Monday, May 29, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory
  • Login
  • Register
Cloud7
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
No Result
View All Result
Cloud7
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
No Result
View All Result
Cloud7
No Result
View All Result

Home > Linux > Debian GNU/Linux 11 fixes several vulnerabilities

Debian GNU/Linux 11 fixes several vulnerabilities

The Debian Project's newly released Linux Kernel security update for Debian GNU/Linux 11 fixes 9 vulnerabilities.


Erdem Yasar Erdem Yasar
July 28, 2022
3 min read
Debian GNU Linux 11 fixes several vulnerabilities
  • Debian GNU/Linux 11’s new Linux Kernel security update addressed 9 vulnerabilities that can cause a privilege escalation, leaking information, and denial of service.
  • During his talk at the DebConf 22 conference, Debian developer Steve McIntyre stated that Debian might start including non-free firmware.
  • The Debian project urged users to update their Debian GNU/Linux 11 “Bullseye” installation to Linux kernel 5.10.127-2 as soon as possible.

A new Linux Kernel security update for Debian GNU/Linux 11 “Bullseye” stable has been released. The update fixes 9 vulnerabilities that can cause a privilege escalation, leaking information, or denial of service. The security update was released approximately 1.5 months after the previous one it addresses nine security vulnerabilities in the Linux Kernel 5.10 LTS, the default kernel for the latest Debian release.

Table of Contents

  • Information leaks and denial of service
  • Non-free firmware
  • FAQ
    • What is the latest version of Debian?
    • Is Debian free?
    • Can Debian be used for commercial purposes?
    • Can Debian be installed on a virtual machine?

Information leaks and denial of service

The project advised users to update their Debian GNU/Linux 11 “Bullseye” versions to Linux kernel 5.10.127-2 to be safe. Some of the vulnerabilities addressed with this patch are:

CVE-2021-33655: When sending malicious data to kernel by ioctl cmd FBIOPUT_VSCREENINFO, the kernel will write memory out of bounds.

CVE-2022-2318: There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of Linux that allow attackers to crash the Linux kernel without any privileges.

CVE-2022-33743: Network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.

CVE-2022-33744: Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests’ memory pages.

CVE-2022-34918: An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. The attacker can obtain root access but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.

To update their Debian GNU/Linux 11 installations, users can use a graphical package manager, or use the following commands:

sudo apt update
sudo apt full-upgrade

Non-free firmware

A former Debian project leader and a Debian developer since 1996, Steve McIntyre is discussing adding non-free firmware to the distro, which allows the latest devices and configurations to work smoothly. During his talk at the DebConf 22 conference, he shared his opinion on “Fixing the firmware mess” with the audience.

Although it contradicts the project’s policy to include free software, we may see Debian releases with non-free firmware in official releases. There are currently unofficial Debian images that include non-free firmware. When Steve asked for attendees to share their opinion, the majority of them voted in favor of including non-free firmware in images.

FAQ

What is the latest version of Debian?

The latest version in Debian is Debian "Bullseye" 11.6 and it was released on 17 December 2022.

Is Debian free?

Yes, Debian is a free, open-source, and community-driven operating system that is widely adopted and supported. It is a reliable, stable, and secure choice for users, and it can be used for any purpose, including commercial use, without the need of paying any licensing fees.

Can Debian be used for commercial purposes?

Yes, Debian is a free, open-source, and community-driven operating system that can be used for commercial purposes without any restriction. Its stability, security, and wide range of software packages make it a reliable and versatile choice for businesses and organizations.

Can Debian be installed on a virtual machine?

Yes, Debian can be installed on a virtual machine. A virtual machine (VM) allows you to run an operating system within another operating system. This means that you can install Debian on a virtual machine and run it on top of your current operating system, without the need to replace it or partition your hard drive.
To install Debian on VMWare, you can refer to our article: How to install a Linux Distro on VMware Workstation

See more Linux News

A comprehensive guide to understanding Linux: What is Linux?


Tags: DebianVulnerability
Erdem Yasar

Erdem Yasar

Erdem Yasar is a news editor at Cloud7. Erdem started his career by writing video game reviews in 2007 for PC World magazine while he was studying computer engineering. In the following years, he focused on software development with various programming languages. After his graduation, he continued to work as an editor for several major tech-related websites and magazines. During the 2010s, Erdem Yasar shifted his focus to cloud computing, hosting, and data centers as they were becoming more popular topics in the tech industry. Erdem Yasar also worked with various industry-leading tech companies as a content creator by writing blog posts and other articles. Prior to his role at Cloud7, Erdem was the managing editor of T3 Magazine.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post

Google updates Calendar to enable working location by default

Related News

Best file managers for Linux

Best file managers for Linux

May 12, 2023 5:30 pm
EuroLinux 9.2 is now available for download

EuroLinux 9.2 is now available for download

May 12, 2023 5:00 pm
Alpine Linux 3.18.0 ready to download

Alpine Linux 3.18.0 ready to download

May 11, 2023 4:30 pm
Red Hat Enterprise Linux 9.2 ready to download

Red Hat Enterprise Linux 9.2 ready to download

May 11, 2023 4:00 pm
Get free daily newsletters from Cloud7 Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Editor's Choice

10 best web hosting services

7 best shared hosting service providers

7 best Linux distros for beginners

7 best Linux distros for gaming

7 best cloud storage services for business

7 best Linux desktop environments

Farewell and gratitude: The journey ends for Cloud7

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Recent News

  • Farewell and gratitude: The journey ends for Cloud7
  • Gcore Partners with Pienso
  • LibreOffice 7.4.7 is now available for download
  • AI-powered automatic time tracking (Podcast #20 w/ Catalina Butnaru)
  • Best file managers for Linux
  • EuroLinux 9.2 is now available for download
  • X3D, or not X3D, that is the question

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Artificial Intelligence
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact Us

© 2023, Cloud7. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory

© 2023, Cloud7. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.