Univention Bugzilla – Full Text Bug Listing |
Summary: | linux: Multiple security issues (3.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Moritz Muehlenhoff <jmm> |
Component: | Security updates | Assignee: | Moritz Muehlenhoff <jmm> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P4 | ||
Version: | UCS 3.2 | ||
Target Milestone: | UCS 3.2-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Moritz Muehlenhoff
2014-12-02 08:49:28 CET
Denial of service in amd64 register handling (CVE-2014-9090) (In reply to Moritz Muehlenhoff from comment #1) > Denial of service in amd64 register handling (CVE-2014-9090) A different code path in fault handling allows privilege escalation (CVE-2014-9322) (In reply to Moritz Muehlenhoff from comment #0) > Denial of service in KVM (CVE-2014-7842) This is already fixed in UCS 3.2; the patch was merged into 3.10.61, which ended up in http://errata.univention.de/ucs/3.2/242.html 52-nfs-acl-null-pointer-deref.patch was removed; the patch was merged into 3.10.62. (In reply to Moritz Muehlenhoff from comment #0) > These kernel issues are still unfixed in 3.10.x: > > Insecure block handling (CVE-2012-4542) No upstream fix is planned for this. The remaining open issues are now tracked as Bug 37353 Tests: OK Advisories: OK univention-kernel-image for amd64 is still missing Fixed. I've updated to 3.10.62 and added the ext2/quota patch on top. YAML files: 2014-12-16-univention-kernel-image.yaml 2014-12-16-linux.yaml |