SB2019072006 - Debian update for linux
Published: July 20, 2019 Updated: June 21, 2024
Security Bulletin ID
SB2019072006
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-13272)
The vulnerability allows a local user to perform unauthorized actions on a targeted system.
The vulnerability exists when recording the credentials of a process that will create a ptrace relationship in the "ptrace_link" function in the "kernel/ptrace.c" file. A local authenticated user can create a specially crafted application and escalate privileges on the system.
2) Resource exhaustion (CVE-ID: CVE-2019-11478)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to an error when processing TCP Selective Acknowledgment (SACK) sequences within the Linux kernel TCP retransmission queue implementation in tcp_fragment. A remote non-authenticated attacker can send specially crafted network traffic to the affected system and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.