Univention Corporate Server 4.4 erratum 481 (security)

This updates the Linux kernel to version 4.9.210, which addresses (among
others) the following security issues:
* NULL pointer dereference in lookup_slow function (CVE-2018-13093)
* NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094)
* Use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976)
* Use-after-free can be caused by the function rsi_mac80211_detach in the
  file drivers/net/wireless/rsi/rsi_91x_mac80211.c (CVE-2018-21008)
* Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software
  driver before version 21.10 may allow an unauthenticated user to
  potentially enable denial of service via adjacent access. (CVE-2019-0136)
* A use-after-free in binder.c allows an elevation of privilege from an
  application to the Linux Kernel. No user interaction is required to exploit
  this vulnerability, however exploitation does require either the
  installation of a malicious local application or a separate vulnerability
  in a network facing application. (CVE-2019-2215)
* CIFS: Relative paths injection in directory entry lists (CVE-2019-10220)
* NULL pointer dereference in dlpar_parse_cc_property in
  arch/powerrc/platforms/pseries/dlpar.c causing denial of service
  (CVE-2019-12614)
* Intel graphics card information leak. (CVE-2019-14615)
* Heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver
  leading to DoS (CVE-2019-14814)
* Heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver
  leading to DoS (CVE-2019-14815)
* Heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver
  (CVE-2019-14816)
* Heap-based buffer overflow in mwifiex_process_country_ie() function in
  drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)
* Heap-based buffer overflow in lbs_ibss_join_existing function in
  drivers/net/wireless/marvell/libertas/cfg.c (CVE-2019-14896)
* Stack-based buffer overflow in add_ie_rates function in
  drivers/net/wireless/marvell/libertas/cfg.c (CVE-2019-14897)
* Heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)
* PowerPC: local user can read vector registers of other users' processes via
  a Facility Unavailable exception (CVE-2019-15030)
* A NULL pointer dereference in drivers/net/wireless/ath/ath6kl/usb.c leads
  to a crash (CVE-2019-15098)
* NULL pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver
  (CVE-2019-15217)
* NULL pointer dereference in the flexcop_usb_probe function in the
  drivers/media/usb/b2c2/flexcop-usb.c (CVE-2019-15291)
* Out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c
  (CVE-2019-15505)
* Use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)
* Buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746)
* Unprivileged users able to create RAW sockets in the AF_AX25 network
  protocol. (CVE-2019-17052)
* Unprivileged users able to create RAW sockets in AF_IEEE802154 network
  protocol. (CVE-2019-17053)
* Privilege escalation in atalk_create in net/appletalk/ddp.c in the
  AF_APPLETALK network module (CVE-2019-17054)
* Unprivileged users able to create RAW sockets in AF_ISDN network protocol.
  (CVE-2019-17055)
* Unprivileged access to llcp_sock_create in net/nfc/llcp_sock.c in the
  AF_NFC socket type. (CVE-2019-17056)
* Denial of service in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c
  (CVE-2019-17075)
* Buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c
  (CVE-2019-17133)
* rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux
  kernel lacks a certain upper-bound check, leading to a buffer overflow
  (CVE-2019-17666)
* The flow_dissector feature allows device tracking (CVE-2019-18282)
* (PowerPC) incomplete Spectre-RSB mitigation leads to information exposure
  (CVE-2019-18660)
* Race condition in
  vivid_stop_generating_vid_cap(),vivid_stop_generating_vid_out(),
  sdr_cap_stop_streaming() (CVE-2019-18683)
* Memory leak in ql_alloc_large_buffers() function in
  drivers/net/ethernet/qlogic/qla3xxx.c (CVE-2019-18806)
* Memory leak in af9005_identify_state() function in
  drivers/media/usb/dvb-usb/af9005.c (CVE-2019-18809)
* NULL-pointer dereference in ext4_empty_dir in fs/ext4/namei.c
  (CVE-2019-19037)
* DoS in unittest_data_add() function in drivers/of/unittest.c
  (CVE-2019-19049)
* DoS in i2400m_op_rfkill_sw_toggle() function in
  drivers/net/wimax/i2400m/op-rfkill.c (CVE-2019-19051)
* DoS in gs_can_open() function in drivers/net/can/usb/gs_usb.c
  (CVE-2019-19052)
* A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in
  drivers/net/wireless/marvell/mwifiex/pcie.c allows to cause DoS
  (CVE-2019-19056)
* Two memory leaks in the mwifiex_pcie_init_evt_ring() function in
  drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS
  (CVE-2019-19057)
* A memory leak in the crypto_report() function in crypto/crypto_user_base.c
  allows for a DoS (CVE-2019-19062)
* Two memory leaks in the rtl_usb_probe() function in
  drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS (CVE-2019-19063)
* A memory leak in the bfad_im_get_stats() function in
  drivers/scsi/bfa/bfad_attr.c allows for a DoS (CVE-2019-19066)
* A memory leak in the rtl8xxxu_submit_int_urb() function in
  drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS
  (CVE-2019-19068)
* In the AppleTalk subsystem in the Linux kernel before 5.1, there is a
  potential NULL pointer dereference because register_snap_client may return
  NULL. This will lead to denial of service in net/appletalk/aarp.c and
  net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka
  CID-9804501fa122. (CVE-2019-19227)
* kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)
* Mounting a crafted ext4 filesystem image, performing some operations, and
  unmounting can lead to a use-after-free in ext4_put_super in
  fs/ext4/super.c (CVE-2019-19447)
* Use-after-free caused by a malicious USB device in the
  drivers/usb/misc/adutux.c driver (CVE-2019-19523)
* A malicious USB device in the drivers/input/ff-memless.c leads to
  use-after-free (CVE-2019-19524)
* Malicious USB device leads to use-after-free in the
  drivers/net/ieee802154/atusb.c driver (CVE-2019-19525)
* Use-after-free caused by a malicious USB device in the
  drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)
* Use-after-free caused by a malicious USB device in the
  drivers/usb/class/cdc-acm.c driver (CVE-2019-19530)
* Use-after-free bug caused by a malicious USB device in the
  drivers/usb/misc/yurex.c driver leads to denial of service (CVE-2019-19531)
* Malicious USB devices can lead to multiple out-of-bounds write
  (CVE-2019-19532)
* Information leak bug caused by a malicious USB device in the
  drivers/media/usb/ttusb-dec/ttusb_dec.c (CVE-2019-19533)
* Information leak bug caused by a malicious USB device in the
  drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)
* Information leak bug caused by a malicious USB device in the
  drivers/net/can/usb/peak_usb/pcan_usb_fd.cdriver (CVE-2019-19535)
* Information leak bug caused by a malicious USB device in the
  drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (CVE-2019-19536)
* Race condition caused by a malicious USB device in the USB character device
  driver layer (CVE-2019-19537)
* Use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry
  related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)
* Uninitialized memory allocation in
  drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c leading to information
  leak (CVE-2019-19947)
* NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of
  mishandling of port disconnection during discovery (CVE-2019-19965)
* Memory leak in __feat_register_sp() in net/dccp/feat.c (CVE-2019-20096)
* In binder_thread_release of binder.c, there is a possible use after free
  due to a race condition. This could lead to local escalation of privilege
  with no additional execution privileges needed. (CVE-2020-0030)