Univention Bugzilla – Full Text Bug Listing |
Summary: | linux: Multiple security issues (4.1) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | major | ||
Priority: | P1 | CC: | best, gohmann, hahn, scheinig, stoeckigt, walkenhorst |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.1-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?h=linux-4.1.y | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | Yes | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 42754 |
Description
Arvid Requate
2016-10-21 12:26:29 CEST
Of those http://dirtycow.ninja/ (CVE-2016-5195) currently has these metrics: CVSSv3 base score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3 base score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) i.e. it's locally exploitable (AV:L) r16806 | Bug #42727: linux-4.1.34 for errata4.1-3 r16807 | Bug #42727: patch for CVE-2016-5195 Package: linux Version: 4.1.6-1.207.201610241620 Branch: ucs_4.1-0 Scope: errata4.1-3 r73520 | Bug #42727: Update to linux-4.1.34 plus patch for CVE-2016-5195 Package: univention-kernel-image Version: 9.0.0-12.113.201610242025 Branch: ucs_4.1-0 Scope: errata4.1-3 r73527 | Bug #42727: Update to linux-4.1.34-ucs207 r73530 | Bug #42727: Update dependency to ucs207 Package: univention-kernel-image-signed Version: 2.0.0-10.23.201610242026 Branch: ucs_4.1-0 Scope: errata4.1-3 r73512, r73528, r73531 | YAML files I've split off the remaining issues as Bug 42754. OK: 4.1.0-ucs207-686-pae @ kvm OK: 4.1.0-ucs207-amd64 @ kvm OK: 4.1.0-ucs207-amd64 @ xen14 OK: diff dmesg OK: /usr/share/doc/linux-image-`uname -r`/changelog.Debian.gz 70_CVE-2016-5195 NOT-TESTED: UEFI-SB MISSING: Merge to UCS-4.1-4 OK: errata-announce -V --only linux.yaml OK: errata-announce -V --only univention-kernel-image-signed.yaml OK: errata-announce -V --only univention-kernel-image.yaml OK: linux.yaml univention-kernel-image-signed.yaml univention-kernel-image.yaml > MISSING: Merge to UCS-4.1-4
Ok, merged in svn and copied the packages to the ucs4.1-4 apt repository.
|