Univention Bugzilla – Bug 42727
linux: Multiple security issues (4.1)
Last modified: 2016-10-26 17:09:05 CEST
There are a couple of new issues reported for the Linux Kernel: * The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. (CVE-2015-8956) * privilege escalation via MAP_PRIVATE COW breakage (CVE-2016-5195) * The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. (CVE-2016-7042) * The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. (CVE-2016-7425)
Of those http://dirtycow.ninja/ (CVE-2016-5195) currently has these metrics: CVSSv3 base score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3 base score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) i.e. it's locally exploitable (AV:L)
r16806 | Bug #42727: linux-4.1.34 for errata4.1-3 r16807 | Bug #42727: patch for CVE-2016-5195 Package: linux Version: 4.1.6-1.207.201610241620 Branch: ucs_4.1-0 Scope: errata4.1-3 r73520 | Bug #42727: Update to linux-4.1.34 plus patch for CVE-2016-5195 Package: univention-kernel-image Version: 9.0.0-12.113.201610242025 Branch: ucs_4.1-0 Scope: errata4.1-3 r73527 | Bug #42727: Update to linux-4.1.34-ucs207 r73530 | Bug #42727: Update dependency to ucs207 Package: univention-kernel-image-signed Version: 2.0.0-10.23.201610242026 Branch: ucs_4.1-0 Scope: errata4.1-3 r73512, r73528, r73531 | YAML files I've split off the remaining issues as Bug 42754.
OK: 4.1.0-ucs207-686-pae @ kvm OK: 4.1.0-ucs207-amd64 @ kvm OK: 4.1.0-ucs207-amd64 @ xen14 OK: diff dmesg OK: /usr/share/doc/linux-image-`uname -r`/changelog.Debian.gz 70_CVE-2016-5195 NOT-TESTED: UEFI-SB MISSING: Merge to UCS-4.1-4 OK: errata-announce -V --only linux.yaml OK: errata-announce -V --only univention-kernel-image-signed.yaml OK: errata-announce -V --only univention-kernel-image.yaml OK: linux.yaml univention-kernel-image-signed.yaml univention-kernel-image.yaml
> MISSING: Merge to UCS-4.1-4 Ok, merged in svn and copied the packages to the ucs4.1-4 apt repository.
<http://errata.software-univention.de/ucs/4.1/314.html> <http://errata.software-univention.de/ucs/4.1/315.html> <http://errata.software-univention.de/ucs/4.1/316.html>