Affecting the long-term supported Linux 4.9 kernel used by the Debian GNU/Linux 9 “Stretch” operating system series, there are a total of 18 security vulnerabilities patched in this major update that have been discovered in the upstream Linux kernel and may lead to information leaks, privilege escalation, or denial of service. These include a memory leak in the irda_bind function and a flaw in the irda_setsockopt function of Linux kernel’s IrDA subsystem, a flaw in the fd_locked_ioctl function in the Floppy driver, a buffer overflow in the Bluetooth HIDP implementation, and a double-realloc (double free) flaw in the rawmidi kernel driver.