Executive Summary

Summary
Title linux security update
Informations
Name DSA-4484 First vendor Publication 2019-07-20
Vendor Debian Last vendor Modification 2019-07-20
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios.

For the oldstable distribution (stretch), this problem has been fixed in version 4.9.168-1+deb9u4.

For the stable distribution (buster), this problem has been fixed in version 4.19.37-5+deb10u1. This update includes as well a patch for a regression introduced by the original fix for CVE-2019-11478 (#930904).

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux

Original Source

Url : http://www.debian.org/security/2019/dsa-4484

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
50 % CWE-269 Improper Privilege Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 92
Application 83
Application 85
Application 78
Application 103
Application 80
Application 81
Application 74
Application 97
Application 94
Application 98
Application 83
Application 91
Application 1
Application 1
Application 1
Application 1
Application 1
Hardware 7
Hardware 6
Os 6
Os 3
Os 1
Os