Bug 37143 - linux: Multiple security issues (3.2)
linux: Multiple security issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P4 normal (vote)
: UCS 3.2-4-errata
Assigned To: Moritz Muehlenhoff
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-12-02 08:49 CET by Moritz Muehlenhoff
Modified: 2014-12-17 12:53 CET (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-12-02 08:49:28 CET
These kernel issues are still unfixed in 3.10.x:

Insecure block handling (CVE-2012-4542)
Race condition in ext4 permission handling (CVE-2014-8086)
Denial of service in KVM instruction emulation (CVE-2014-3647)
Denial of service in VMX handling in KVM (CVE-2014-3645, CVE-2014-3646)
Denial of service in the VMX handling in KVM (CVE-2014-3690)
Denial of service in the dcache in the fs layer (CVE-2014-8559)
Denial of service in KVM (CVE-2014-7842)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-12-10 11:01:51 CET
Denial of service in amd64 register handling (CVE-2014-9090)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-12-16 07:01:22 CET
(In reply to Moritz Muehlenhoff from comment #1)
> Denial of service in amd64 register handling (CVE-2014-9090)

A different code path in fault handling allows privilege escalation (CVE-2014-9322)
Comment 3 Moritz Muehlenhoff univentionstaff 2014-12-16 07:05:36 CET
(In reply to Moritz Muehlenhoff from comment #0)
> Denial of service in KVM (CVE-2014-7842)

This is already fixed in UCS 3.2; the patch was merged into 3.10.61, which ended up in http://errata.univention.de/ucs/3.2/242.html
Comment 4 Moritz Muehlenhoff univentionstaff 2014-12-16 07:49:18 CET
52-nfs-acl-null-pointer-deref.patch was removed; the patch was merged into 3.10.62.
Comment 5 Moritz Muehlenhoff univentionstaff 2014-12-16 07:50:11 CET
(In reply to Moritz Muehlenhoff from comment #0)
> These kernel issues are still unfixed in 3.10.x:
> 
> Insecure block handling (CVE-2012-4542)

No upstream fix is planned for this.
Comment 6 Moritz Muehlenhoff univentionstaff 2014-12-16 07:52:01 CET
The remaining open issues are now tracked as Bug 37353
Comment 7 Janek Walkenhorst univentionstaff 2014-12-16 18:50:57 CET
Tests: OK
Advisories: OK
univention-kernel-image for amd64 is still missing
Comment 8 Moritz Muehlenhoff univentionstaff 2014-12-17 10:09:31 CET
Fixed. I've updated to 3.10.62 and added the ext2/quota patch on top.

YAML files:  
2014-12-16-univention-kernel-image.yaml
2014-12-16-linux.yaml