| Errata ID | 352 |
|---|---|
| Date | 2015-08-21 |
| Source package | univention-kernel-image |
| Fixed in version | 7.0.0-20.77.201508190548 |
| Description | This erratum updates the Linux kernel in UCS 3.2 to 3.10.87. Among several further bugfixes, this resolves multiple security issues: * Xen did not properly restrict access to PCI command registers (CVE-2015-2150) * The InfiniBand (IB) implementation did not properly restrict use of User Verbs for registration of memory regions (CVE-2014-8159) * Incorrect implementation of SYSENTER emulation (CVE-2015-0239) * iptables doesn't handle SCTP rules unless the SCTP module is loaded (CVE-2014-8160) * ext4 denial of service (CVE-2014-7822) * The pipe implementation did not properly consider the side effects of failed in atomic calls (CVE-2015-1805) * The Btrfs implementation did not ensure that the visible xattr state is consistent with a requested replacement (CVE-2014-9710) * TCP Fast Open local DoS (CVE-2015-3332) * Privilege escalation via ping sockets due to use-after-free (CVE-2015-3636) * Linux UDP checksum DoS (CVE-2015-5364) * Linux UDP checksum DoS EGAIN part (CVE-2015-5366) * Linux mishandles int80 fork from 64-bit tasks (CVE-2015-2830) * Buffer overruns in Linux kernel RFC4106 implementation using AESNI (CVE-2015-3331) * Race condition in the prepare_binprm function in fs/exec.c allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped (CVE-2015-3339) |
| Additional notes | This is the second part of the fix, which provides the meta package. |
| CVE ID | CVE-2015-2150 CVE-2014-8159 CVE-2015-0239 CVE-2014-8160 CVE-2014-7822 CVE-2015-1805 CVE-2014-9710 CVE-2015-3332 CVE-2015-3636 CVE-2015-5364 CVE-2015-5366 CVE-2015-2830 CVE-2015-3331 CVE-2015-3339 |
| UCS Bug number | #38008 |
