Univention Bugzilla – Bug 37143
linux: Multiple security issues (3.2)
Last modified: 2014-12-17 12:53:28 CET
These kernel issues are still unfixed in 3.10.x: Insecure block handling (CVE-2012-4542) Race condition in ext4 permission handling (CVE-2014-8086) Denial of service in KVM instruction emulation (CVE-2014-3647) Denial of service in VMX handling in KVM (CVE-2014-3645, CVE-2014-3646) Denial of service in the VMX handling in KVM (CVE-2014-3690) Denial of service in the dcache in the fs layer (CVE-2014-8559) Denial of service in KVM (CVE-2014-7842)
Denial of service in amd64 register handling (CVE-2014-9090)
(In reply to Moritz Muehlenhoff from comment #1) > Denial of service in amd64 register handling (CVE-2014-9090) A different code path in fault handling allows privilege escalation (CVE-2014-9322)
(In reply to Moritz Muehlenhoff from comment #0) > Denial of service in KVM (CVE-2014-7842) This is already fixed in UCS 3.2; the patch was merged into 3.10.61, which ended up in http://errata.univention.de/ucs/3.2/242.html
52-nfs-acl-null-pointer-deref.patch was removed; the patch was merged into 3.10.62.
(In reply to Moritz Muehlenhoff from comment #0) > These kernel issues are still unfixed in 3.10.x: > > Insecure block handling (CVE-2012-4542) No upstream fix is planned for this.
The remaining open issues are now tracked as Bug 37353
Tests: OK Advisories: OK univention-kernel-image for amd64 is still missing
Fixed. I've updated to 3.10.62 and added the ext2/quota patch on top. YAML files: 2014-12-16-univention-kernel-image.yaml 2014-12-16-linux.yaml
http://errata.univention.de/ucs/3.2/254.html http://errata.univention.de/ucs/3.2/255.html