Bug 35226 - linux: L2TP privilege escalation (3.2)
linux: L2TP privilege escalation (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P3 normal (vote)
: UCS 3.2-2-errata
Assigned To: Moritz Muehlenhoff
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-01 14:07 CEST by Moritz Muehlenhoff
Modified: 2014-07-18 16:53 CEST (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-07-01 14:07:16 CEST
These vulnerabilities are still unfixed in 3.10.x:

Insecure block handling (CVE-2012-4542)
Information leak in vhost-net zerocopy support (CVE-2014-0131)
Information leak in skb_zerocopy  (CVE-2014-2568)
Denial of service in memory management (CVE-2014-4171)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-07-17 10:00:33 CEST
Privilege escalation using L2TP sockets (CVE-2014-4943)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-07-17 14:50:12 CEST
We will only fix the L2TP issue in this update, the other bugs have been moved to Bug 35397
Comment 3 Moritz Muehlenhoff univentionstaff 2014-07-18 09:28:08 CEST
The patch has been integrated and built, the meta package was updated. Hardware tests on i386 and amd64 were successful, I also tested the installation of a UCS base system on a UVMM/KVM system running the updated kernel.

YAML files:
2014-07-18-linux.yaml and 2014-07-18-univention-kernel-image.yaml
Comment 4 Janek Walkenhorst univentionstaff 2014-07-18 14:28:56 CEST
Tests (KVM): OK
Advisories: OK