CVE-2020-10767 CVE-2020-10768 CVE-2020-12655 CVE-2020-12771 CVE-2020-13974 CVE-2020-15393 Debian Bug : 958300 960493 962254 963493 964153 964480 965365
Linux 4.19 has been packaged for Debian 9 as linux-4.19. This provides a supported upgrade path for systems that currently use kernel packages from the "stretch-backports" suite.
There is no need to upgrade systems using Linux 4.9, as that kernel version will also continue to be supported in the LTS period.
This backport does not include the following binary packages:
hyperv-daemons libbpf-dev libbpf4.19 libcpupower-dev libcpupower1
liblockdep-dev liblockdep4.19 linux-compiler-gcc-6-arm
linux-compiler-gcc-6-x86 linux-cpupower linux-libc-dev lockdep
usbip
Older versions of most of those are built from the linux source package in Debian 9.
The kernel images and modules will not be signed for use on systems with Secure Boot enabled, as there is no support for this in Debian 9.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leak.
CVE-2019-18814
Navid Emamdoost reported a potential use-after-free in the
AppArmor security module, in the case that audit rule
initialisation fails. The security impact of this is unclear.
CVE-2019-18885
The 'bobfuzzer' team discovered that crafted Btrfs volumes could
trigger a crash (oops). An attacker able to mount such a volume
could use this to cause a denial of service.
CVE-2019-20810
A potential memory leak was discovered in the go7007 media driver.
The security impact of this is unclear.
CVE-2020-10766
Anthony Steinhauser reported a flaw in the mitigation for
Speculative Store Bypass (CVE-2018-3639) on x86 CPUs. A local
user could use this to temporarily disable SSB mitigation in other
users' tasks. If those other tasks run sandboxed code, this would
allow that code to read sensitive information in...
4.19.132-1~deb9u2