Univention Bugzilla – Bug 45981
linux: Multiple security issues (4.2)
Last modified: 2018-01-11 13:35:48 CET
Kernel 4.9.75 rc1 is currently in upstream review: * https://lkml.org/lkml/2018/1/3/660 * https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/log/?h=linux-4.9.y We should pull the patches, once they are final. Amongst other things, I assume Kernel 4.9.75 will provide fixes for: * cpu: speculative execution permission faults handling (CVE-2017-5754) * cpu: speculative execution bounds-check bypass (CVE-2017-5753) * cpu: speculative execution branch target injection (CVE-2017-5715)
Debian package version 4.9.65-3+deb9u2 fixes CVE-2017-5754.
A customer already asked for a patch
Might also require <https://tracker.debian.org/news/899110> r17945 | Bug #45981: linux-4.9.75
Package: linux Version: 4.9.30-2A~4.2.0.201801051733 Branch: ucs_4.2-0 Scope: errata4.2-3 OK: Kernel/User page tables isolation: enabled ea72c9fc2d Bug #45981: Copyright 2018 8652283eff Bug #45981: Update to linux-4.9.75-ucs106 Package: univention-kernel-image-signed Version: 3.0.2-10A~4.2.0.201801081343 Branch: ucs_4.2-0 Scope: errata4.2-3 9bfa217616 Bug #45981: Copyright 2018 70c631590a Bug #45981: Update to linux-4.9.75-ucs106 Package: univention-kernel-image Version: 10.0.0-9A~4.2.0.201801081348 Branch: ucs_4.2-0 Scope: errata4.2-3 322ec43ed5 Bug #45981: linux-4.9.75 linux.yaml univention-kernel-image-signed.yaml univention-kernel-image.yaml UNFIXED: * cpu: speculative execution bounds-check bypass (CVE-2017-5753) * cpu: speculative execution branch target injection (CVE-2017-5715)
FYI: As our build system was offline last weekend, the kernel was build on kiwik. The patches were hand-applied; I forgot to list 4.9.75 in debian/changelog, but it was applied as `dmesg` shows: > Kernel/User page tables isolation: enabled
again a customer asked for patches for UCS 4.1-5 kernel: 4.1.6-1.227.201706090945 (2017-06-09)
> again a customer asked for patches for UCS 4.1-5 kernel: 4.1.6-1.227.201706090945 (2017-06-09) This is the Bug for UCS 4.2, Bug 45243 is for the UCS 4.1 kernel.
* 4.9.65 - 4.9.75 Patches: ok * Package update & reboot: ok * dmesg message found "Kernel/User page tables isolation: enabled" * UEFI Kernel boots: ok * Advisories: ok
<http://errata.software-univention.de/ucs/4.2/257.html> <http://errata.software-univention.de/ucs/4.2/258.html> <http://errata.software-univention.de/ucs/4.2/259.html>