Bug 40481
| Summary: | linux: Multiple security issues (4.1) | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Arvid Requate <requate> |
| Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
| Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
| Severity: | normal | ||
| Priority: | P2 | CC: | gohmann, jmm, requate, walkenhorst |
| Version: | UCS 4.1 | Flags: | requate:
Patch_Available+
|
| Target Milestone: | UCS 4.1-0-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| URL: | http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?h=linux-4.1.y | ||
| See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=40141 | ||
| What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | Security | |
| Max CVSS v3 score: | |||
|
Description
Arvid Requate
Upcoming patches which could be backported from Debian sid: * usb: serial: visor: fix crash on detecting device without write_urbs (CVE-2015-7566) * tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) (CVE-2016-0723) https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=sid&id=18e70e2c53ad469c01d7b99a33a84b54abfb3fed * unix: properly account for FDs passed over unix sockets (CVE-2013-4312) https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=sid&id=f335c0cfcc1879a21f4acdad2c6860084bf271a2 https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=sid&id=18b52b0baabd4729b293649cf49ad08323c9a069 * keyring ref leak in join_session_keyring() (CVE-2016-0728) https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=sid&id=e9490659aaedd81d48f783c9df4852e2d16ee8e4 r15760 | Bug #40481: linux-4.1-16 Dropped 70_undo_netlink-replace-rhash_portid-with-bound.patch as it is fixed upstream. CVE-2016-0728 is included in linux-4.1.16 Package: linux Version: 4.1.6-1.167.201601252247 Branch: ucs_4.1-0-errata4.1-0 Scope: errata4.1-0 r66969 | Bug #40481 kernel: Update to linux-4.1.16 r66968 | Bug #40481 kernel: Copyright 2016 r66967 | Bug #40481 kernel: Update to linux-4.1.16 Package: univention-kernel-image Version: 9.0.0-6.85.201601261412 Branch: ucs_4.1-0 Scope: errata4.1-0 Package: univention-kernel-image-signed Version: 2.0.0-4.13.201601261420 Branch: ucs_4.1-0 Scope: errata4.1-0 r66974 | Bug #40481 kernel: Update to linux-4.1.16 YAML linux.yaml univention-kernel-image-signed.yaml univention-kernel-image.yaml Verified: * Upstream patches 4.1.13, 4.1.14, 4.1.15, 4.1.16 have been merged below patches/linux/4.1-0-0-ucs/4.1.6-1-errata4.1-0 * 66_linux-4.1.13.patch contains a trivial additional patch to make patch-4.1.12-13 apply without adjustment * The patches for CVE-2013-4312, CVE-2015-7566 and CVE-2016-0723 are Ok too * errata4.1-0 build log shows patch application and success * univention-kernel-image: ABI and dependency updated to ucs167 * univention-kernel-image-signed: updated to ucs167 * Package-Update: Ok * Boot-Tests: Ok on: ** KVM i386 ** KVM amd64 ** UEFI hardware amd64 (USB Keyboard) * Bug 40059 is not reproducible (dual core hardware amd64) * KVM-Test: Ok (hardware amd64) * Advisories: Ok (listed CVEs match patches) |