The first Linux kernel security update for the recently released Debian GNU/Linux 10 “Buster” operating system series is now available to address a local privilege escalation flaw.
Released earlier this month, the latest Debian GNU/Linux 10 “Buster” operating system just got its first Linux kernel security update, which addresses a security flaw (CVE-2019-13272) discovered by Google Project Zero’s Jann Horn in Linux kernel’s ptrace subsyste, which could let a local user obtain root privileges.
“Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios,” reads the security advisory published by Salvatore Bonaccorso last week.
The issues also apears to affect the older Debian GNU/Linux 9 “Stretch” and Debian GNU/Linux 8 “Jessie” operating systems series, but the Debian Project released kernel security patches for all supported versions. Therefore, users are urged to update their installations to the new kernel versions as soon as possible.
All Debian users are urged to update their systems
If you’re using any of the supported Debian GNU/Linux operating system releases on your computers, you are urged to update them as soon as possible to the new kernel versions, namely 4.19.37-5+deb10u1 on Debian GNU/Linux 10 “Buster”, 4.9.168-1+deb9u4 on Debian GNU/Linux 9 “Stretch” and 3.16.70-1+deb8u1 on Debian GNU/Linux 8 “Jessie.”
It should be noted the fact that the Linux kernel security update for Debian GNU/Linux 10 “Buster” also includes a patch for a regression introduced by the original fix for the CVE-2019-11478 vulnerability in the TCP retransmission queue implementation. The Debian Project recommends all users to update their installations immediately to fix these issues.
>> Source Link