Patches are available for Debian GNU/Linux 9 and 10 systems

Nov 14, 2019 17:55 GMT  ·  By

The Debian Project released new Linux kernel security updates for its supported Debian GNU/Linux releases to address the latest vulnerabilities affecting Intel CPU microarchitectures.

As reported earlier this week, four new security vulnerabilities have been discovered in the Linux kernel and with an impact on Intel CPUs, namely CVE-2019-11135, CVE-2018-12207, CVE-2019-0154 and CVE-2019-0155, which may lead to privilege escalation, information leak, as well as denial of service.

Following on the footsteps of Canonical and Red Hat, Debian Project has also released new Linux kernel security patches, along with new intel-microcode updates to mitigate all these new vulnerabilities in the Debian GNU/Linux 9 "Stretch" and Debian GNU/Linux 10 "Buster" operating systems.

Users are urged to update their systems immediately

The Debian Project recommends all users of the Debian GNU/Linux 9 "Stretch" and Debian GNU/Linux 10 "Buster" operating systems to update their installations as soon as possible to the new Linux kernel versions, namely 4.9.189-3+deb9u2 for Debian Stretch and 4.19.67-2+deb10u2 for Debian Buster.

Users should also take into consideration the fact that the CVE-2019-11135 security flaw affecting Intel CPUs supporting transactional memory (TSX) requires the latest intel-microcode version, which is 3.20191112.1~deb9u1 for Debian Stretch systems and 3.20191112.1~deb10u1 for Debian Buster systems.

"This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected CPUs, to fully mitigate the vulnerability it is also necessary to update the Linux kernel packages," reads the security advisory.

Please note that the latest intel-microcode updates for Debian GNU/Linux systems are only available the Debian non-free repository. However, the Debian Project notes the fact that it may also be available as part of a system firmware (BIOS) update. After installing the new Linux kernel and intel-microcode versions, reboot your systems.