Univention Bugzilla – Bug 52086
(ES 4.3) linux
Last modified: 2020-11-30 12:34:20 CET
Provide linux version 4.9.228-1 for UCS 4.3 First imported at bug #51702 This updates the Linux kernel to version 4.9.228, which addresses (among others) the following security issues: * l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517) * go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak (CVE-2019-20810) * In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932 (CVE-2020-0009) * Some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749) * Use-after-free in cdev_put() when a PTP device is removed while it's chardev is open (CVE-2020-10690) * Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (CVE-2020-10766) * Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (CVE-2020-10767) * Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768) * DoS via concurrent calls to dw_spi_irq and dw_spi_transfer_one functions in drivers/spi/spi-dw.c (CVE-2020-12769) * Possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826) * ** DISPUTED ** An issue was discovered in the Linux kernel through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)
-> apt-cache show linux-image-4.9.0-13-amd64 Package: linux-image-4.9.0-13-amd64 Architecture: amd64 Version: 4.9.228-1 -> apt-cache policy linux-image-4.9.0-13-amd64 linux-image-4.9.0-13-amd64: Installiert: 4.9.228-1 Installationskandidat: 4.9.228-1 Versionstabelle: *** 4.9.228-1 500 500 http://192.168.0.10/build2 ucs_4.3-0-extsec4.3/amd64/ Packages OK - reboot
CLOSED: Released as extsec4.3 update