Univention Bugzilla – Bug 50003
linux: Multiple issues (4.4)
Last modified: 2019-08-14 16:35:30 CEST
New Debian linux 4.9.168-1+deb9u5 fixes: This update addresses the following issues: * non-maskable interrupts triggerable by guests (xsa120) (CVE-2015-8553) * Information Exposure through dmesg data from a "pages/cpu" printk call (CVE-2018-5995) * race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836) * Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) * denial of service vector through vfio DMA mappings (CVE-2019-3882) * vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) * net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) * OOB writes in parse_hid_report_descriptor in drivers/input/tablet/gtco.c (CVE-2019-13631) * denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call (CVE-2019-13648) * integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283) * denial of service in drivers/block/floppy.c by setup_format_params division-by-zero (CVE-2019-14284)
--- mirror/ftp/4.4/unmaintained/component/4.4-1-errata/source/linux_4.9.168-1+deb9u4.dsc +++ apt/ucs_4.4-0-errata4.4-1/source/linux_4.9.168-1+deb9u5.dsc @@ -1,3 +1,42 @@ +4.9.168-1+deb9u5 [Sun, 11 Aug 2019 15:53:40 +0100] Ben Hutchings <ben@decadent.org.uk>: + + * [amd64] Add mitigation for Spectre v1 swapgs (CVE-2019-1125): + - cpufeatures: Sort feature word 7 + - speculation: Prepare entry code for Spectre v1 swapgs mitigations + - speculation: Enable Spectre v1 swapgs mitigations + - entry: Use JMP instead of JMPQ + - speculation/swapgs: Exclude ATOMs from speculation through SWAPGS + * [x86] xen/pciback: Don't disable PCI_COMMAND on PCI device reset. + (CVE-2015-8553) + - Add Breaks relation to incompatible qemu-system-x86 versions + * ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt + * percpu: stop printing kernel addresses (CVE-2018-5995) + * scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836) + * block: blk_init_allocated_queue() set q->fq as NULL in the fail case + (CVE-2018-20856) + * vfio/type1: Limit DMA mappings per container (CVE-2019-3882) + * Bluetooth: hci_uart: check for missing tty operations (CVE-2019-10207) + * siphash: add cryptographically secure PRF + * inet: switch IP ID generator to siphash (CVE-2019-10638, CVE-2019-10639) + * Input: gtco - bounds check collection indent level (CVE-2019-13631) + * [ppc64el] tm: Fix oops on sigreturn on systems without TM (CVE-2019-13648) + * floppy: fix div-by-zero in setup_format_params (CVE-2019-14284) + * floppy: fix out-of-bounds read in next_valid_format + * floppy: fix invalid pointer dereference in drive_name + * floppy: fix out-of-bounds read in copy_buffer (CVE-2019-14283) + * inet: Avoid ABI change for IP ID hash change + * vhost: Fix possible infinite loop (CVE-2019-3900): + - vhost-net: set packet weight of tx polling to 2 * vq size + - vhost_net: use packet weight for rx handler, too + - vhost_net: introduce vhost_exceeds_weight() + - vhost: introduce vhost_exceeds_weight() + - vhost_net: fix possible infinite loop + - vhost: scsi: add weight support + * vhost: Ignore ABI changes + * netfilter: ctnetlink: don't use conntrack/expect object addresses as id + * xen: let alloc_xenballooned_pages() fail if not enough memory free + * tcp: Clear sk_send_head after purging the write queue + 4.9.168-1+deb9u4 [Fri, 19 Jul 2019 13:41:00 +0200] Salvatore Bonaccorso <carnil@debian.org>: * ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (CVE-2019-13272) <http://10.200.17.11/4.4-1/#51094133496162801>
OK: apt install linux-image-4.9.0-9-amd64-signed=... linux-image-4.9.0-9-amd64=4.9... OK: amd64 @ kvm + SeaBIOS OK: amd64 @ kvm + OVMF + SB OK: amd64 @ xen16 OK: cat /sys/kernel/security/securelevel ; echo OK: i386 @ kvm OK: uname -a OK: dmesg + Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization OK: YAML OK: announce-errata -V
<http://errata.software-univention.de/ucs/4.4/228.html> <http://errata.software-univention.de/ucs/4.4/229.html>