Executive Summary

Summary
Titlelinux security update
Informations
NameDSA-4484First vendor Publication2019-07-20
VendorDebianLast vendor Modification2019-07-20
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score7.2Attack RangeLocal
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios.

For the oldstable distribution (stretch), this problem has been fixed in version 4.9.168-1+deb9u4.

For the stable distribution (buster), this problem has been fixed in version 4.19.37-5+deb10u1. This update includes as well a patch for a regression introduced by the original fix for CVE-2019-11478 (#930904).

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux

Original Source

Url : http://www.debian.org/security/2019/dsa-4484

CWE : Common Weakness Enumeration

%idName
50 %CWE-400Uncontrolled Resource Consumption ('Resource Exhaustion')
50 %CWE-264Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application44
Application45
Application45
Application45
Application45
Application45
Application45
Application45
Application44
Application45
Application45
Application45
Application44
Application2
Application1
Application1
Application1
Application1
Application1
Os6
Os3
Os1
Os2983
Os4
Os2
Os2
Os1

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2019-07-24 21:22:08
  • Multiple Updates
2019-07-20 17:18:31
  • First insertion