First Last Prev Next    This bug is not in your last search results.
Bug 49020 - linux-4.9: Multiple issues (4.2)
linux-4.9: Multiple issues (4.2)
Status: CLOSED DUPLICATE of bug 47905
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
All Linux
: P3 normal (vote)
: UCS 4.2-5-errata
Assigned To: Philipp Hahn
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-18 08:46 CET by Quality Assurance
Modified: 2019-03-25 17:02 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 8.2 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-03-18 08:46:42 CET 
New Debian linux-4.9 4.9.144-3.1~deb8u1A~4.2.5.201903180838 fixes:
This update of the Linux kernel to version 4.9.163 addresses the following
issues:
* Null pointer dereference in fs/f2fs/segment.c via mounting fs with  noflush_merge option allows local denial of service (CVE-2017-18241)
* Race condition in fs/f2fs/node.c:add_free_nid() function allows local users  to cause denial of service (CVE-2017-18249)
* cephx protocol is vulnerable to replay attack (CVE-2018-1128)
* cephx uses weak signatures (CVE-2018-1129)
* cpu: speculative store bypass (CVE-2018-3639)
* IP fragments with random offsets allow a remote denial of service  (FragmentSmack) (CVE-2018-5391)
* buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may  lead to memory corruption (CVE-2018-5848)
* irda: Memory leak caused by repeated binds of irda socket (CVE-2018-6554)
* irda: use-after-free vulnerability in the hashbin list (CVE-2018-6555)
* Denial of service in resv_map_release function in mm/hugetlb.c  (CVE-2018-7740)
* Information exposure in fd_locked_ioctl function in drivers/block/floppy.c  (CVE-2018-7755)
* Buffer overflow in hidp_process_report (CVE-2018-9363)
* Use-after-free in drivers/android/binder.c (CVE-2018-9465)
* HID: debug: Buffer overflow in hid_debug_events_read() in  drivers/hid/hid-debug.c (CVE-2018-9516)
* use-after-free detected in ext4_xattr_set_entry with a crafted file  (CVE-2018-10879)
* stack-out-of-bounds write in ext4_update_inline_data function  (CVE-2018-10880)
* stack-out-of-bounds write in jbd2_journal_dirty_metadata function  (CVE-2018-10883)
* MIDI driver race condition leads to a double-free (CVE-2018-10902)
* infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows for DoS  (CVE-2018-10938)
* Stack-based buffer overflow in drivers/scsi/sr_ioctl.c allows denial of  service or other unspecified impact (CVE-2018-11506)
* Integer overflow in kernel/time/posix-timers.c (CVE-2018-12896)
* Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053)
* out-of-bounds memory access in fs/f2fs/super.c (CVE-2018-13096)
* divide-by-zero in fs/f2fs/super.c (CVE-2018-13097)
* out-of-bounds memory access in fs/f2fs/inline.c (CVE-2018-13099)
* divide-by-zero in fs/f2fs/super.c (CVE-2018-13100)
* Invalid pointer dereference in fs/btrfs/relocation.c:__del_reloc_root()  when mounting crafted btrfs image (CVE-2018-14609)
* Out-of-bounds access in write_extent_buffer() when mounting and operating a  crafted btrfs image (CVE-2018-14610)
* Use-after-free in try_merge_free_space() when mounting crafted btrfs image  (CVE-2018-14611)
* Invalid pointer dereference in btrfs_root_node() when mounting a crafted  btrfs image (CVE-2018-14612)
* Invalid pointer dereference in io_ctl_map_page() when mounting and  operating a crafted btrfs image (CVE-2018-14613)
* Out-of-bounds access in fs/f2fs/segment.c:__remove_dirty_segment() when  mounting a crafted f2fs image (CVE-2018-14614)
* NULL pointer dereference in fs/crypto/crypto.c:fscrypt_do_page_crypto()  when operating on a corrupted f2fs image (CVE-2018-14616)
* NULL pointer dereference in fs/hfsplus/dir.c:hfsplus_lookup() when  operating on a file in a crafted hfs+ image (CVE-2018-14617)
* use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)
* stack-based buffer overflow in chap_server_compute_md5() in iscsi target  (CVE-2018-14633)
* a bug in ip_frag_reasm() can cause a crash in ip_do_fragment()  (CVE-2018-14641)
* Uninitialized state in x86 PV failsafe callback path (XSA-274,  CVE-2018-14678)
* net: xen: Linux netback driver OOB access in hash handling (XSA-270,  CVE-2018-15471)
* hw: cpu: userspace-userspace spectreRSB attack (CVE-2018-15572)
* Mishandling of indirect calls weakens Spectre mitigation for paravirtual  guests (CVE-2018-15594)
* incorrect bounds checking in yurex_read in drivers/usb/misc/yurex.c  (CVE-2018-16276)
* Information leak in cdrom_ioctl_drive_status (CVE-2018-16658)
* cleancache: Infoleak of deleted files after reuse of old inodes  (CVE-2018-16862)
* nfs: use-after-free in svc_process_common() (CVE-2018-16884)
* Use-after-free in the vmacache_flush_all function resulting in a possible  privilege escalation (CVE-2018-17182)
* Unprivileged users able to inspect kernel stacks of arbitrary tasks  (CVE-2018-17972)
* Privilege escalation on arm64 via KVM hypervisor (CVE-2018-18021)
* TLB flush happens too late on mremap (CVE-2018-18281)
* filesystem corruption due to an unchecked error condition during an xfs  attribute change (CVE-2018-18690)
* Information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c  (CVE-2018-18710)
* kvm: NULL pointer dereference in vcpu_scan_ioapic in arch/x86/kvm/x86.c  (CVE-2018-19407)
* Use-after-free in sound/usb/card.c:usb_audio_probe() (CVE-2018-19824)
* oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)
* Mishandled size checks during the reading of an extra descriptor  (CVE-2018-20169)
* Memory address exposure in drivers/net/appletalk/ipddp.c:ipddp_ioctl() by  users with CAP_NET_ADMIN (CVE-2018-20511)
* Improper validation in bnx2x network card driver can allow for denial of  service attacks via crafted packet (CVE-2018-1000026)
* Missing check in net/can/gw.c:can_can_gw_rcv() allows for crash by users  with CAP_NET_ADMIN (CVE-2019-3701)
* infinite loop in drivers/hid/hid-debug.c:hid_debug_events_read()  (CVE-2019-3819)
* fork: record start_time late (CVE-2019-6133)
* KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)
* KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption  timer (CVE-2019-7221)
* KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)
* Memory leak in the kernel_read_file function in fs/exec.c allows to cause a  denial of service (CVE-2019-8980)
* Lack of check for mmap minimum address in expand_downwards in mm/mmap.c  leads to NULL pointer dereferences exploit on non-SMAP platforms  (CVE-2019-9213)
* Integer overflow in drivers/video/fbdev/uvesafb.c:uvesafb_setcmap() allows for potential denial of service (CVE-2018-13406)
Comment 1 Philipp Hahn univentionstaff 2019-03-19 07:58:39 CET 

*** This bug has been marked as a duplicate of bug 47905 ***
First Last Prev Next    This bug is not in your last search results.