-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5402-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 13, 2023                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2023-0386 CVE-2023-31436 CVE-2023-32233

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2023-0386

    It was discovered that under certain conditions the overlayfs
    filesystem implementation did not properly handle copy up
    operations. A local user permitted to mount overlay mounts in user
    namespaces can take advantage of this flaw for local privilege
    escalation.

CVE-2023-31436

    Gwangun Jung reported a a flaw causing heap out-of-bounds read/write
    errors in the traffic control subsystem for the Quick Fair Queueing
    scheduler (QFQ) which may result in information leak, denial of
    service or privilege escalation.

CVE-2023-32233

    Patryk Sondej and Piotr Krysiuk discovered a use-after-free flaw in
    the Netfilter nf_tables implementation when processing batch
    requests, which may result in local privilege escalation for a user
    with the CAP_NET_ADMIN capability in any user or network namespace.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.179-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRfblBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S/ehAAimoZ2PphbMF53apge94ZKEnKKG2k43nEIDBumQsa8tFCmVxHKrxTV+qo
2OnkmuXO2W7kexlHNtnHfKie7pYI+0vLrxNQqyBBDHfUAvUC7cvVgZUG+O+K9v+r
TY60UJBkVwW3bY99MUMtwSsy0pN7dHqc/YQTWacPYSVuZ/GRn5/PLhDu9p6vdROD
BxYtcGF93I0EfGgjCqPZ16rivCwtIck4/GaQCBgypDa2N0h92Y/uTEebaA3LEC72
DuiJc1kPHpecGe11Xay1+KVt0q3CjwAxbjj740t/ySn+OzGqbSRpLk5IIsLuZL8F
hh+tsB3PDTpO9yOVNokO7h0wlja03uVFyddwPf8jkv0fsFo26OTkl1aISA6/gmT2
hymNBwPs5OAxX2f7Fe9jwHllBlLCb+xwiejBcrdNUMOsG2Krd7B5ABlj4shQPylQ
9NxPHgk9GrCjBFcRaCPoQBaIw5AT7R3Rv7xkyH/XzlXCvuckiJlZMwIw7AVDnRtv
orZ42xSxaZu1AyIVv48f2JinLrLTBIjj7BQrzq5M+9SXL3bGbv9ChzwoxSK7STc4
UJ13fZxmQbC50c0xmT1VbiYDIeE85cCOkuF+Heyqw3vJioFFl9tHEt8GT1FrHoUl
9IcX1l0CB62Sh7s8jdFnvSVur5ZfZbXyUIxWeNIHrF9PinQsVJY=
=sqnY
-----END PGP SIGNATURE-----