| Errata ID | 135 |
|---|---|
| Date | 2014-07-08 |
| Source package | univention-kernel-image |
| Fixed in version | 7.0.0-13.54.201407080727 |
| Description | The Linux kernel in Univention Corporate Server has been updated to 3.10.46. This provides many bugfixes and also addresses the following security vulnerabilities: * Denial of Service in RDS * Buffer overflow in KVM * Denial of service in vhost_net * Denial of service in CIFS * SCTP denial of service * Denial of service in KVM * Local denial of service in fpu handling * Information leaks in hamradio network ioctl * Information leak in the Netfilter connection tracker for IRC * Information leak in the media_enum_entities() ioctl * Denial of service in selinux * Ipv6 routing denial of service * Denial of service in the atk9k driver * Denial of service in mac80211 * Insufficient access checks on ping sockets * Local denial of service in memory management * Out of bounds read in BPF filters * Denial of service in audit * Incorrect permission checks in inode_capable() * Insufficient access checks on netlink sockets * Integer overflow when processing lz4 compressed kernel images * Various information disclosure, use-after-frees and integer overflows in ALSA user controls * Privilege escalation in ptrace on amd64 In addition a patch was integrated which fixes a kernel oops in the Xen netback driver. |
| Additional notes | |
| CVE ID | CVE-2012-2372 CVE-2013-7339 CVE-2014-0049 CVE-2014-0055 CVE-2014-0077 CVE-2014-0069 CVE-2014-0101 CVE-2014-0155 CVE-2014-1438 CVE-2014-1446 CVE-2014-2678 CVE-2014-1690 CVE-2014-1739 CVE-2014-1874 CVE-2014-2309 CVE-2014-2672 CVE-2014-2706 CVE-2014-2851 CVE-2014-3122 CVE-2014-3144 CVE-2014-3145 CVE-2014-3917 CVE-2014-4014 CVE-2014-0181 CVE-2014-4608 CVE-2014-4656 CVE-2014-4655 CVE-2014-4654 CVE-2014-4653 CVE-2014-4652 CVE-2014-4699 |
| UCS Bug number | #34751 #35178 |
