Univention Bugzilla – Bug 34751
linux: Multiple security issues (3.2)
Last modified: 2014-07-08 16:12:19 CEST
These vulnerabilities are open in UCS 3.2 and fixed in Linux 3.10.38: Denial of Service in RDS (CVE-2012-2372) (3.10.27) Information leaks in hamradio network ioctl (CVE-2014-1446) (3.10.27) Local denial of service in fpu handling (CVE-2014-1438) (3.10.27) Information leak in the Netfilter connection tracker for IRC (CVE-2014-1690) (3.10.27) Buffer overflow in KVM (CVE-2014-0049) (3.10.33) Denial of service in selinux (CVE-2014-1874) (3.10.31) Denial of service in CIFS (CVE-2014-0069) (3.10.33) Ipv6 routing denial of service (CVE-2014-2309) (3.10.37) SCTP denial of service (CVE-2014-0101) (3.10.34) Local denial of service in rds (CVE-2013-7339) (3.10.27) Denial of service in vhost_net (CVE-2014-0055, CVE-2014-0077) (3.10.37) Denial of service in RDS (CVE-2014-2678) (3.10.37) Denial of service in mac80211 (CVE-2014-2706) (3.10.34) These vulnerabilities are still unfixed: Insecure block handling (CVE-2012-4542) Information leak in vhost-net zerocopy support (CVE-2014-0131) Information leak in skb_zerocopy (CVE-2014-2568) Denial of service in the atk9k driver (CVE-2014-2672)
Out of bounds read in BPF filters (CVE-2014-3144, CVE-2014-3145) Local denial of service in memory management (CVE-2014-3122) Insufficient access checks on netlink sockets (CVE-2014-0181) Insufficient access checks on ping sockets (CVE-2014-2851) Denial of service in KVM (CVE-2014-0155) (Only affects UCS 3.2)
The patches have been applied and I've verified that they are effective. All tests went fine. The meta package has been updated to install the new kernel. Errata: 2014-06-05-univention-kernel-image.yaml 2014-06-05-linux.yaml
We'll fix these later.
Missing check during hugepage migration (CVE-2014-3940)
Denial of service in audit system (CVE-2014-3917)
Incorrect permission checks in inode_capable() (CVE-2014-4014)
These vulnerabilities are open in UCS 3.2 and fixed in Linux 3.10.42: Denial of Service in RDS (CVE-2012-2372) (3.10.27) Information leaks in hamradio network ioctl (CVE-2014-1446) (3.10.27) Local denial of service in fpu handling (CVE-2014-1438) (3.10.27) Information leak in the Netfilter connection tracker for IRC (CVE-2014-1690) (3.10.27) Buffer overflow in KVM (CVE-2014-0049) (3.10.33) Denial of service in selinux (CVE-2014-1874) (3.10.31) Denial of service in CIFS (CVE-2014-0069) (3.10.33) Ipv6 routing denial of service (CVE-2014-2309) (3.10.37) SCTP denial of service (CVE-2014-0101) (3.10.34) Local denial of service in rds (CVE-2013-7339) (3.10.27) Denial of service in vhost_net (CVE-2014-0055, CVE-2014-0077) (3.10.37) Denial of service in RDS (CVE-2014-2678) (3.10.37) Denial of service in mac80211 (CVE-2014-2706) (3.10.34) Denial of service in the atk9k driver (CVE-2014-2672) (3.10.42) Out of bounds read in BPF filters (CVE-2014-3144, CVE-2014-3145) (3.10.41) Local denial of service in memory management (CVE-2014-3122) (3.10.39) Insufficient access checks on ping sockets (CVE-2014-2851) (3.10.41) Denial of service in KVM (CVE-2014-0155) (3.10.40) These vulnerabilities are still unfixed in 3.10.x: Insecure block handling (CVE-2012-4542) Information leak in vhost-net zerocopy support (CVE-2014-0131) Insufficient access checks on netlink sockets (CVE-2014-0181) Information leak in skb_zerocopy (CVE-2014-2568) Missing check during hugepage migration (CVE-2014-3940) Denial of service in audit system (CVE-2014-3917) Incorrect permission checks in inode_capable() (CVE-2014-4014)
Information leak in ioctl media_enum_entities() (CVE-2014-1739) (normal device permissions should prevent exploitation)
These vulnerabilities are open in UCS 3.2 and fixed in Linux 3.10.44: Denial of Service in RDS (CVE-2012-2372) (3.10.27) Local denial of service in rds (CVE-2013-7339) (3.10.27) Buffer overflow in KVM (CVE-2014-0049) (3.10.33) Denial of service in vhost_net (CVE-2014-0055, CVE-2014-0077) (3.10.37) Denial of service in CIFS (CVE-2014-0069) (3.10.33) SCTP denial of service (CVE-2014-0101) (3.10.34) Denial of service in KVM (CVE-2014-0155) (3.10.40) Local denial of service in fpu handling (CVE-2014-1438) (3.10.27) Information leaks in hamradio network ioctl (CVE-2014-1446) (3.10.27) Information leak in the Netfilter connection tracker for IRC (CVE-2014-1690) (3.10.27) Information leak in ioctl media_enum_entities() (CVE-2014-1739) (3.10.42) Denial of service in selinux (CVE-2014-1874) (3.10.31) Ipv6 routing denial of service (CVE-2014-2309) (3.10.37) Denial of service in the atk9k driver (CVE-2014-2672) (3.10.42) Denial of service in RDS (CVE-2014-2678) (3.10.37) Denial of service in mac80211 (CVE-2014-2706) (3.10.34) Insufficient access checks on ping sockets (CVE-2014-2851) (3.10.41) Local denial of service in memory management (CVE-2014-3122) (3.10.39) Out of bounds read in BPF filters (CVE-2014-3144, CVE-2014-3145) (3.10.41) Denial of service in audit system (CVE-2014-3917) (3.10.44) Incorrect permission checks in inode_capable() (CVE-2014-4014) (3.10.44) These vulnerabilities are still unfixed in 3.10.x: Insecure block handling (CVE-2012-4542) Information leak in vhost-net zerocopy support (CVE-2014-0131) Insufficient access checks on netlink sockets (CVE-2014-0181) Information leak in skb_zerocopy (CVE-2014-2568) Missing check during hugepage migration (CVE-2014-3940) Information leak in rc backend of target SCSI (CVE-2014-4027)
Integer overflow when processing lz4 compressed kernel images (CVE-2014-4608) Various information disclosure, use-after-frees and integer overflows in ALSA user controls (CVE-2014-4656, CVE-2014-4655, CVE-2014-4654, CVE-2014-4653, CVE-2014-4652) Denial of service in the audit subsystem (CVE-2014-4508) Denial of service in memory management (CVE-2014-4171)
Information disclosure in aio (CVE-2014-0206)
These vulnerabilities are open in UCS 3.2 and fixed in Linux 3.10.45: Denial of Service in RDS (CVE-2012-2372) (3.10.27) Local denial of service in rds (CVE-2013-7339) (3.10.27) Buffer overflow in KVM (CVE-2014-0049) (3.10.33) Denial of service in vhost_net (CVE-2014-0055, CVE-2014-0077) (3.10.37) Denial of service in CIFS (CVE-2014-0069) (3.10.33) SCTP denial of service (CVE-2014-0101) (3.10.34) Denial of service in KVM (CVE-2014-0155) (3.10.40) Local denial of service in fpu handling (CVE-2014-1438) (3.10.27) Information leaks in hamradio network ioctl (CVE-2014-1446) (3.10.27) Information leak in the Netfilter connection tracker for IRC (CVE-2014-1690) (3.10.27) Information leak in ioctl media_enum_entities() (CVE-2014-1739) (3.10.42) Denial of service in selinux (CVE-2014-1874) (3.10.31) Ipv6 routing denial of service (CVE-2014-2309) (3.10.37) Denial of service in the atk9k driver (CVE-2014-2672) (3.10.42) Denial of service in RDS (CVE-2014-2678) (3.10.37) Denial of service in mac80211 (CVE-2014-2706) (3.10.34) Insufficient access checks on ping sockets (CVE-2014-2851) (3.10.41) Local denial of service in memory management (CVE-2014-3122) (3.10.39) Out of bounds read in BPF filters (CVE-2014-3144, CVE-2014-3145) (3.10.41) Denial of service in audit system (CVE-2014-3917) (3.10.44) Incorrect permission checks in inode_capable() (CVE-2014-4014) (3.10.44) Insufficient access checks on netlink sockets (CVE-2014-0181) Integer overflow when processing lz4 compressed kernel images (CVE-2014-4608) Various information disclosure, use-after-frees and integer overflows in ALSA user controls (CVE-2014-4656, CVE-2014-4655, CVE-2014-4654, CVE-2014-4653, CVE-2014-4652) These vulnerabilities are still unfixed in 3.10.x: Insecure block handling (CVE-2012-4542) Information leak in vhost-net zerocopy support (CVE-2014-0131) Information leak in skb_zerocopy (CVE-2014-2568) Missing check during hugepage migration (CVE-2014-3940) Information leak in rc backend of target SCSI (CVE-2014-4027) Denial of service in the audit subsystem (CVE-2014-4508) Denial of service in memory management (CVE-2014-4171) Information disclosure in aio (CVE-2014-0206)
CVE-2014-3940 only affects 3.12 and later. These vulnerabilities are open in UCS 3.2 and fixed in Linux 3.10.45: Denial of Service in RDS (CVE-2012-2372) (3.10.27) Local denial of service in rds (CVE-2013-7339) (3.10.27) Buffer overflow in KVM (CVE-2014-0049) (3.10.33) Denial of service in vhost_net (CVE-2014-0055, CVE-2014-0077) (3.10.37) Denial of service in CIFS (CVE-2014-0069) (3.10.33) SCTP denial of service (CVE-2014-0101) (3.10.34) Denial of service in KVM (CVE-2014-0155) (3.10.40) Local denial of service in fpu handling (CVE-2014-1438) (3.10.27) Information leaks in hamradio network ioctl (CVE-2014-1446) (3.10.27) Information leak in the Netfilter connection tracker for IRC (CVE-2014-1690) (3.10.27) Information leak in ioctl media_enum_entities() (CVE-2014-1739) (3.10.42) Denial of service in selinux (CVE-2014-1874) (3.10.31) Ipv6 routing denial of service (CVE-2014-2309) (3.10.37) Denial of service in the atk9k driver (CVE-2014-2672) (3.10.42) Denial of service in RDS (CVE-2014-2678) (3.10.37) Denial of service in mac80211 (CVE-2014-2706) (3.10.34) Insufficient access checks on ping sockets (CVE-2014-2851) (3.10.41) Local denial of service in memory management (CVE-2014-3122) (3.10.39) Out of bounds read in BPF filters (CVE-2014-3144, CVE-2014-3145) (3.10.41) Denial of service in audit system (CVE-2014-3917) (3.10.44) Incorrect permission checks in inode_capable() (CVE-2014-4014) (3.10.44) Insufficient access checks on netlink sockets (CVE-2014-0181) Integer overflow when processing lz4 compressed kernel images (CVE-2014-4608) Various information disclosure, use-after-frees and integer overflows in ALSA user controls (CVE-2014-4656, CVE-2014-4655, CVE-2014-4654, CVE-2014-4653, CVE-2014-4652) Information leak in rc backend of target SCSI (CVE-2014-4027) (3.10.46) Denial of service in the audit subsystem (CVE-2014-4508) (3.10.46) Information disclosure in aio (CVE-2014-0206) (3.10.46) These vulnerabilities are still unfixed in 3.10.x: Insecure block handling (CVE-2012-4542) Information leak in vhost-net zerocopy support (CVE-2014-0131) Information leak in skb_zerocopy (CVE-2014-2568) Denial of service in memory management (CVE-2014-4171)
(In reply to Moritz Muehlenhoff from comment #13) >> These vulnerabilities are still unfixed in 3.10.x: Bug 35226 has been created for these.
The kernel package has been updated to 3.10.46 and the meta package has been updated to thew new release. Tests on hardware with i386 and amd64 were successful. YAML files: 2014-07-01-linux.yaml 2014-07-01-univention-kernel-image.yaml
New issue, which needs to be added to the upcoming update, reopening: Missing input validation in the ptrace syscall allows privilege escalation (CVE-2014-4699) (This is limited to amd64)
(In reply to Moritz Muehlenhoff from comment #16) > New issue, which needs to be added to the upcoming update, reopening: > > Missing input validation in the ptrace syscall allows privilege escalation > (CVE-2014-4699) (This is limited to amd64) A patch for this has been merged, built and tested. YAML files have been amended.
Tests (amd64, amd64kvm, i386kvm): OK Advisories: OK
http://errata.univention.de/ucs/3.2/134.html http://errata.univention.de/ucs/3.2/135.html