Bug 35397 - linux: Multiple security issues (3.2)
linux: Multiple security issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P3 normal (vote)
: UCS 3.2-4-errata
Assigned To: Moritz Muehlenhoff
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-17 14:49 CEST by Moritz Muehlenhoff
Modified: 2014-12-03 14:48 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-07-17 14:49:24 CEST
These vulnerabilities are still unfixed in 3.10.x:

Insecure block handling (CVE-2012-4542)
Information leak in vhost-net zerocopy support (CVE-2014-0131)
Information leak in skb_zerocopy  (CVE-2014-2568)
Denial of service in memory management (CVE-2014-4171)
Denial of service in SCTP (CVE-2014-4667)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-09-08 11:21:14 CEST
Denial of service in isofs (CVE-2014-5471, CVE-2014-5472)

Denial of service in KVM (CVE-2014-3601)

Incorrect reference counting the dealing with symlink in the VFS layer (CVE-2014-5045)

Denial of service in SCTP (CVE-2014-5077)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-10-02 13:38:02 CEST
Denial of service in the ceph cluster filesystem (CVE-2014-6416, CVE-2014-6417,CVE-2014-6418)
Denial of service in the UDF filesystem (CVE-2014-6410)
Privilege escalation in special HID drivers (CVE-2014-3181, CVE-2014-3182, CVE-2014-3183, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186)
Comment 3 Moritz Muehlenhoff univentionstaff 2014-10-07 12:30:46 CEST
Denial of service in CIFS (CVE-2014-7145)
Denial of service in XFS (CVE-2014-7283)
Comment 4 Moritz Muehlenhoff univentionstaff 2014-10-09 12:50:10 CEST
(In reply to Moritz Muehlenhoff from comment #1)
> Incorrect reference counting the dealing with symlink in the VFS layer
> (CVE-2014-5045)

This was introduced in 3.12, so 3.2 is not affected
Comment 5 Moritz Muehlenhoff univentionstaff 2014-10-09 13:29:55 CEST
These issues are fixed in 3.10.56:
Information leak in skb_zerocopy (CVE-2014-2568) (3.10.51)
Denial of service in memory management (CVE-2014-4171) (3.10.50)
Denial of service in SCTP (CVE-2014-4667) (3.10.45)
Denial of service in isofs (CVE-2014-5471, CVE-2014-5472) (3.10.54)
Denial of service in KVM (CVE-2014-3601) (3.10.54)
Denial of service in SCTP (CVE-2014-5077) (3.10.53)
Denial of service in the ceph cluster filesystem (CVE-2014-6416, CVE-2014-6417,CVE-2014-6418) (3.10.55)
Privilege escalation in special HID drivers (CVE-2014-3181, CVE-2014-3182, CVE-2014-3183, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186) (3.10.54 and 3.10.56)
Denial of service in CIFS (CVE-2014-7145) (3.10.55)
Denial of service in XFS (CVE-2014-7283) (3.10.39)



These are still unfixed in 3.10.x:
Insecure block handling (CVE-2012-4542)
Information leak in vhost-net zerocopy support (CVE-2014-0131)
Denial of service in the UDF filesystem (CVE-2014-6410)
Comment 6 Moritz Muehlenhoff univentionstaff 2014-10-14 12:27:49 CEST
Race condition in ext4 permission handling (CVE-2014-8086)
Denial of service in the VFS layer when dealing with user namespaces (CVE-2014-7970, CVE-2014-7975)
Comment 7 Moritz Muehlenhoff univentionstaff 2014-10-24 12:44:32 CEST
Three denial of service vulnerabilities in SCTP (CVE-2014-3673, CVE-2014-3687, CVE-2014-3688)
Comment 8 Moritz Muehlenhoff univentionstaff 2014-10-29 13:03:42 CET
Denial of service in KVM instruction emulation (CVE-2014-3647)
Denial of service in VMX handling in KVM (CVE-2014-3645, CVE-2014-3646)
Race condition in PIT handler in KVM (CVE-2014-3611)
Comment 9 Moritz Muehlenhoff univentionstaff 2014-10-29 13:05:37 CET
Denial of service in handling on MSR registers in KVM (CVE-2014-3610)
Comment 10 Philipp Hahn univentionstaff 2014-10-31 14:13:22 CET
Please include <https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-3.10.y&id=c771cc33f93bac30415cdb6d4f9619261fbd1a9c> or update to at least v3.10.50 (git tag -l --contains c771cc33f93bac30415cdb6d4f9619261fbd1a9c).

Ticket #2014103121000214
Comment 11 Moritz Muehlenhoff univentionstaff 2014-11-05 17:17:30 CET
Denial of service in the VMX handling in KVM (CVE-2014-3690)
Denial of service in the dcache in the fs layer (CVE-2014-8559)
Comment 12 Moritz Muehlenhoff univentionstaff 2014-11-24 13:59:22 CET
Local denial of service in syscall perf profiling (CVE-2014-7825)
Privilege escalation in ftrace syscall tracing (CVE-2014-7826)
Denial of service in SCTP (CVE-2014-7841)
Denial of service in KVM (CVE-2014-7842)
Buffer overflow in ttusb-dec (CVE-2014-8884)
Comment 13 Moritz Muehlenhoff univentionstaff 2014-11-25 10:20:01 CET
These issues are fixed in 3.10.61:

Information leak in vhost-net zerocopy support (CVE-2014-0131) (3.10.46)
Information leak in skb_zerocopy (CVE-2014-2568) (3.10.51)
Denial of service in memory management (CVE-2014-4171) (3.10.50)
Denial of service in SCTP (CVE-2014-4667) (3.10.45)
Denial of service in isofs (CVE-2014-5471, CVE-2014-5472) (3.10.54)
Denial of service in KVM (CVE-2014-3601) (3.10.54)
Denial of service in SCTP (CVE-2014-5077) (3.10.53)
Denial of service in the ceph cluster filesystem (CVE-2014-6416, CVE-2014-6417,CVE-2014-6418) (3.10.55)
Privilege escalation in special HID drivers (CVE-2014-3181, CVE-2014-3182, CVE-2014-3183, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186) (3.10.54 and 3.10.56)
Denial of service in CIFS (CVE-2014-7145) (3.10.55)
Denial of service in XFS (CVE-2014-7283) (3.10.39)
Denial of service in the UDF filesystem (CVE-2014-6410) (3.10.57)
Denial of service in the VFS layer when dealing with user namespaces (CVE-2014-7970, CVE-2014-7975) (3.10.59 and 3.10.60)
Three denial of service vulnerabilities in SCTP (CVE-2014-3673, CVE-2014-3687, CVE-2014-3688) (3.10.61)
Race condition in PIT handler in KVM (CVE-2014-3611) (3.10.60)  
Denial of service in handling on MSR registers in KVM (CVE-2014-3610) (3.10.60) 
Local denial of service in syscall perf profiling (CVE-2014-7825) (3.10.60)
Privilege escalation in ftrace syscall tracing (CVE-2014-7826) (3.10.60)
Denial of service in SCTP (CVE-2014-7841) (3.10.61)
Buffer overflow in ttusb-dec (CVE-2014-8884) (3.10.61)


These are still unfixed in 3.10.x:

Insecure block handling (CVE-2012-4542)
Race condition in ext4 permission handling (CVE-2014-8086)
Denial of service in KVM instruction emulation (CVE-2014-3647)
Denial of service in VMX handling in KVM (CVE-2014-3645, CVE-2014-3646)
Denial of service in the VMX handling in KVM (CVE-2014-3690)
Denial of service in the dcache in the fs layer (CVE-2014-8559)
Denial of service in KVM (CVE-2014-7842)
Comment 14 Moritz Muehlenhoff univentionstaff 2014-11-27 15:37:42 CET
These patches have been dropped while updating to 3.10.61:

51-CVE-2014-4699.patch -> The patch was merged into 3.10.47
52-CVE-2014-4943.patch -> The patch was merged into 3.10.52
53-kvm-div0.patch -> The patch was merged into 3.10.56
Comment 15 Moritz Muehlenhoff univentionstaff 2014-12-01 10:25:46 CET
Tests with both the amd64 and i386 version on hardware (xen5/6) and in KVM were
successful. I've also successfully installed a base system in KVM on i386
and amd64.

YAML files:  2014-12-01-linux.yaml 2014-12-01-univention-kernel-image.yaml
Comment 16 Moritz Muehlenhoff univentionstaff 2014-12-02 08:50:01 CET
(In reply to Moritz Muehlenhoff from comment #13)
> These are still unfixed in 3.10.x:
> 
> Insecure block handling (CVE-2012-4542)
> Race condition in ext4 permission handling (CVE-2014-8086)
> Denial of service in KVM instruction emulation (CVE-2014-3647)
> Denial of service in VMX handling in KVM (CVE-2014-3645, CVE-2014-3646)
> Denial of service in the VMX handling in KVM (CVE-2014-3690)
> Denial of service in the dcache in the fs layer (CVE-2014-8559)
> Denial of service in KVM (CVE-2014-7842)

-> Bug 37143 has been created for these
Comment 17 Philipp Hahn univentionstaff 2014-12-02 16:25:40 CET
OK: i386 KVM
OK: amd64 KVM
OK: amd64 xen12
OK: amd64 xen2=xen
OK: uname -r # 3.10.0-ucs107-amd64
OK: /usr/share/doc/linux-image-3.10.0-ucs107-amd64/changelog.Debian.gz
    50-xen-netback-track-device-mapping
OK: nm /lib/modules/3.10.0-ucs107-amd64/kernel/drivers/net/xen-netback/xen-netback.ko | grep t_rings
    52-nfs-acl-null-pointer-deref
OK: objdump -t /lib/modules/3.10.0-ucs107-amd64/kernel/fs/nfsd/nfsd.ko | grep set_nfsv4_acl_one
OK: aptitude install univention-kernel-image univention-kernel-headers
OK: announce_errata -V 2014-12-01-linux.yaml
OK: announce_errata -V 2014-12-01-univention-kernel-image.yaml
OK: less 2014-12-01-linux.yaml 2014-12-01-univention-kernel-image.yaml

(In reply to Moritz Muehlenhoff from comment #14)
> 51-CVE-2014-4699.patch -> The patch was merged into 3.10.47
> 52-CVE-2014-4943.patch -> The patch was merged into 3.10.52
> 53-kvm-div0.patch -> The patch was merged into 3.10.56
OK

(In reply to Moritz Muehlenhoff from comment #16)
> (In reply to Moritz Muehlenhoff from comment #13)
> > These are still unfixed in 3.10.x:
...
> -> Bug 37143 has been created for these
OK