Bug 49377 - linux: Multiple issues (4.4)
linux: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
All Linux
: P3 normal (vote)
: UCS 4.4-0-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-29 08:32 CEST by Quality Assurance
Modified: 2019-05-02 13:22 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 7.8 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-04-29 08:32:27 CEST
New Debian linux 4.9.168-1 fixes:
This update addresses the following issues:
* Information Exposure through dmesg data from a "software IO TLB" printk  call (CVE-2018-5953)
* use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)
* nfs: use-after-free in svc_process_common() (CVE-2018-16884)
* Use-after-free in sound/usb/card.c:usb_audio_probe() (CVE-2018-19824)
* oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)
* usb: missing size check in the __usb_get_extra_descriptor() leading to DoS  (CVE-2018-20169)
* Improper validation in bnx2x network card driver can allow for denial of  service attacks via crafted packet (CVE-2018-1000026)
* Heap address information leak while using L2CAP_GET_CONF_OPT  (CVE-2019-3459)
* Heap address information leak while using L2CAP_PARSE_CONF_RSP  (CVE-2019-3460)
* Missing check in net/can/gw.c:can_can_gw_rcv() allows for crash by users  with CAP_NET_ADMIN (CVE-2019-3701)
* infinite loop in drivers/hid/hid-debug.c:hid_debug_events_read()  (CVE-2019-3819)
* KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)
* KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption  timer (CVE-2019-7221)
* KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)
* memory leak in the kernel_read_file function in fs/exec.c allows to cause a  denial of service (CVE-2019-8980)
* lack of check for mmap minimum address in expand_downwards in mm/mmap.c  leads to NULL pointer dereferences exploit on non-SMAP platforms  (CVE-2019-9213)
* hwpoison implementation in mm/memory-failure.c leads to denial of service  (CVE-2019-10124)
Comment 1 Quality Assurance univentionstaff 2019-04-30 11:24:05 CEST
--- mirror/ftp/4.4/unmaintained/4.4-0/source/univention-kernel-image_11.0.1-11A~4.3.0.201812211117.dsc
+++ apt/ucs_4.4-0-errata4.4-0/source/univention-kernel-image_12.0.0-2A~4.4.0.201904301055.dsc
@@ -1,14 +1,14 @@
-11.0.1-11A~4.3.0.201812211117 [Fri, 21 Dec 2018 11:17:14 +0100] Univention builddaemon <buildd@univention.de>:
+12.0.0-2A~4.4.0.201904301055 [Tue, 30 Apr 2019 10:55:50 +0200] Univention builddaemon <buildd@univention.de>:
 
   * UCS auto build. No patches were applied to the original source package
 
-11.0.1-11 [Thu, 20 Dec 2018 16:31:02 +0100] Philipp Hahn <hahn@univention.de>:
+12.0.0-2 [Tue, 30 Apr 2019 10:16:32 +0200] Philipp Hahn <hahn@univention.de>:
 
-  * Bug #48349: Always update UCRV update/reboot/required
+  * Bug #49377: Update to linux-4.9.0-9
 
-11.0.1-10 [Thu, 20 Dec 2018 16:00:36 +0100] Philipp Hahn <hahn@univention.de>:
+12.0.0-1 [Fri, 14 Dec 2018 15:12:34 +0100] Philipp Hahn <hahn@univention.de>:
 
-  * Bug #48349: Update UCRV update/reboot/required
+  * Bug #48326: UCS-4.4-0 version bump
 
 11.0.1-9 [Tue, 21 Aug 2018 14:23:52 +0200] Philipp Hahn <hahn@univention.de>:
 

<http://10.200.17.11/4.4-0/#2624132856450274179>
Comment 2 Quality Assurance univentionstaff 2019-04-30 11:24:07 CEST
--- mirror/ftp/4.4/unmaintained/4.4-0/source/univention-kernel-image-signed_4.0.0-10A~4.3.0.201902270914.dsc
+++ apt/ucs_4.4-0-errata4.4-0/source/univention-kernel-image-signed_5.0.0-2A~4.4.0.201904301047.dsc
@@ -1,10 +1,14 @@
-4.0.0-10A~4.3.0.201902270914 [Wed, 27 Feb 2019 09:14:39 +0100] Univention builddaemon <buildd@univention.de>:
+5.0.0-2A~4.4.0.201904301047 [Tue, 30 Apr 2019 10:47:38 +0200] Univention builddaemon <buildd@univention.de>:
 
   * UCS auto build. No patches were applied to the original source package
 
-4.0.0-10 [Wed, 27 Feb 2019 09:07:51 +0100] Philipp Hahn <hahn@univention.de>:
+5.0.0-2 [Tue, 30 Apr 2019 09:02:54 +0200] Philipp Hahn <hahn@univention.de>:
 
-  * Bug #48782: Update to linux-4.9.144-3
+  * Bug #49364: Update to linux-4.9.168-1
+
+5.0.0-1 [Fri, 14 Dec 2018 15:12:34 +0100] Philipp Hahn <hahn@univention.de>:
+
+  * Bug #48326: UCS-4.4-0 version bump
 
 4.0.0-9 [Mon, 19 Nov 2018 13:21:33 +0100] Philipp Hahn <hahn@univention.de>:
 

<http://10.200.17.11/4.4-0/#2624132856450274179>
Comment 3 Philipp Hahn univentionstaff 2019-04-30 11:24:46 CEST
[4.4-0] 0e31d50686 Bug #49364: Update to linux-4.9.168-1
 .../univention-kernel-image-signed/debian/changelog   |   6 ++++++
 kernel/univention-kernel-image-signed/debian/control  |  10 +++++-----
 .../vmlinuz-4.9.0-8-amd64.efi.signed                  | Bin 4236912 -> 0 bytes
 .../vmlinuz-4.9.0-9-amd64.efi.signed                  | Bin 0 -> 4249200 bytes
 4 files changed, 11 insertions(+), 5 deletions(-)

Package: univention-kernel-image-signed
Version: 5.0.0-2A~4.4.0.201904301047
Branch: ucs_4.4-0
Scope: errata4.4-0

[4.4-0] eab2499697 Bug #49377: Update to linux-4.9.0-9
 kernel/univention-kernel-image-signed/debian/changelog | 2 +-
 kernel/univention-kernel-image/debian/changelog        | 6 ++++++
 kernel/univention-kernel-image/debian/rules            | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

[4.4-0] eb18188146 Bug #49377: Update to linux-4.9.0-9 2
 kernel/univention-kernel-image/debian/changelog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Package: univention-kernel-image
Version: 12.0.0-2A~4.4.0.201904301055
Branch: ucs_4.4-0
Scope: errata4.4-0

[4.4-0] 7829bcb4ce Bug #49377: linux 4.9.168-1
 doc/errata/staging/linux.yaml                      |  4 +-
 .../staging/univention-kernel-image-signed.yaml    | 58 ++++++++++++++++++++++
 doc/errata/staging/univention-kernel-image.yaml    | 58 ++++++++++++++++++++++
 3 files changed, 119 insertions(+), 1 deletion(-)

[4.4-0] 13a002f20d Bug #49377: univention-kernel-image 12.0.0-2A~4.4.0.201904301055
 doc/errata/staging/univention-kernel-image.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 4 Philipp Hahn univentionstaff 2019-04-30 12:19:28 CEST
OK: apt install univention-kernel-image=12.0.0-2A~4.4.0.201904301055
OK: uname -a
OK: dmesg
OK: amd64 @ kvm + BIOS
OK: amd64 @ kvm + OVMF + SB
OK: cat /sys/kernel/security/securelevel ; echo
OK: i386 @ kvm
OK: amd64 @ xen1