Bug 37143 – linux: Multiple security issues (3.2)

Bug 37143 - linux: Multiple security issues (3.2)


Summary:	linux: Multiple security issues (3.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 3.2
Hardware:	Other Linux

Importance:	P4 normal (vote)
Target Milestone:	UCS 3.2-4-errata
Assigned To:	Moritz Muehlenhoff
QA Contact:	Janek Walkenhorst

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-12-02 08:49 CET by Moritz Muehlenhoff
Modified:	2014-12-17 12:53 CET (History)
CC List:	0 users

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Moritz Muehlenhoff

2014-12-02 08:49:28 CET

These kernel issues are still unfixed in 3.10.x:

Insecure block handling (CVE-2012-4542)
Race condition in ext4 permission handling (CVE-2014-8086)
Denial of service in KVM instruction emulation (CVE-2014-3647)
Denial of service in VMX handling in KVM (CVE-2014-3645, CVE-2014-3646)
Denial of service in the VMX handling in KVM (CVE-2014-3690)
Denial of service in the dcache in the fs layer (CVE-2014-8559)
Denial of service in KVM (CVE-2014-7842)

Comment 1 Moritz Muehlenhoff

2014-12-10 11:01:51 CET

Denial of service in amd64 register handling (CVE-2014-9090)

Comment 2 Moritz Muehlenhoff

2014-12-16 07:01:22 CET

(In reply to Moritz Muehlenhoff from comment #1)
> Denial of service in amd64 register handling (CVE-2014-9090)

A different code path in fault handling allows privilege escalation (CVE-2014-9322)

Comment 3 Moritz Muehlenhoff

2014-12-16 07:05:36 CET

(In reply to Moritz Muehlenhoff from comment #0)
> Denial of service in KVM (CVE-2014-7842)

This is already fixed in UCS 3.2; the patch was merged into 3.10.61, which ended up in http://errata.univention.de/ucs/3.2/242.html

Comment 4 Moritz Muehlenhoff

2014-12-16 07:49:18 CET

52-nfs-acl-null-pointer-deref.patch was removed; the patch was merged into 3.10.62.

Comment 5 Moritz Muehlenhoff

2014-12-16 07:50:11 CET

(In reply to Moritz Muehlenhoff from comment #0)
> These kernel issues are still unfixed in 3.10.x:
> 
> Insecure block handling (CVE-2012-4542)

No upstream fix is planned for this.

Comment 6 Moritz Muehlenhoff

2014-12-16 07:52:01 CET

The remaining open issues are now tracked as Bug 37353

Comment 7 Janek Walkenhorst

2014-12-16 18:50:57 CET

Tests: OK
Advisories: OK
univention-kernel-image for amd64 is still missing

Comment 8 Moritz Muehlenhoff

2014-12-17 10:09:31 CET

Fixed. I've updated to 3.10.62 and added the ext2/quota patch on top.

YAML files:  
2014-12-16-univention-kernel-image.yaml
2014-12-16-linux.yaml

Comment 9 Moritz Muehlenhoff

2014-12-17 12:53:28 CET

http://errata.univention.de/ucs/3.2/254.html
http://errata.univention.de/ucs/3.2/255.html