-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4196-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 08, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2018-1087 CVE-2018-8897
Debian Bug     : 897427 897599 898067 898100

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation or denial of service.

CVE-2018-1087

    Andy Lutomirski discovered that the KVM implementation did not
    properly handle #DB exceptions while deferred by MOV SS/POP SS,
    allowing an unprivileged KVM guest user to crash the guest or
    potentially escalate their privileges.

CVE-2018-8897

    Nick Peterson of Everdox Tech LLC discovered that #DB exceptions
    that are deferred by MOV SS or POP SS are not properly handled,
    allowing an unprivileged user to crash the kernel and cause a denial
    of service.

For the oldstable distribution (jessie), these problems have been fixed
in version 3.16.56-1+deb8u1. This update includes various fixes for
regressions from 3.16.56-1 as released in DSA-4187-1 (Cf. #897427,
#898067 and #898100).

For the stable distribution (stretch), these problems have been fixed in
version 4.9.88-1+deb9u1. The fix for CVE-2018-1108 applied in DSA-4188-1
is temporarily reverted due to various regression, cf. #897599.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlryHFFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SMQA/9HoJDt2OdyqqtfNUuWfP3sgGV1QVjIJnF39unKRdIaGw9m0RHQUu1G3rC
cgxcYcpQ0h10Yy5KVh4APqt55K7aVWVQT6xB0yx2VddMEwwl3rp2r/eL7EtoOkQT
zZW5JponzlEAjC9uGk7CouA7z/qFtd5awufFhAjMF5eL4ZQ6pG8wWEbae6DbU9nz
c7F+okC4hL6yPuWVEWzTRUFK1W0hs2N+VQgHV/afZaMAAooeZJDJeq1Hn/PVYvwJ
IHSOs01+kn0OUFHkVRA7kVdFAYUJlfhsDcXd9nB/lkxhc/HNI1g/dK76mRxjsiMo
pJlkPbEmZlOtmNG7vogxEp72ab24j2CITIHiID7ftZH5R/I2CSxp2dIzRVKdmP6P
tsfh/KcpUMNwwiPiGed1DMCjtsHOodBOkLtVsoHHJVMZg2xqfCrlqNRUn9o+0DcR
gO7HBsWG9K1qvSBWuRtQLT8QP00P3dSdhHmfWyfN8eJxTot+WJuMF/o+jbF6GGrZ
lPmzWqg4oL7jvQO8nlEkatjIFejEg0jmt+rCXyEbK8Uc9xjJk35GKIZne5X09BFe
36zY7HbMlPvLP/VHSb6fcPBpQo/HuG0/htAB1HpWS1fPrth1J76g2EmwFSG5Lo51
IRxTXP4UZuOL1sJHQ80220tThKs2dk1Yy77dKk8qQiQ2nC2JgNs=
=CskH
-----END PGP SIGNATURE-----