Univention Bugzilla – Bug 35397
linux: Multiple security issues (3.2)
Last modified: 2014-12-03 14:48:38 CET
These vulnerabilities are still unfixed in 3.10.x: Insecure block handling (CVE-2012-4542) Information leak in vhost-net zerocopy support (CVE-2014-0131) Information leak in skb_zerocopy (CVE-2014-2568) Denial of service in memory management (CVE-2014-4171) Denial of service in SCTP (CVE-2014-4667)
Denial of service in isofs (CVE-2014-5471, CVE-2014-5472) Denial of service in KVM (CVE-2014-3601) Incorrect reference counting the dealing with symlink in the VFS layer (CVE-2014-5045) Denial of service in SCTP (CVE-2014-5077)
Denial of service in the ceph cluster filesystem (CVE-2014-6416, CVE-2014-6417,CVE-2014-6418) Denial of service in the UDF filesystem (CVE-2014-6410) Privilege escalation in special HID drivers (CVE-2014-3181, CVE-2014-3182, CVE-2014-3183, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186)
Denial of service in CIFS (CVE-2014-7145) Denial of service in XFS (CVE-2014-7283)
(In reply to Moritz Muehlenhoff from comment #1) > Incorrect reference counting the dealing with symlink in the VFS layer > (CVE-2014-5045) This was introduced in 3.12, so 3.2 is not affected
These issues are fixed in 3.10.56: Information leak in skb_zerocopy (CVE-2014-2568) (3.10.51) Denial of service in memory management (CVE-2014-4171) (3.10.50) Denial of service in SCTP (CVE-2014-4667) (3.10.45) Denial of service in isofs (CVE-2014-5471, CVE-2014-5472) (3.10.54) Denial of service in KVM (CVE-2014-3601) (3.10.54) Denial of service in SCTP (CVE-2014-5077) (3.10.53) Denial of service in the ceph cluster filesystem (CVE-2014-6416, CVE-2014-6417,CVE-2014-6418) (3.10.55) Privilege escalation in special HID drivers (CVE-2014-3181, CVE-2014-3182, CVE-2014-3183, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186) (3.10.54 and 3.10.56) Denial of service in CIFS (CVE-2014-7145) (3.10.55) Denial of service in XFS (CVE-2014-7283) (3.10.39) These are still unfixed in 3.10.x: Insecure block handling (CVE-2012-4542) Information leak in vhost-net zerocopy support (CVE-2014-0131) Denial of service in the UDF filesystem (CVE-2014-6410)
Race condition in ext4 permission handling (CVE-2014-8086) Denial of service in the VFS layer when dealing with user namespaces (CVE-2014-7970, CVE-2014-7975)
Three denial of service vulnerabilities in SCTP (CVE-2014-3673, CVE-2014-3687, CVE-2014-3688)
Denial of service in KVM instruction emulation (CVE-2014-3647) Denial of service in VMX handling in KVM (CVE-2014-3645, CVE-2014-3646) Race condition in PIT handler in KVM (CVE-2014-3611)
Denial of service in handling on MSR registers in KVM (CVE-2014-3610)
Please include <https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-3.10.y&id=c771cc33f93bac30415cdb6d4f9619261fbd1a9c> or update to at least v3.10.50 (git tag -l --contains c771cc33f93bac30415cdb6d4f9619261fbd1a9c). Ticket #2014103121000214
Denial of service in the VMX handling in KVM (CVE-2014-3690) Denial of service in the dcache in the fs layer (CVE-2014-8559)
Local denial of service in syscall perf profiling (CVE-2014-7825) Privilege escalation in ftrace syscall tracing (CVE-2014-7826) Denial of service in SCTP (CVE-2014-7841) Denial of service in KVM (CVE-2014-7842) Buffer overflow in ttusb-dec (CVE-2014-8884)
These issues are fixed in 3.10.61: Information leak in vhost-net zerocopy support (CVE-2014-0131) (3.10.46) Information leak in skb_zerocopy (CVE-2014-2568) (3.10.51) Denial of service in memory management (CVE-2014-4171) (3.10.50) Denial of service in SCTP (CVE-2014-4667) (3.10.45) Denial of service in isofs (CVE-2014-5471, CVE-2014-5472) (3.10.54) Denial of service in KVM (CVE-2014-3601) (3.10.54) Denial of service in SCTP (CVE-2014-5077) (3.10.53) Denial of service in the ceph cluster filesystem (CVE-2014-6416, CVE-2014-6417,CVE-2014-6418) (3.10.55) Privilege escalation in special HID drivers (CVE-2014-3181, CVE-2014-3182, CVE-2014-3183, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186) (3.10.54 and 3.10.56) Denial of service in CIFS (CVE-2014-7145) (3.10.55) Denial of service in XFS (CVE-2014-7283) (3.10.39) Denial of service in the UDF filesystem (CVE-2014-6410) (3.10.57) Denial of service in the VFS layer when dealing with user namespaces (CVE-2014-7970, CVE-2014-7975) (3.10.59 and 3.10.60) Three denial of service vulnerabilities in SCTP (CVE-2014-3673, CVE-2014-3687, CVE-2014-3688) (3.10.61) Race condition in PIT handler in KVM (CVE-2014-3611) (3.10.60) Denial of service in handling on MSR registers in KVM (CVE-2014-3610) (3.10.60) Local denial of service in syscall perf profiling (CVE-2014-7825) (3.10.60) Privilege escalation in ftrace syscall tracing (CVE-2014-7826) (3.10.60) Denial of service in SCTP (CVE-2014-7841) (3.10.61) Buffer overflow in ttusb-dec (CVE-2014-8884) (3.10.61) These are still unfixed in 3.10.x: Insecure block handling (CVE-2012-4542) Race condition in ext4 permission handling (CVE-2014-8086) Denial of service in KVM instruction emulation (CVE-2014-3647) Denial of service in VMX handling in KVM (CVE-2014-3645, CVE-2014-3646) Denial of service in the VMX handling in KVM (CVE-2014-3690) Denial of service in the dcache in the fs layer (CVE-2014-8559) Denial of service in KVM (CVE-2014-7842)
These patches have been dropped while updating to 3.10.61: 51-CVE-2014-4699.patch -> The patch was merged into 3.10.47 52-CVE-2014-4943.patch -> The patch was merged into 3.10.52 53-kvm-div0.patch -> The patch was merged into 3.10.56
Tests with both the amd64 and i386 version on hardware (xen5/6) and in KVM were successful. I've also successfully installed a base system in KVM on i386 and amd64. YAML files: 2014-12-01-linux.yaml 2014-12-01-univention-kernel-image.yaml
(In reply to Moritz Muehlenhoff from comment #13) > These are still unfixed in 3.10.x: > > Insecure block handling (CVE-2012-4542) > Race condition in ext4 permission handling (CVE-2014-8086) > Denial of service in KVM instruction emulation (CVE-2014-3647) > Denial of service in VMX handling in KVM (CVE-2014-3645, CVE-2014-3646) > Denial of service in the VMX handling in KVM (CVE-2014-3690) > Denial of service in the dcache in the fs layer (CVE-2014-8559) > Denial of service in KVM (CVE-2014-7842) -> Bug 37143 has been created for these
OK: i386 KVM OK: amd64 KVM OK: amd64 xen12 OK: amd64 xen2=xen OK: uname -r # 3.10.0-ucs107-amd64 OK: /usr/share/doc/linux-image-3.10.0-ucs107-amd64/changelog.Debian.gz 50-xen-netback-track-device-mapping OK: nm /lib/modules/3.10.0-ucs107-amd64/kernel/drivers/net/xen-netback/xen-netback.ko | grep t_rings 52-nfs-acl-null-pointer-deref OK: objdump -t /lib/modules/3.10.0-ucs107-amd64/kernel/fs/nfsd/nfsd.ko | grep set_nfsv4_acl_one OK: aptitude install univention-kernel-image univention-kernel-headers OK: announce_errata -V 2014-12-01-linux.yaml OK: announce_errata -V 2014-12-01-univention-kernel-image.yaml OK: less 2014-12-01-linux.yaml 2014-12-01-univention-kernel-image.yaml (In reply to Moritz Muehlenhoff from comment #14) > 51-CVE-2014-4699.patch -> The patch was merged into 3.10.47 > 52-CVE-2014-4943.patch -> The patch was merged into 3.10.52 > 53-kvm-div0.patch -> The patch was merged into 3.10.56 OK (In reply to Moritz Muehlenhoff from comment #16) > (In reply to Moritz Muehlenhoff from comment #13) > > These are still unfixed in 3.10.x: ... > -> Bug 37143 has been created for these OK
http://errata.univention.de/ucs/3.2/242.html http://errata.univention.de/ucs/3.2/243.html