Debian Security Advisory 5475-1 ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[16] Download^[17]

        -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5475-1                   Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
https://www.debian.org/security/                     Salvatore Bonaccorso
August 11, 2023                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package        : linux
CVE ID         : CVE-2022-40982 CVE-2023-20569
CVE-2022-40982
Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware
vulnerability for Intel CPUs which allows unprivileged speculative
access to data which was previously stored in vector registers.
This mitigation requires updated CPU microcode provided in the
intel-microcode package.
For details please refer to
<https://downfall.page/> and
<https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html>.
CVE-2023-20569
Daniel Trujillo, Johannes Wikner and Kaveh Razavi discovered
INCEPTION, also known as Speculative Return Stack Overflow (SRSO),
a transient execution attack that leaks arbitrary data on all AMD
Zen CPUs. An attacker can mis-train the CPU BTB to predict non-
architectural CALL instructions in kernel space and use this to
control the speculative target of a subsequent kernel RET,
potentially leading to information disclosure via a speculative
side-channel.
For details please refer to
<https://comsec.ethz.ch/research/microarch/inception/> and
<https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005>.
For the oldstable distribution (bullseye), these problems have been fixed
in version 5.10.179-5.
For the stable distribution (bookworm), these problems have been fixed in
version 6.1.38-4.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTV0BlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SeJw/+Lsm9OPYOCSLnox1Rcdor5uAckTjewBhT7+iGaaThpOu3p7tnJcfqYDIw
Ywv1amkgeJTz8j9AW5N/PIXDJsSST1W9/lh5PhGJJqcj9Dd0UTtcHjQwY+KeKa66
rhe/5uqMD2NQhVFTbacaYU87kEeqbuQpb/Z1Q1jmqFkFzrfgAfQy114OM8aS+LRJ
V9VKy+TVB+DZ3rRQxr8EEg/dtWbFW0iTHxjDWDSK2AjYSUI7dwLw9Ynbh3xXyHaO
EI+BEKK3ugt9IC4Dn29az49tkrxxCCR6VxzsXiezCTrtoO7APVaLOfW4SJFPPWHl
ZREQegR7DgKWNVzZtavUpZyrPXidGhBJ7SyQjojd5BlZHnc1X7kNJIYC7Hrlt8JY
R8zmdluOucZpqvRNfr4vuFWmR5nucGvBeDmW/3UBUvzWWkqmfiwROPUd7KwbLt47
CWRbqFdFgxQ2trPTKU17V9H5BPKnbU/gj1Cbzcth/Z3+aeKFu+PCUYDfwwPZigjg
LXALs7CSdyrStevXpO13IIWqVRg4afUy4VjBLqV7iF+ff3CSlKW3ImuzgVnV/kT3
IfDbqWD5QF2S5jag94/nu/e+m5CKKUZNxu4Xvc598fpohaZKvttZH2U7y9FQqT3u
x/YwSsBfN3jLgqiwDyY+q10eITjGyhzmjFklrS50/btTTPk8l2s=
=hjVd
-----END PGP SIGNATURE-----

• Follow us on Twitter^[20]
• Follow us on Facebook^[21]
• Subscribe to an RSS Feed^[22]

File Tags

• ActiveX^[23] (932)
• Advisory^[24] (81,933)
• Arbitrary^[25] (16,196)
• BBS^[26] (2,859)
• Bypass^[27] (1,740)
• CGI^[28] (1,026)
• Code Execution^[29] (7,277)
• Conference^[30] (679)
• Cracker^[31] (841)
• CSRF^[32] (3,344)
• DoS^[33] (23,416)
• Encryption^[34] (2,370)
• Exploit^[35] (51,861)
• File Inclusion^[36] (4,221)
• File Upload^[37] (973)
• Firewall^[38] (821)
• Info Disclosure^[39] (2,770)
• Intrusion Detection^[40] (892)
• Java^[41] (3,043)
• JavaScript^[42] (858)
• Kernel^[43] (6,671)
• Local^[44] (14,448)
• Magazine^[45] (586)
• Overflow^[46] (12,691)
• Perl^[47] (1,423)
• PHP^[48] (5,145)
• Proof of Concept^[49] (2,338)
• Protocol^[50] (3,601)
• Python^[51] (1,535)
• Remote^[52] (30,765)
• Root^[53] (3,581)
• Rootkit^[54] (508)
• Ruby^[55] (612)
• Scanner^[56] (1,639)
• Security Tool^[57] (7,886)
• Shell^[58] (3,180)
• Shellcode^[59] (1,214)
• Sniffer^[60] (894)
• Spoof^[61] (2,206)
• SQL Injection^[62] (16,366)
• TCP^[63] (2,406)
• Trojan^[64] (687)
• UDP^[65] (893)
• Virus^[66] (664)
• Vulnerability^[67] (31,770)
• Web^[68] (9,663)
• Whitepaper^[69] (3,749)
• x86^[70] (962)
• XSS^[71] (17,932)
• Other^[72]

File Archives

• August 2023^[73]
• July 2023^[74]
• June 2023^[75]
• May 2023^[76]
• April 2023^[77]
• March 2023^[78]
• February 2023^[79]
• January 2023^[80]
• December 2022^[81]
• November 2022^[82]
• October 2022^[83]
• September 2022^[84]
• Older^[85]

Systems

• AIX^[86] (428)
• Apple^[87] (2,002)
• BSD^[88] (373)
• CentOS^[89] (57)
• Cisco^[90] (1,922)
• Debian^[91] (6,812)
• Fedora^[92] (1,692)
• FreeBSD^[93] (1,244)
• Gentoo^[94] (4,322)
• HPUX^[95] (879)
• iOS^[96] (351)
• iPhone^[97] (108)
• IRIX^[98] (220)
• Juniper^[99] (67)
• Linux^[100] (46,428)
• Mac OS X^[101] (686)
• Mandriva^[102] (3,105)
• NetBSD^[103] (256)
• OpenBSD^[104] (485)
• RedHat^[105] (13,711)
• Slackware^[106] (941)
• Solaris^[107] (1,610)
• SUSE^[108] (1,444)
• Ubuntu^[109] (8,808)
• UNIX^[110] (9,289)
• UnixWare^[111] (186)
• Windows^[112] (6,573)
• Other^[113]

© 2022 Packet Storm. All rights reserved.

Read more https://packetstormsecurity.com/files/174136/dsa-5475-1.txt