The Debian Project has published a new advisory to inform Debian 9 Stretch users of a new update for the Linux kernel that fixes two vulnerabilities.
After a week ago the Debian Linux kernel 9 will be updated fixing 18 vulnerabilities, a new patch is here to fix a security issue discovered by Felix Wilhelm of Google's Project Zero.
The patch is responsible for fixing an issue affecting the xen-netback module, which could result in a data leak, privilege modification and denial of service.
“Felix Wilhelm of Project Zero discovered a bug in the hash handling of the Linux Kernel xen-netback module. A malicious or buggy frontend could cause the backend to access memory strings, which in turn allowed a modification of privileges, data leakage or denial of service ”, says Salvatore Bonaccorso in the official publication.
All Debian 9 Stretch users must upgrade
The new patch for the Debian 9 Stretch Linux Kernel also fixes a privilege modification vulnerability affecting Linux Kernel virtual machines and AArch64 (ARM64) architecture devices, allowing the attacker to create a denial of service or modify the flow. hypervisor control to gain control of the registry.
To fix both vulnerabilities, the Debian project recommends that all Debian 9 Stretch users update their system's Linux Kernel to version 4.9.110-3 + deb9u6, now available in the main archives. To update the system, just run the following code in the terminal: «sudo apt-get update && sudo apt-get full-upgrade«. The new version replaces the previous one that fixed 18 vulnerabilities.