Univention Bugzilla – Bug 51702
linux: Multiple issues (4.4)
Last modified: 2020-07-29 16:50:36 CEST
New Debian linux 4.9.228-1 fixes: This update addresses the following issues: * l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517) * go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak (CVE-2019-20810) * In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932 (CVE-2020-0009) * some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749) * use-after-free in cdev_put() when a PTP device is removed while it's chardev is open (CVE-2020-10690) * Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (CVE-2020-10766) * Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (CVE-2020-10767) * Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768) * DoS via concurrent calls to dw_spi_irq and dw_spi_transfer_one functions in drivers/spi/spi-dw.c (CVE-2020-12769) * possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826) * ** DISPUTED ** An issue was discovered in the Linux kernel through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)
--- mirror/ftp/4.4/unmaintained/4.4-4/source/univention-kernel-image_12.0.0-4A~4.4.0.202002271621.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/univention-kernel-image_12.0.0-5A~4.4.0.202007231023.dsc @@ -1,6 +1,10 @@ -12.0.0-4A~4.4.0.202002271621 [Thu, 27 Feb 2020 16:21:28 +0100] Univention builddaemon <buildd@univention.de>: +12.0.0-5A~4.4.0.202007231023 [Thu, 23 Jul 2020 10:23:20 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. No patches were applied to the original source package + +12.0.0-5 [Thu, 23 Jul 2020 10:18:25 +0200] Philipp Hahn <hahn@univention.de>: + + * Bug #51702: Update to linux-4.9.0-13 12.0.0-4 [Thu, 27 Feb 2020 16:20:13 +0100] Philipp Hahn <hahn@univention.de>: <http://10.200.17.11/4.4-5/#929156092278504870>
--- mirror/ftp/4.4/unmaintained/4.4-5/source/univention-kernel-image-signed_5.0.0-11A~4.4.0.202006171143.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/univention-kernel-image-signed_5.0.0-12A~4.4.0.202007231029.dsc @@ -1,6 +1,10 @@ -5.0.0-11A~4.4.0.202006171143 [Wed, 17 Jun 2020 11:43:04 +0200] Univention builddaemon <buildd@univention.de>: +5.0.0-12A~4.4.0.202007231029 [Thu, 23 Jul 2020 10:29:58 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. No patches were applied to the original source package + +5.0.0-12 [Thu, 23 Jul 2020 10:28:28 +0200] Philipp Hahn <hahn@univention.de>: + + * Bug #51702: Update to linux-4.9.228-1 5.0.0-11 [Wed, 17 Jun 2020 11:30:09 +0200] Philipp Hahn <hahn@univention.de>: <http://10.200.17.11/4.4-5/#929156092278504870>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts ABI change lead to new package names OK: apt install -t apt univention-kernel-image OK: amd64 @ kvm + SeaBIOS OK: amd64 @ kvm + OVMF + SB OK: cat /sys/kernel/security/securelevel OK: amd64 @ hdmi1 OK: i386 @ kvm OK: uname -a OK: dmesg -H OK: ./linux-dmesg-norm -a OK: YAML OK: announce-errata -V [4.4-5] cf73bb4b7e Bug #51702: linux 4.9.228-1 doc/errata/staging/linux.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) [4.4-5] 71a30fbe7c Bug #51702: Update to linux-4.9.0-13 doc/errata/staging/linux.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) [4.4-5] 8a454c2a41 Bug #51702: linux 4.9.228-1 doc/errata/staging/linux.yaml | 50 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x680> <https://errata.software-univention.de/#/?erratum=4.4x681> <https://errata.software-univention.de/#/?erratum=4.4x682>