Univention Bugzilla – Bug 40481
linux: Multiple security issues (4.1)
Last modified: 2016-10-05 12:46:56 CEST
Upstream Linux Kernel 4.1.15 fixes a couple of security issues: * Use-after-free vulnerability in net/unix/af_unix.c allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (CVE-2013-7446) * virtio-net: drop NETIF_F_FRAGLIST (CVE-2015-5156) * [x86] KVM: Intercept #AC to avoid guest->host denial-of-service (CVE-2015-5307) * RDS: verify the underlying transport exists before creating a connection (CVE-2015-6937) * RDS: fix race condition when sending a message on unbound socket (CVE-2015-7990) * fs/btrfs/inode.c mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action (CVE-2015-8374)
Upcoming patches which could be backported from Debian sid: * usb: serial: visor: fix crash on detecting device without write_urbs (CVE-2015-7566) * tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) (CVE-2016-0723) https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=sid&id=18e70e2c53ad469c01d7b99a33a84b54abfb3fed * unix: properly account for FDs passed over unix sockets (CVE-2013-4312) https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=sid&id=f335c0cfcc1879a21f4acdad2c6860084bf271a2 https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=sid&id=18b52b0baabd4729b293649cf49ad08323c9a069 * keyring ref leak in join_session_keyring() (CVE-2016-0728) https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=sid&id=e9490659aaedd81d48f783c9df4852e2d16ee8e4
r15760 | Bug #40481: linux-4.1-16 Dropped 70_undo_netlink-replace-rhash_portid-with-bound.patch as it is fixed upstream. CVE-2016-0728 is included in linux-4.1.16
Package: linux Version: 4.1.6-1.167.201601252247 Branch: ucs_4.1-0-errata4.1-0 Scope: errata4.1-0 r66969 | Bug #40481 kernel: Update to linux-4.1.16 r66968 | Bug #40481 kernel: Copyright 2016 r66967 | Bug #40481 kernel: Update to linux-4.1.16 Package: univention-kernel-image Version: 9.0.0-6.85.201601261412 Branch: ucs_4.1-0 Scope: errata4.1-0 Package: univention-kernel-image-signed Version: 2.0.0-4.13.201601261420 Branch: ucs_4.1-0 Scope: errata4.1-0 r66974 | Bug #40481 kernel: Update to linux-4.1.16 YAML linux.yaml univention-kernel-image-signed.yaml univention-kernel-image.yaml
Verified: * Upstream patches 4.1.13, 4.1.14, 4.1.15, 4.1.16 have been merged below patches/linux/4.1-0-0-ucs/4.1.6-1-errata4.1-0 * 66_linux-4.1.13.patch contains a trivial additional patch to make patch-4.1.12-13 apply without adjustment * The patches for CVE-2013-4312, CVE-2015-7566 and CVE-2016-0723 are Ok too * errata4.1-0 build log shows patch application and success * univention-kernel-image: ABI and dependency updated to ucs167 * univention-kernel-image-signed: updated to ucs167 * Package-Update: Ok * Boot-Tests: Ok on: ** KVM i386 ** KVM amd64 ** UEFI hardware amd64 (USB Keyboard) * Bug 40059 is not reproducible (dual core hardware amd64) * KVM-Test: Ok (hardware amd64) * Advisories: Ok (listed CVEs match patches)
<http://errata.software-univention.de/ucs/4.1/73.html> <http://errata.software-univention.de/ucs/4.1/74.html> <http://errata.software-univention.de/ucs/4.1/75.html>