Univention Bugzilla – Full Text Bug Listing |
Summary: | linux: Multiple security issues (4.1) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Erik Damrose <damrose> |
Severity: | normal | ||
Priority: | P5 | CC: | damrose, gohmann, hahn, stoeckigt |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.1-5-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?h=linux-4.1.y | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=44706 | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | Yes | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2018010821000385 | Bug group (optional): | Security |
Max CVSS v3 score: | |||
Bug Depends on: | 45981, 46009 | ||
Bug Blocks: | 46188 |
Description
Arvid Requate
2017-08-22 15:18:32 CEST
We should update the UCS 4.1-5 Kernel to the one built for UCS 4.2 (Bug 45981). a customer asked for patches for UCS 4.1 r17960 | Bug #45243: Allow linux-4.9 kernel r17960 | Bug #45243: Compatibility to linux-4.1 kernel r17962 | Bug #45243: Allow linux-4.9 kernel Package: udev Version: 175-7.2.47.201801110908 Version: 175-7.2.49.201801111117 Version: 175-7.2.50.201801111212 Branch: ucs_4.1-0 Scope: errata4.1-5 r17959 | Bug #45243: Allow initramfs-tools_0.115~bpo from UCS-4.1 OK: amd64 @ kvm SeaBIOS OK: dmesg d49357b4ba Bug #45243: linux-4.9.76 linux.yaml udev.yaml univention-kernel-image-signed.yaml univention-kernel-image.yaml Verified: * Package update & reboot (virtualized and hardware): Ok * KVM-Host (guest: paravirt windows VM): Ok * Quick performance comparison: ldapsearch (read): No regression * Advisories: Ok Reopen: univention-upgrade does not upgrade automatically to the new kernel version in some cases While testing the errata announce: The package does not get automatically installed if xserver-xorg-input-vmmouse is installed (e.g. by KDE or system-setup cleanup was not successful) # apt-cache show linux-image-4.9.0-ucs107-amd64 Package: linux-image-4.9.0-ucs107-amd64 ... Breaks: initramfs-tools (<< 0.115~), xserver-xorg-input-vmmouse (<< 1:13.0.99) (In reply to Erik Damrose from comment #5) > Reopen: univention-upgrade does not upgrade automatically to the new kernel > version in some cases > > While testing the errata announce: The package does not get automatically > installed if xserver-xorg-input-vmmouse is installed (e.g. by KDE or > system-setup cleanup was not successful) > > # apt-cache show linux-image-4.9.0-ucs107-amd64 > Package: linux-image-4.9.0-ucs107-amd64 > ... > Breaks: initramfs-tools (<< 0.115~), xserver-xorg-input-vmmouse (<< > 1:13.0.99) r17963 | Bug #45243: Allow xserver-xorg-input-vmmouse from UCS-4.1 Packages modified manually in apt/ucs_4.2-0-errata4.2-3/ FYI: Xorg fails to load with "cirrus" in Qemu - known workaround is grep QEMU /proc/cpuinfo && ucr set repository/online/unmaintained=yes univention-install xserver-xorg-video-modesetting && rm -f /usr/lib/xorg/modules/drivers/cirrus_ && /etc/init.d/kdm retsrt Okay, package modified. Verified as discussed |