Debian has received a new Linux kernel security update. This new update fixes four major security flaws in the open source platform.
As announced by the Debian Security Advisory team, the latest Debian update has emerged as a result of vulnerabilities that were spotted in the Linux kernel. Among all the vulnerabilities discovered by hackers and researchers, the update has majorly fixed the bug in the TCP Challenge ACK feature that could have allowed remote attackers to impersonate some new connections to the server without informing its user.
“Linux’s implementation of the TCP Challenge ACK feature results in a side channel that can be used to find TCP connections between specific IP addresses, and to inject messages into those connections,” Debian developer Salvatore Bonaccorso explained in the announcement email.
The Debian team has increased the rate limit for TCP Challenge ACKs to resolve the issue.
It is worth noting that Debian was not the only Linux-based platform that was affected by the TCP flaw. The same bug affected over a billion Android devices. Also, many popular Linux distributions with some dated kernel versions are also vulnerable to attacks through the TCP stain.
Apart from the TCP fix, the Debian update improves the audit subsystem in the Linux kernel. It also fixes ‘user-after-free bug in the TCP implementation and includes the aacraid driver for Adaptec RAID controllers.
The update brings Debian GNU/Linux 8.5 “Jessie” to deliver all the tweaks and improvements through a single package. You can download this new version directly from the formal repositories and install its presence on your system by reaching a package manager.