Univention Bugzilla – Full Text Bug Listing |
Summary: | linux: Multiple security issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Erik Damrose <damrose> |
Severity: | normal | ||
Priority: | P5 | CC: | damrose, gohmann, hahn |
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://hutten.knut.univention.de/mediawiki/index.php/Arvid_memo/Security/Kernel#UCS_4.2 | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | Yes | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2017091521000331 | Bug group (optional): | Security |
Max CVSS v3 score: | 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) | ||
Bug Depends on: | 45471 | ||
Bug Blocks: | 45981 |
Description
Arvid Requate
2017-08-22 15:06:47 CEST
CVE-2017-1000253 - load_elf_binary does not allocate sufficient space r17678 | Bug #45242: linux-4.9.51 r17679 | Bug #45242: linux-4.9.52 r17680 | Bug #45242: linux-4.9.52 ucs105 Package: linux Version: 4.9.30-2A~4.2.0.201709271647 Version: 4.9.30-2A~4.2.0.201709271649 Branch: ucs_4.2-0 Scope: errata4.2-2 OK diff <(linux-dmesg-norm 4.9.0-ucs104-amd64) <(linux-dmesg-norm 4.9.0-ucs105-amd64) 110,112c110,112 < 1 Freeing SMP alternatives memory: `SIZE` (`ADDR` - `ADDR`) < 1 Freeing initrd memory: `SIZE` (`ADDR` - `ADDR`) < 3 Freeing unused kernel memory: `SIZE` (`ADDR` - `ADDR`) --- > 1 Freeing SMP alternatives memory: `SIZE` > 1 Freeing initrd memory: `SIZE` > 3 Freeing unused kernel memory: `SIZE` b562d89aa69d | Bug #45242: Update to linux-4.9.52-ucs105 a76294c178af | Bug #45242: Re-add lost entry from errata4.2-0 Package: univention-kernel-image-signed Version: 3.0.2-6A~4.2.0.201709281352 Branch: ucs_4.2-0 Scope: errata4.2-2 6e21d4b743 | Bug #45242: Update to linux-4.9.52-ucs105 Package: univention-kernel-image Version: 10.0.0-8A~4.2.0.201709281400 Branch: ucs_4.2-0 Scope: errata4.2-2 As our EV Cert expired "Sep 20 12:00:00 2017 GMT", we need to build a new shim and grub, too. 8b60c503a3 Bug #45242: linux-4.9.52 yaml Probably need backport of "v4.13-rc3~16^2~2^2~1" = "xen-blkfront: fix mq start/stop race" for Ticket#2017091521000331 If we do, we should request an official backport into stable/4.9.y, too. Additional issued fixed in 52..56: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.53 CVE-2017-12154: kvm: nVMX: Don't allow L2 to access the hardware CR8 CVE-2017-1000252: KVM: VMX: Do not BUG() on out-of-bounds guest IRQ CVE-2017-12153: nl80211: check for the required netlink attributes presence https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.54 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.55 CVE-2017-7518: KVM: x86: fix singlestepping over syscall CVE-2017-0786: brcmfmac: add length check in brcmf_cfg80211_escan_handler() CVE-2017-1000255: powerpc/64s: Use emergency stack for kernel TM Bad Thing program checks https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.56 cd linux && git log v4.9.52..v4.9.56 | grep --only '[0-9a-f]\{40\}' | sort -u > /tmp/linux49 cd kernel-sec && find -type f -exec grep -F -f /tmp/linux49 {} + CVE-2017-12192: NULL pointer dereference due to KEYCTL_READ on negative key CVE-2017-14156: atyfb_ioctl stack memory leak CVE-2017-14489: scsi: nlmsg not properly parsed in iscsi_if_rx function CVE-2017-14991: scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE r17682 | Bug #45242: linux-4.9.56 Package: linux Version: 4.9.30-2A~4.2.0.201710161640 Branch: ucs_4.2-0 Scope: errata4.2-2 QA: amd64@kvm OK QA: amd64@lynx OK QA: dmesg OK TODO: UEFI blocked by Bug #45471 TBD: 4.9.56+xen-patch sill crashes on Xen (Ticket#2017091521000331) r17688 | Bug #45242: linux-4.9.60 r17689 | Bug #45242: Fix broken patch Package: linux Version: 4.9.30-2A~4.2.0.201711031638 Branch: ucs_4.2-0 Scope: errata4.2-2 yaml: 54a4842f11, fc2c49296a univention-kernel-image-signed: 20de78ecf1 Package: univention-kernel-image-signed Version: 3.0.2-6A~4.2.0.201711071050 Branch: ucs_4.2-0 Scope: errata4.2-2 OK: amd64 @ kvm OK: amd64 @ xen1 diff <(linux-dmesg-norm /tmp/4.9.0-ucs104-amd64) <(linux-dmesg-norm /tmp/4.9.0-ucs105-amd64) FYI: 4.9.61 is WIP and ETA November 8-9th FYI: Ticket#2017091521000331 remains unfixed r17712 | Bug #45242: linux-4.9.63 dropped xen specific patch as it did not fix the issue Package: linux Version: 4.9.30-2A~4.2.0.201711191221 Branch: ucs_4.2-0 Scope: errata4.2-2 TODO: univention-kernel-image-signed 3ab109b6bb Bug #45242: Update to linux-4.9.63-ucs105 b229c8b156 Bug #45242: Resign linux-4.9.63-ucs105 with old key Package: univention-kernel-image-signed Version: 3.0.2-7A~4.2.0.201711210922 Version: 3.0.2-8A~4.2.0.201711211125 Branch: ucs_4.2-0 Scope: errata4.2-2 91728fcd7c Bug #45242: Resign linux-4.9.63-ucs105 with old key YAML 941f3911cb Bug #45242: linux-4.9.63 YAML 4.9.64 is scheduled for Tue Nov 21 14:35:13 UTC 2017, which has additional fixes: CVE-2017-16537: media: imon: Fix null-ptr-deref in imon_probe CVE-2017-16646: media: dib0700: fix invalid dvb_detach argument OK: zless /usr/share/doc/linux-image-`uname -r`/changelog.Debian.gz OK: diff <(linux-dmesg-norm 4.9.0-ucs104-amd64) <(linux-dmesg-norm 4.9.0-ucs105-amd64) OK: amd64 @ kvm OK: amd64 @ xen1 OK: amd64 UEFI SB @ kvm r17717 | Bug #45242: linux-4.9.64 Package: linux Version: 4.9.30-2A~4.2.0.201711211801 Branch: ucs_4.2-0 Scope: errata4.2-2 aaf363642b Bug #45242: Update to linux-4.9.63-ucs105 Package: univention-kernel-image-signed Version: 3.0.2-9A~4.2.0.201711220905 Branch: ucs_4.2-0 Scope: errata4.2-2 OK: zless /usr/share/doc/linux-image-`uname -r`/changelog.Debian.gz OK: diff <(linux-dmesg-norm 4.9.0-ucs104-amd64) <(linux-dmesg-norm 4.9.0-ucs105-amd64) OK: amd64 @ kvm OK: amd64 @ xen1 OK: amd64 UEFI SB @ kvm OK: 4.9.64 (univention-kernel-image-signed Changelog says .63 erroneously but has the correct signed image) OK: Kernel update and boot OK: Booting with new kernel on updated UCS installation, using the 'UEFI System' OK~: I moved the yaml files to 4.2-3, adjusted the version and added an ignore statement for the source scope of the built packages Verified Retagged to 4.2-2-errata <http://errata.software-univention.de/ucs/4.2/229.html> <http://errata.software-univention.de/ucs/4.2/230.html> <http://errata.software-univention.de/ucs/4.2/231.html> (In reply to Arvid Requate from comment #17) > <http://errata.software-univention.de/ucs/4.2/229.html> An error happened during the release process and univention-kernel-image-signed was announced twice also as <http://errata.software-univention.de/ucs/4.2/228.html> |