - arm64: mm: Change page table pointer name in p[md]_set_huge() - arm64: Enforce BBM for huge IO/VMAP mappings - arm64: Make sure permission updates happen for pmd/pud * cfg80211/mac80211: make ieee80211_send_layer2_update a public function * mac80211: Do not send Layer 2 Update frame before authorization (CVE-2019-5108) * ext4: Fix various bugs: - ext4: Make checks for metadata_csum feature safer - ext4: avoid declaring fs inconsistent due to invalid file handles - ext4: protect journal inode's blocks using block_validity (CVE-2019-19319) - ext4: unsigned int compared against zero - ext4: fix block validity checks for journal inodes using indirect blocks - ext4: don't perform block validity checks on the journal inode - ext4: add cond_resched() to ext4_protect_reserved_inode (CVE-2020-8992) * blktrace: Fix various locking issues: - blktrace: Fix potential deadlock between delete & sysfs ops - blktrace: fix unlocked access to init/start-stop/teardown - blktrace: fix trace mutex deadlock - blktrace: Protect q->blk_trace with RCU (CVE-2019-19768) - blktrace: fix dereference after null check * media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (CVE-2019-20806) * [x86] KVM: nVMX: Fix incorrect instruction emulation (CVE-2020-2732): - KVM: x86: emulate RDPID - KVM: nVMX: Don't emulate instructions in guest mode - KVM: nVMX: Refactor IO bitmap checks into helper function - KVM: nVMX: Check IO instruction VM-exit conditions * vfs: do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428) * vfs: fix do_last() regression * vgacon: Fix a UAF in vgacon_invert_region (CVE-2020-8647, CVE-2020-8649) * locking/atomic, kref: Add kref_read() * vt: Fix various bugs: - vt: selection, handle pending signals in paste_selection - VT_RESIZEX: get rid of field-by-field copyin - vt: vt_ioctl: fix race in VT_RESIZEX - vt: selection, close sel_buffer race (CVE-2020-8648) - vt: selection, push console lock down - vt: selection, push sel_lock up - vt: selection, introduce vc_is_sel - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines - vt: switch vt_dont_switch to bool - vt: vt_ioctl: remove unnecessary console allocation checks - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual - vt: vt_ioctl: fix use-after-free in vt_in_use() * floppy: check FDC index for errors before assigning it (CVE-2020-9383) * vhost: Check docket sk_family instead of call getname (CVE-2020-10942) * slip, slcan: Fix various bugs: - can, slip: Protect tty->disc_data in write_wakeup and close - slcan: not call free_netdev before rtnl_unlock in slcan_open - slcan: Fix double-free on slcan_open() error path - slcan: Don't transmit uninitialized stack data in padding (CVE-2020-11494) - slip: stop double free sl->dev in slip_open - slip: not call free_netdev before rtnl_unlock in slip_open - slip: make slhc_compress() more robust against malicious * mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (CVE-2020-11565) * media: usb: Fix several descriptor checks: - media: ov519: add missing endpoint sanity checks (CVE-2020-11608) - media: stv06xx: add missing descriptor sanity checks (CVE-2020-11609) - media: xirlink_cit: add missing descriptor sanity checks (CVE-2020-11668) * scsi: mptfusion: Fix double fetch bug in ioctl (CVE-2020-12652) * mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (CVE-2020-12653) * mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (CVE-2020-12654) * macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (Closes: #952660) * block: Avoid ABI change for blktrace locking * net-sysfs: Fix reference counting bugs: - net: don't decrement kobj reference count on init failure - net-sysfs: call dev_hold if kobject_init_and_add success (CVE-2019-20811) - net-sysfs: Fix reference count leak in rx|netdev_queue_add_kobject - net-sysfs: fix netdev_queue_add_kobject() breakage - net-sysfs: Call dev_hold always in netdev_queue_add_kobject - net-sysfs: Call dev_hold always in rx_queue_add_kobject * propagate_one(): mnt_set_mountpoint() needs mount_lock * [x86] Add support for mitigation of Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543): - x86/cpu: Add 'table' argument to cpu_matches() - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation - x86/speculation: Add SRBDS vulnerability and mitigation documentation - x86/speculation: Add Ivy Bridge to affected list * [x86] speculation: Do not match steppings, to avoid an ABI change * random: always use batched entropy for get_random_u{32,64} * [rt] Refresh "random: avoid preempt_disable()ed section" Checksums-Sha1: 7ed22bcf727f721987985128aea249c4e364b44d 15751 linux-4.9_4.9.210-1+deb9u1~deb8u1.dsc 3bcd4922369b83889ce615ae1c03aca0c3933c55 2100936 linux-4.9_4.9.210-1+deb9u1~deb8u1.debian.tar.xz dd6c3365a541fd8fba2679385313ed6a715866ba 7749982 linux-headers-4.9.0-0.bpo.12-common_4.9.210-1+deb9u1~deb8u1_all.deb 47e25e474eaaa3952c4892dbaa9ebd167fdee61d 5806962 linux-headers-4.9.0-0.bpo.12-common-rt_4.9.210-1+deb9u1~deb8u1_all.deb 501c540a317dd953afec60c3253ed0c56c77006d 746004 linux-support-4.9.0-0.bpo.12_4.9.210-1+deb9u1~deb8u1_all.deb a31534b18ccf48381e61bf906388319554af5e18 11498188 linux-doc-4.9_4.9.210-1+deb9u1~deb8u1_all.deb 2b0a0ab75b5f56afbc69d929dad61ca6da4e482d 3298118 linux-manual-4.9_4.9.210-1+deb9u1~deb8u1_all.deb 33ad9ccf612d936d534740f0187f89b5dabb97b2 96988286 linux-source-4.9_4.9.210-1+deb9u1~deb8u1_all.deb Checksums-Sha256: 1e3b9fd7e0d69046ddafb43a0d49c794d4ee62e5c5605722501f721b436c36b3 15751 linux-4.9_4.9.210-1+deb9u1~deb8u1.dsc 1a6785147c383c71c15503546aebbed917eb2af0e447da255c26358d014b229e 2100936 linux-4.9_4.9.210-1+deb9u1~deb8u1.debian.tar.xz 640b386abd2953310766a36a5bad956e8839d264b26c3840feb50e0b9fd569d2 7749982 linux-headers-4.9.0-0.bpo.12-common_4.9.210-1+deb9u1~deb8u1_all.deb 04e576cf6a7fec9ede25d30dc5a5b788a9bceedf840fc12411d3ded877ecc950 5806962 linux-headers-4.9.0-0.bpo.12-common-rt_4.9.210-1+deb9u1~deb8u1_all.deb 42d30c5a0c0a440e15490e42a955bab51c62eba72c099cf29f93617371e84df0 746004 linux-support-4.9.0-0.bpo.12_4.9.210-1+deb9u1~deb8u1_all.deb a417217c71bedae2c99ba09a4b43357e5fe63f2ccbe674e06257e6194dbba0eb 11498188 linux-doc-4.9_4.9.210-1+deb9u1~deb8u1_all.deb c6fa6ad6d45d065ec12fe7d87e13969235e31af4418b113c0d5b0fb330fc4079 3298118 linux-manual-4.9_4.9.210-1+deb9u1~deb8u1_all.deb c9a2ad764097688fcaf6b5d122b87b7b77fd1e82eb208f963dd46111356080cc 96988286 linux-source-4.9_4.9.210-1+deb9u1~deb8u1_all.deb Files: aa10eab04fa590a1d83e058577757759 15751 kernel optional linux-4.9_4.9.210-1+deb9u1~deb8u1.dsc 1ca81ef3861e8f1d5c909c8583ffdf3a 2100936 kernel optional linux-4.9_4.9.210-1+deb9u1~deb8u1.debian.tar.xz fc88f70caa98de3f9d89c5fa4b55fe3a 7749982 kernel optional linux-headers-4.9.0-0.bpo.12-common_4.9.210-1+deb9u1~deb8u1_all.deb e30d1eaee582390ecc1dbab4228785ad 5806962 kernel optional linux-headers-4.9.0-0.bpo.12-common-rt_4.9.210-1+deb9u1~deb8u1_all.deb 9e2d404f9f87badfa95bda92d761979d 746004 devel optional linux-support-4.9.0-0.bpo.12_4.9.210-1+deb9u1~deb8u1_all.deb bd5462cfe1b9f063911a694fad833883 11498188 doc optional linux-doc-4.9_4.9.210-1+deb9u1~deb8u1_all.deb 07d28a630e19cc005168aa2c44a1f7b2 3298118 doc optional linux-manual-4.9_4.9.210-1+deb9u1~deb8u1_all.deb 8035fbdaeb69bb57420a7bc217e721d9 96988286 kernel optional linux-source-4.9_4.9.210-1+deb9u1~deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl7gA3wACgkQ57/I7JWG EQkcsQ//cAt2waEIb8SZ+eMn2fwPu07LQGznWDQVGiMtxHSzmEfpc/7vZ+xG5meq qdCMLm+RbbscPQ4F3daf9d9CJub8AIrXrqmFb3v2My/ADsD53HQqWP6IO+z27rIl vq3lvNMc04uFfCccdn/aWMEL7fFqv7l21/ZLW7cyov7dz/PnLacKbVSvupXJosxP wN2h3c9FWbwaXYyA8JnZ+xzQZAZjjfBVgi1iddPWhjgzZEePJU+U02mPyr8i/H4p q/h/jGXqkHDRDounsuF246WX1b1sB3Wzp6QhYuR0qmZ2sLAIuFrq/E1a+8yD0dQg 2662BPnZ50VnfBh+L2tO5pgEtNqNs/d1zqRs2yz7gb63pLutKdXUnFffgfPTaoXI kGX23Ag2GkgxDP0DnNEeWz1cgob4NOrKfUK8Pk1vxmbeWpQH8ujwLQixtn73V7i1 R/rlTKriYnj7Hnl66saCbYrZo4o8G77h6vO7dnX5zgBAkSFE4nBvSPxyW2tpPnZU GJ3GfGUT6YizzHdEfAKeb+hyyM4kLUND+QYnAwszCasG67Emv8GYJUjnwEeg7iOn Yh96a1tJ56TY8eWbbQQnXHTa6ZH1rBOPZ5JGu4zp9L8L8yNEVuBGYoe+PQDaaUcH LHdbQGqwjiJNbpXhwBPwnqaXKfTFYVBnkQ6LHjqkT9/6StmLll4= =I3Kk -----END PGP SIGNATURE-----