Univention Bugzilla – Full Text Bug Listing |
Summary: | linux: Multiple security issues (4.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Moritz Muehlenhoff <jmm> |
Component: | Security updates | Assignee: | Moritz Muehlenhoff <jmm> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.0-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Moritz Muehlenhoff
2014-11-24 14:00:18 CET
Denial of service in amd64 register handling (CVE-2014-9090) (In reply to Moritz Muehlenhoff from comment #1) > Denial of service in amd64 register handling (CVE-2014-9090) A different code path in fault handling allows privilege escalation (CVE-2014-9322) For now we will add the 3.16.x stable kernel updates instead of updating to a more recent version of the "linux" source package in Debian. The later versions contain some packaging changes like a rename of the 486 flavour and most of the other changes are not relevant for UCS: - Many changes only affect armhf, ppc64, mips, hppa or arm64 - Backports/bugfixes with desktop focus (e.g. Apple Thunderbolt backport, iwlwifi, DRM) - Xen Netback changes were backported (UCS 4.0 no longer supports Xen Dom0) - Backport r8723au (only a staging driver) Three issues remain unfixed, they have been moved to Bug 37385 The kernel has been updated to 3.16.7-ckt2 with additional fixes for CVE-2014-9090/CVE-2014-9322. The new kernel has been signed by Janek. Tests on hardware (installing a basesystem in KVM) and as a KVM guest were successful. YAML files: 2014-12-18-linux.yaml and 2014-12-18-univention-kernel-image.yaml Tests (KVM, UEFI, SecureBoot): OK Advisories: 2014-12-18-linux.yaml: OK 2014-12-18-univention-kernel-image.yaml: OK 2014-12-18-univention-kernel-image-signed.yaml: OK |