Bug 36969 – linux: Multiple security issues (4.0)

Bug 36969 - linux: Multiple security issues (4.0)


Summary:	linux: Multiple security issues (4.0)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 4.0-0-errata
Assigned To:	Moritz Muehlenhoff
QA Contact:	Janek Walkenhorst

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-11-24 14:00 CET by Moritz Muehlenhoff
Modified:	2017-10-26 13:54 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Moritz Muehlenhoff

2014-11-24 14:00:18 CET

The following vulnerabilities affect the 3.16.5 kernel in UCS 4.0:

Denial of service in handling on MSR registers in KVM (CVE-2014-3610)
Race condition in the PIT handler in KVM (CVE-2014-3611)
Denial of service in KVM instruction emulation (CVE-2014-3647)
Denial of service in VMX handling in KVM (CVE-2014-3645, CVE-2014-3646)
Three denial of service vulnerabilities in SCTP (CVE-2014-3673, CVE-2014-3687, CVE-2014-3688)
Denial of service in the VMX handling in KVM (CVE-2014-3690)
Denial of service in the dcache in the fs layer (CVE-2014-8559)
Local denial of service in syscall perf profiling (CVE-2014-7825)
Privilege escalation in ftrace syscall tracing (CVE-2014-7826)
Denial of service in SCTP (CVE-2014-7841)
Denial of service in KVM (CVE-2014-7842)
Denial of service in VFS and user namespaces (CVE-2014-7970)
Denial of service in umount() and user namespaces (CVE-2014-7975)
Race condition in ext4 permission handling (CVE-2014-8086)
Buffer overflow in ttusb-dec (CVE-2014-8884)
User namespaces can bypass group-based restrictions (CVE-2014-8989)
Denial of service in the dcache in the fs layer (CVE-2014-8559)



UCS 3.2.x is not affected by CVE-2014-7970, CVE-2014-7975 and CVE-2014-8989; user name spaces are only
usable starting with Linux 3.12

Comment 1 Moritz Muehlenhoff

2014-12-10 11:02:01 CET

Denial of service in amd64 register handling (CVE-2014-9090)

Comment 2 Moritz Muehlenhoff

2014-12-16 07:00:59 CET

(In reply to Moritz Muehlenhoff from comment #1)
> Denial of service in amd64 register handling (CVE-2014-9090)

A different code path in fault handling allows privilege escalation (CVE-2014-9322)

Comment 3 Moritz Muehlenhoff

2014-12-16 10:52:56 CET

For now we will add the 3.16.x stable kernel updates instead of updating to a more
recent version of the "linux" source package in Debian. The later versions contain
some packaging changes like a rename of the 486 flavour and most of the other changes are not relevant for UCS:

- Many changes only affect armhf, ppc64, mips, hppa or arm64
- Backports/bugfixes with desktop focus (e.g. Apple Thunderbolt backport, iwlwifi, DRM)
- Xen Netback changes were backported (UCS 4.0 no longer supports Xen Dom0)
- Backport r8723au (only a staging driver)

Comment 4 Moritz Muehlenhoff

2014-12-18 08:01:55 CET

Three issues remain unfixed, they have been moved to Bug 37385

Comment 5 Moritz Muehlenhoff

2014-12-18 08:25:19 CET

The kernel has been updated to 3.16.7-ckt2 with additional fixes for CVE-2014-9090/CVE-2014-9322. The new kernel has been signed by Janek.

Tests on hardware (installing a basesystem in KVM) and as a KVM guest were successful.

YAML files: 2014-12-18-linux.yaml and 2014-12-18-univention-kernel-image.yaml

Comment 6 Janek Walkenhorst

2014-12-18 14:01:01 CET

Tests (KVM, UEFI, SecureBoot): OK
Advisories:
 2014-12-18-linux.yaml: OK
 2014-12-18-univention-kernel-image.yaml: OK
 2014-12-18-univention-kernel-image-signed.yaml: OK

Comment 7 Janek Walkenhorst

2014-12-19 11:49:23 CET

http://errata.univention.de/ucs/4.0/14.html
http://errata.univention.de/ucs/4.0/15.html
http://errata.univention.de/ucs/4.0/16.html