Bug 49364 - linux: Multiple issues (4.3)
linux: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-4-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-29 07:57 CEST by Quality Assurance
Modified: 2019-05-02 12:35 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 7.8 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-04-29 07:57:38 CEST
New Debian linux 4.9.168-1 fixes:
This update addresses the following issues:
* Information Exposure through dmesg data from a "software IO TLB" printk  call (CVE-2018-5953)
* use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)
* nfs: use-after-free in svc_process_common() (CVE-2018-16884)
* Use-after-free in sound/usb/card.c:usb_audio_probe() (CVE-2018-19824)
* oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)
* usb: missing size check in the __usb_get_extra_descriptor() leading to DoS  (CVE-2018-20169)
* Improper validation in bnx2x network card driver can allow for denial of  service attacks via crafted packet (CVE-2018-1000026)
* Heap address information leak while using L2CAP_GET_CONF_OPT  (CVE-2019-3459)
* Heap address information leak while using L2CAP_PARSE_CONF_RSP  (CVE-2019-3460)
* Missing check in net/can/gw.c:can_can_gw_rcv() allows for crash by users  with CAP_NET_ADMIN (CVE-2019-3701)
* infinite loop in drivers/hid/hid-debug.c:hid_debug_events_read()  (CVE-2019-3819)
* KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)
* KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption  timer (CVE-2019-7221)
* KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)
* memory leak in the kernel_read_file function in fs/exec.c allows to cause a  denial of service (CVE-2019-8980)
* lack of check for mmap minimum address in expand_downwards in mm/mmap.c  leads to NULL pointer dereferences exploit on non-SMAP platforms  (CVE-2019-9213)
* hwpoison implementation in mm/memory-failure.c leads to denial of service  (CVE-2019-10124)
Comment 1 Quality Assurance univentionstaff 2019-04-30 10:43:10 CEST
--- mirror/ftp/4.3/unmaintained/4.3-4/source/univention-kernel-image_11.0.1-11A~4.3.0.201812211117.dsc
+++ apt/ucs_4.3-0-errata4.3-4/source/univention-kernel-image_11.0.1-12A~4.3.0.201904301019.dsc
@@ -1,6 +1,10 @@
-11.0.1-11A~4.3.0.201812211117 [Fri, 21 Dec 2018 11:17:14 +0100] Univention builddaemon <buildd@univention.de>:
+11.0.1-12A~4.3.0.201904301019 [Tue, 30 Apr 2019 10:19:46 +0200] Univention builddaemon <buildd@univention.de>:
 
   * UCS auto build. No patches were applied to the original source package
+
+11.0.1-12 [Tue, 30 Apr 2019 10:16:32 +0200] Philipp Hahn <hahn@univention.de>:
+
+  * Bug #49364: Update to linux-4.9.0-9
 
 11.0.1-11 [Thu, 20 Dec 2018 16:31:02 +0100] Philipp Hahn <hahn@univention.de>:
 

<http://10.200.17.11/4.3-4/#7323101353368736309>
Comment 2 Quality Assurance univentionstaff 2019-04-30 10:43:13 CEST
--- mirror/ftp/4.3/unmaintained/4.3-4/source/univention-kernel-image-signed_4.0.0-10A~4.3.0.201902270914.dsc
+++ apt/ucs_4.3-0-errata4.3-4/source/univention-kernel-image-signed_4.0.0-11A~4.3.0.201904300918.dsc
@@ -1,6 +1,10 @@
-4.0.0-10A~4.3.0.201902270914 [Wed, 27 Feb 2019 09:14:39 +0100] Univention builddaemon <buildd@univention.de>:
+4.0.0-11A~4.3.0.201904300918 [Tue, 30 Apr 2019 09:18:28 +0200] Univention builddaemon <buildd@univention.de>:
 
   * UCS auto build. No patches were applied to the original source package
+
+4.0.0-11 [Tue, 30 Apr 2019 09:02:54 +0200] Philipp Hahn <hahn@univention.de>:
+
+  * Bug #49364: Update to linux-4.9.168-1
 
 4.0.0-10 [Wed, 27 Feb 2019 09:07:51 +0100] Philipp Hahn <hahn@univention.de>:
 

<http://10.200.17.11/4.3-4/#7323101353368736309>
Comment 3 Philipp Hahn univentionstaff 2019-04-30 10:43:46 CEST
[4.3-4] e0f6926564 Bug #49364: Update to linux-4.9.168-1
 .../univention-kernel-image-signed/debian/changelog   |   6 ++++++
 kernel/univention-kernel-image-signed/debian/control  |  10 +++++-----
 .../vmlinuz-4.9.0-9-amd64.efi.signed                  | Bin 0 -> 4249200 bytes
 3 files changed, 11 insertions(+), 5 deletions(-)

[4.3-4] 47b4028717 Bug #49364: Update to linux-4.9.168-1 2
 .../univention-kernel-image-signed/debian/copyright   |   2 +-
 kernel/univention-kernel-image-signed/debian/rules    |   2 +-
 .../vmlinuz-4.9.0-8-amd64.efi.signed                  | Bin 4245104 -> 0 bytes
 3 files changed, 2 insertions(+), 2 deletions(-)

Package: univention-kernel-image-signed
Version: 4.0.0-11A~4.3.0.201904300918
Branch: ucs_4.3-0
Scope: errata4.3-4

[4.3-4] fda1f4c4bb Bug #49364: Update to linux-4.9.0-9
 kernel/univention-kernel-image/debian/changelog                     | 6 ++++++
 kernel/univention-kernel-image/debian/copyright                     | 2 +-
 kernel/univention-kernel-image/debian/rules                         | 4 ++--
 .../debian/univention-kernel-image.postinst.in                      | 2 +-
 kernel/univention-kernel-image/ucs-reboot-required                  | 2 +-
 5 files changed, 11 insertions(+), 5 deletions(-)

Package: univention-kernel-image
Version: 11.0.1-12A~4.3.0.201904301019
Branch: ucs_4.3-0
Scope: errata4.3-4

[4.3-4] 1fb83ad3a1 Bug #49364: linux 4.9.168-1
 doc/errata/staging/linux.yaml                      |  4 +-
 .../staging/univention-kernel-image-signed.yaml    | 58 ++++++++++++++++++++++
 doc/errata/staging/univention-kernel-image.yaml    | 58 ++++++++++++++++++++++
 3 files changed, 119 insertions(+), 1 deletion(-)
Comment 4 Philipp Hahn univentionstaff 2019-04-30 12:19:18 CEST
OK: apt install univention-kernel-image=11.0.1-12A~4.3.0.201904301019
OK: uname -a
OK: dmesg
OK: amd64 @ kvm + BIOS
OK: amd64 @ kvm + OVMF + SB
OK: cat /sys/kernel/security/securelevel ; echo
OK: i386 @ kvm
OK: amd64 @ lynx5