First Last Prev Next    This bug is not in your last search results.
Bug 52086 - (ES 4.3) linux
(ES 4.3) linux
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All other
: P5 normal (vote)
: ---
Assigned To: Quality Assurance
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-09-20 21:50 CEST by Erik Damrose
Modified: 2020-11-30 12:34 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2020-09-20 21:50:29 CEST 
Provide linux version 4.9.228-1 for UCS 4.3
First imported at bug #51702

This updates the Linux kernel to version 4.9.228, which addresses (among
others) the following security issues:
* l2tp: Race condition between pppol2tp_session_create() and
  l2tp_eth_create() (CVE-2018-9517)
* go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux
  kernel before 5.6 does not call snd_card_free for a failure path, which
  causes a memory leak (CVE-2019-20810)
* In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to
  shared memory due to a permissions bypass. This could lead to local
  escalation of privilege by corrupting memory shared between processes, with
  no additional execution privileges needed. User interaction is not needed
  for exploitation. Product: Android Versions: Android kernel Android ID:
  A-142938932 (CVE-2020-0009)
* Some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749)
* Use-after-free in cdev_put() when a PTP device is removed while it's
  chardev is open (CVE-2020-10690)
* Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an
  attacker to turn off the SSBD protection. (CVE-2020-10766)
* Indirect Branch Prediction Barrier is force-disabled when STIBP is
  unavailable or enhanced IBRS is available. (CVE-2020-10767)
* Indirect branch speculation can be enabled after it was force-disabled by
  the PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768)
* DoS via concurrent calls to dw_spi_irq and dw_spi_transfer_one functions in
  drivers/spi/spi-dw.c (CVE-2020-12769)
* Possible to send arbitrary signals to a privileged (suidroot) parent
  process (CVE-2020-12826)
* ** DISPUTED ** An issue was discovered in the Linux kernel through 5.7.1.
  drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called
  several times in a row, aka CID-b86dab054059. NOTE: Members in the
  community argue that the integer overflow does not lead to a security issue
  in this case. (CVE-2020-13974)
Comment 1 Felix Botner univentionstaff 2020-11-19 13:11:02 CET 
-> apt-cache show linux-image-4.9.0-13-amd64
Package: linux-image-4.9.0-13-amd64
Architecture: amd64
Version: 4.9.228-1


-> apt-cache policy linux-image-4.9.0-13-amd64
linux-image-4.9.0-13-amd64:
  Installiert:           4.9.228-1
  Installationskandidat: 4.9.228-1
  Versionstabelle:
 *** 4.9.228-1 500
        500 http://192.168.0.10/build2 ucs_4.3-0-extsec4.3/amd64/ Packages

OK - reboot
Comment 2 Erik Damrose univentionstaff 2020-11-30 12:34:20 CET 
CLOSED: Released as extsec4.3 update
First Last Prev Next    This bug is not in your last search results.