Univention Bugzilla – Full Text Bug Listing |
Summary: | linux: Multiple security issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Philipp Hahn <hahn> |
Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P2 | CC: | birkefeld, damrose, gohmann, hahn, honzzze, requate, scheinig, stoeckigt |
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html?m=1 | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | Yes | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2018010521000309 | Bug group (optional): | Security |
Max CVSS v3 score: | 8.2 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N) | ||
Bug Depends on: | |||
Bug Blocks: | 46188 |
Description
Philipp Hahn
2018-01-15 10:49:54 CET
r17967 | Bug #46029: linux-4.9.77 Package: linux Version: 4.9.30-2A~4.2.0.201801171800 Branch: ucs_4.2-0 Scope: errata4.2-3 df63acc77c Bug #46029: Update to linux-4.9.77-ucs108 Package: univention-kernel-image-signed Version: 3.0.2-12A~4.2.0.201801181650 Version: 3.0.2-13A~4.2.0.201801181701 Branch: ucs_4.2-0 Scope: errata4.2-3 71c1a0b71f Bug #46029: Update to linux-4.9.77-ucs108 Package: univention-kernel-image Version: 10.0.0-11A~4.2.0.201801181659 Branch: ucs_4.2-0 Scope: errata4.2-3 repo-admin -U -p intel-microcode -d sid -r 4.2 -s errata4.2-3 build-package-ng -r 4.2 -s errata4.2-3 -p intel-microcode -b ~ucs4.2 Package: intel-microcode Version: 3.20180108.1~ucs4.2A~4.2.0.201801181821 Branch: ucs_4.2-0 Scope: errata4.2-3 99f486c00c Bug #46029: linux -4.9.77 + intel-microcode doc/errata/staging/intel-microcode.yaml | 15 +++++++++++++++ doc/errata/staging/linux.yaml | 16 ++++++++++++++++ doc/errata/staging/univention-kernel-image-signed.yaml | 16 ++++++++++++++++ doc/errata/staging/univention-kernel-image.yaml | 16 ++++++++++++++++ TODO: Compile again with patched gcc r17973 | Bug #46029: linux-4.9.78 Package: linux Version: 4.9.30-2A~4.2.0.201801250930 Branch: ucs_4.2-0-errata4.2-3 Scope: errata4.2-3 7944b7a084 Bug #46029: Update to linux-4.9.78-ucs108 Package: univention-kernel-image-signed Version: 3.0.2-14A~4.2.0.201801251601 Branch: ucs_4.2-0 Scope: errata4.2-3 WIP: r17985 | Bug #46029: gcc-4.9 cpu: speculative execution branch target injection (CVE-2017-5715) [Spectre 2] SKIP: intel-microcode - Intel recalled that update, waiting for new one TODO: qemu, libvirt d42541e27e Bug #46029: linux-4.9.78 OK: amd64 @ KVM + OVMF (UEFI-SB) OK: amd64 @ KVM + SeaBIOS OK: amd64 @ xen1 OK: vimdiff <(./linux-dmesg-norm 4.9.0-ucs107-amd64) <(./linux-dmesg-norm 4.9.0-ucs108-amd64) OK: /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline Bug #18000: Bug #46029: gcc-4.9 rename patch :-( Package: gcc-4.9 Version: 4.9.2-10A~4.2.0.201801281259 Branch: ucs_4.2-0 Scope: errata4.2-3 ETA: 13h for i386 + 13h for amd64 TODO: After that rebuild Linux kernel again. Package: linux Version: 4.9.30-2A~4.2.0.201801290155 Branch: ucs_4.2-0 Scope: errata4.2-3 6f1cbc9a80 Bug #46029 kernel: Rebuild with new gcc-4.9 for retpoline Package: univention-kernel-image-signed Version: 3.0.2-15A~4.2.0.201801290947 Branch: ucs_4.2-0 Scope: errata4.2-3 abec58879c Bug #46029: gcc-4.9 QA: OK: /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline OK: amd64 @ kvm with SeaBIOS OK: amd64 @ kvm with OVMF-SecureBoot OK: amd64 @ xen1 c847674176 Bug #46029: linux-4.9.78 YAML Verified: * Package update: Ok * GenuineIntel dmesg: > Spectre V2 mitigation: Mitigation: Full generic retpoline * AuthenticAMD dmesg: > Spectre V2 mitigation: Mitigation: Full AMD retpoline > Spectre V2 mitigation: Filling RSB on context switch * Secureboot: Ok * Advisories: Ok <http://errata.software-univention.de/ucs/4.2/267.html> <http://errata.software-univention.de/ucs/4.2/268.html> <http://errata.software-univention.de/ucs/4.2/269.html> <http://errata.software-univention.de/ucs/4.2/270.html> r18025 | Bug #46209: linux-4.9.84 Package: linux Version: 4.9.30-2A~4.2.0.201802251630 Branch: ucs_4.2-0 Scope: errata4.2-3 c0a60a76b0 Bug #46029: Update to linux-4.9.84-ucs109 Package: univention-kernel-image-signed Version: 3.0.2-19A~4.2.0.201802260839 Branch: ucs_4.2-0 Scope: errata4.2-3 f06a6b5c96 Bug #46029: Update to linux-4.9.84-ucs109 YAML doc/errata/staging/linux.yaml | 4 ++-- doc/errata/staging/univention-kernel-image-signed.yaml | 4 ++-- doc/errata/staging/univention-kernel-image.yaml | 2 +- OK: amd64 @ xen1 OK: amd64 @ kvm+SeaBIOS OK: amd64 @ kvm+OVMF+Secure-Boot OK: dmesg OK: grep . /sys/devices/system/cpu/vulnerabilities/* (In reply to Philipp Hahn from comment #10) > r18025 | Bug #46209: linux-4.9.84 Wrong bug, correct is Bug #46209 |