ClickCease Critical Linux Security Updates for Debian 12 and Debian 11

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Critical Linux Security Updates for Debian 12 and Debian 11

by Rohan Timalsina

January 15, 2024 - TuxCare expert team

In the dynamic realm of cybersecurity, staying ahead of potential threats is crucial for maintaining a secure computing environment. For Debian GNU/Linux users, keeping the system updated with the latest security patches is an essential step towards fortifying your digital fortress. These updates address several security vulnerabilities to enhance the overall system security.

In this article, we will delve into the recent Debian Linux security updates, focusing on Debian GNU/Linux 12 “Bookworm” and Debian GNU/Linux 11 “Bullseye” operating systems.

 

Debian GNU/Linux 12 “Bookworm” Updates

 

The security update for Debian Bookworm includes patches for several vulnerabilities:

CVE-2023-6531: A use-after-free flaw discovered by Jann Horn from Google Project Zero.

CVE-2023-6622 and CVE-2023-6817: Flaws in the netfilter subsystem found by Xingyuan Mo, potentially leading to a denial of service or privilege escalation.

CVE-2023-6931: A heap out-of-bounds write vulnerability in the Linux kernel’s Performance Events system, discovered by Budimir Markovic.

Additionally, four race conditions in the Bluetooth, ATM subsystem, Appletalk subsystem, and Amateur Radio X.25 PLP (Rose) support have been addressed. These vulnerabilities could potentially lead to use-after-free flaws, further fortifying the system’s security.

 

Debian GNU/Linux 11 “Bullseye” Updates

 

The security update for Debian Bullseye focuses on addressing vulnerabilities such as:

CVE-2023-5717: A heap out-of-bounds write vulnerability in the Linux kernel’s Performance Events system, discovered by Budimir Markovic.

CVE-2021-44879: A NULL pointer dereference in the F2FS file system implementation.

CVE-2023-5178 and CVE-2023-6121: Flaws in the NVMe-oF/TCP subsystem, capable of causing a denial of service, privilege escalation, or information leak.

CVE-2023-5197: A use-after-free flaw in the netfilter subsystem found by Kevin Rich.

CVE-2023-25775: A flaw in the Intel Ethernet Controller RDMA driver, which could lead to privilege escalation.

The update also addresses race conditions in the Secure Encrypted Virtualization (SEV) implementation, Renesas Ethernet AVB support driver, library routines for handling generic kernel objects, and the io_uring subsystem.

 

Conclusion

 

To ensure the security of their systems, Debian GNU/Linux 12 “Bookworm” and Debian GNU/Linux 11 “Bullseye” users are strongly advised to update their installations to Linux kernel versions 6.1.69-1 and 5.10.205-2, respectively. Following the update, a system reboot is recommended to apply the changes effectively.

For rebootless patching, you can utilize TuxCare’s KernelCare Enterprise which automatically applies all security updates while the kernel is running. KernelCare supports all popular enterprise Linux distributions, including Debian, Ubuntu, RHEL, CentOS, Alma Linux, Oracle Linux, and more.

Learn more about live patching and how it ensures maximum security and compliance.

 

The sources for this article include a story from 9to5Linux.

Summary
Critical Linux Security Updates for Debian 12 and Debian 11
Article Name
Critical Linux Security Updates for Debian 12 and Debian 11
Description
Stay secure with Debian's latest Linux security updates! Critical patches for Bookworm and Bullseye kernels address multiple vulnerabilities.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!