Univention Bugzilla – Full Text Bug Listing |
Summary: | linux: Multiple security issues (3.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Stefan Gohmann <gohmann> |
Component: | Security updates | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P5 | CC: | requate, stoeckigt |
Version: | UCS 3.2 | ||
Target Milestone: | UCS 3.2-8-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?h=linux-3.10.y | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 41314 | ||
Attachments: | ucs40-linux-debian-patches.txt |
Description
Stefan Gohmann
2015-08-18 06:42:40 CEST
This is also an open issue: Denial of service in KVM instruction emulation (CVE-2014-3647) Theses issues have been fixed with Bug 38008: > * Linux mishandles int80 fork from 64-bit tasks (CVE-2015-2830) > * Buffer overruns in Linux kernel RFC4106 implementation using AESNI > (CVE-2015-3331) > * chown() was racy relative to execve() (CVE-2015-3339) These issues are fixed in v3.10.94: * It is possible to escape from bind mounts (CVE-2015-2925) * SCTP race condition allows list corruption and panic from userlevel (CVE-2015-3212) * udf: Check length of extended attributes and allocation descriptors (CVE-2015-4167) * Crafted BPF filters may crash kernel during JIT optimisation (CVE-2015-4700) * virtio-net: drop NETIF_F_FRAGLIST (CVE-2015-5156) * USB: whiteheat: fix potential null-deref at probe (CVE-2015-5257) * Creating multiple sockets when SCTP module isn't loaded leads to kernel panic (CVE-2015-5283) * RDS: verify the underlying transport exists before creating a connection (CVE-2015-6937) * ipc: Initialize msg/shm IPC objects before doing ipc_addid() (CVE-2015-7613) Created attachment 7422 [details] ucs40-linux-debian-patches.txt The Debian jessie kernel 3.16 package used in UCS 4.0 (Bug #38764) contains patches for additional issues (see attached list): CVE-2013-4312 CVE-2013-7446 CVE-2015-1333 CVE-2015-3290 CVE-2015-4692 CVE-2015-5156 CVE-2015-5257 CVE-2015-5283 CVE-2015-5307 CVE-2015-5364 CVE-2015-5366 CVE-2015-5697 CVE-2015-5706 CVE-2015-5707 CVE-2015-6252 CVE-2015-6937 CVE-2015-7513 CVE-2015-7550 CVE-2015-7566 CVE-2015-7613 CVE-2015-7799 CVE-2015-7833 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8374 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575 CVE-2015-8709 CVE-2015-8767 CVE-2016-0723 CVE-2016-0728 According to the git commit IDs v3.10.96 fixes: CVE-2013-4312 CVE-2013-7446 CVE-2015-7550 CVE-2015-7799 CVE-2015-7872 CVE-2015-8543 CVE-2015-8569 CVE-2015-8575 CVE-2016-0728 I imported the git tag diffs from v3.10.87 up to and including v3.10.96 and applied them as debian/patches. * Tested on KVM (i386 and amd64) and hardware (amd and intel) * dmesg shows no significant diff between 3.10.0-ucs139 and 3.10.0-ucs168 * usb storage mount ok * KVM virtualization of a windows 7 amd64 (virtio) ok * Xen virtualization of a windows 7 amd64 (gplpv) ok * ucs-test-samba4 ok Advisories: linux.yaml and univention-kernel-image.yaml Tests are OK so far, but the culprit of the UCS 4.1 kernel bug #40558 is also merged in this version. unix: properly account for FDs passed over unix sockets https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=df87da0783c4492b944badfea9d5c3c56b834697 https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.96 ->REOPEN Ok, I could reproduce it with make test samba3.raw.composite, but only with the tests build from samba git (samba 4.5.0-pre...1), not with the samba-testsuite from ucs3.2-8. I adjusted the patches like done for Bug 40558, which includes reverting the patch for CVE-2013-4312. Advisories: univention-kernel-image.yaml, linux.yaml 3.10.0-ucs175 OK - build with patches OK - samba test, amd64/i386 KVM OK - i386 kvm Hardware OK - win 8 installation OK - ucs 41 installation OK - amd64 xen Hardware OK - win 10 installation OK - ucs 41 installation OK - linux.yaml OK - univention-kernel-image.yaml |