Univention Bugzilla – Bug 52085
(ES 4.3) univention-kernel-image-signed
Last modified: 2020-11-30 18:17:27 CET
Provide univention-kernel-image-signed version 5.0.0-12A~4.4.0.202007231029 for UCS 4.3 First imported at bug #51702 This updates the Linux kernel to version 4.9.228, which addresses (among others) the following security issues: * l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517) * go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak (CVE-2019-20810) * In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932 (CVE-2020-0009) * Some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749) * Use-after-free in cdev_put() when a PTP device is removed while it's chardev is open (CVE-2020-10690) * Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (CVE-2020-10766) * Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (CVE-2020-10767) * Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768) * DoS via concurrent calls to dw_spi_irq and dw_spi_transfer_one functions in drivers/spi/spi-dw.c (CVE-2020-12769) * Possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826) * ** DISPUTED ** An issue was discovered in the Linux kernel through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)
univention-kernel-image depends on linux-image-4.9.0-13-amd64-signed, no (bin) package univention-kernel-image-signed, is that OK? How can i check the signature, or is it OK just to install the signed kernel image? -> apt-cache policy linux-image-4.9.0-13-amd64-signed linux-image-4.9.0-13-amd64-signed: Installiert: 5.0.0-12A~4.4.0.202007231029 Installationskandidat: 5.0.0-12A~4.4.0.202007231029 Versionstabelle: *** 5.0.0-12A~4.4.0.202007231029 500 500 http://192.168.0.10/build2 ucs_4.3-0-extsec4.3/amd64/ Packages
u-kernel-image does not depend on the -signed package in UCS, thats ok. For information about checking the signature, see our internal wiki: https://hutten.knut.univention.de/mediawiki/index.php/Philipp_memo/Linux-Kernel#Signaturen At this bug we just copy the packages that were tested at bug 51702, i think just the package installation is enough.
OK
CLOSED: Released as extsec4.3 update