First Last Prev Next    This bug is not in your last search results.
Bug 933907 - (CVE-2015-4167) VUL-0: CVE-2015-4167: kernel: fs: udf: Check length of extended attributes to avoid oops
(CVE-2015-4167)
VUL-0: CVE-2015-4167: kernel: fs: udf: Check length of extended attributes to...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/117315/
maint:released:sle10-sp3:62209
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-06-08 09:25 UTC by Marcus Meissner
Modified: 2016-02-08 14:54 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
[PATCH 1/2] udf: Remove repeated loads of blocksize (2.83 KB, patch)
2015-06-17 09:28 UTC, Jan Kara 		Details | Diff
[PATCH 2/2] udf: Check length of extended attributes and allocation (1.26 KB, patch)
2015-06-17 09:28 UTC, Jan Kara 		Details | Diff
[PATCH 1/2 SLE10] udf: Remove repeated loads of blocksize (2.84 KB, patch)
2015-06-17 09:42 UTC, Jan Kara 		Details | Diff
[PATCH 2/2 SLE10] udf: Check length of extended attributes and allocation (1.29 KB, patch)
2015-06-17 09:43 UTC, Jan Kara 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-06-08 09:25:55 UTC 
via oss-sec

http://seclists.org/oss-sec/2015/q2/624


    Linux kernel built with the UDF file system(CONFIG_UDF_FS) support is
    vulnerable to a crash. It could occur while fetching inode information from a
    corrupted/malicious udf file system image.

    An unprivileged user could use this flaw to crash the kernel resulting in
    DoS.

    Upstream fix:
    -------------
       -> https://git.kernel.org/linus/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0


Use CVE-2015-4167.
Comment 1 Marcus Meissner 2015-06-08 12:57:08 UTC 
oops by inserting cdrom
Comment 2 Swamp Workflow Management 2015-06-08 22:01:00 UTC 
bugbot adjusting priority
Comment 3 Jan Kara 2015-06-17 09:24:20 UTC 
Pushed the fix to SLE12, SLE11-SP3, SLE11-SP1-LTSS, SLES10-SP4-LTSS, openSUSE-13.1, and openSUSE-13.2 branches.

Sorry Michal, it isn't easy to push the fix to CVE branches as it depends on other UDF fixes which were committed earlier and are not in the CVE branches. You'll have to pick up the change directly from respective SLE branches.

I'll attach here the patches for reference.
Comment 4 Jan Kara 2015-06-17 09:28:11 UTC 
Created attachment 638161 [details]
[PATCH 1/2] udf: Remove repeated loads of blocksize
Comment 5 Jan Kara 2015-06-17 09:28:58 UTC 
Created attachment 638163 [details]
[PATCH 2/2] udf: Check length of extended attributes and allocation
Comment 6 Jan Kara 2015-06-17 09:34:25 UTC 
The above patches are actually version from openSUSE-13.2 branch. openSUSE-13.1, SLE12, SLE11-SP3, and SLE11-SP1-LTSS branches needed refresh due to small context differences but I guess there's no point in attaching them all here.
Comment 7 Jan Kara 2015-06-17 09:42:51 UTC 
Created attachment 638168 [details]
[PATCH 1/2 SLE10] udf: Remove repeated loads of blocksize

Version for SLES10-SP4-LTSS branch
Comment 8 Jan Kara 2015-06-17 09:43:31 UTC 
Created attachment 638169 [details]
[PATCH 2/2 SLE10] udf: Check length of extended attributes and allocation

Version for SLES10-SP4-LTSS
Comment 9 Jan Kara 2015-06-17 09:44:27 UTC 
All is done from my side, reassigning to security team for further handling.
Comment 10 Michal Hocko 2015-06-17 13:09:29 UTC 
(In reply to Jan Kara from comment #3)
> Pushed the fix to SLE12, SLE11-SP3, SLE11-SP1-LTSS, SLES10-SP4-LTSS,
> openSUSE-13.1, and openSUSE-13.2 branches.
> 
> Sorry Michal, it isn't easy to push the fix to CVE branches as it depends on
> other UDF fixes which were committed earlier and are not in the CVE
> branches. You'll have to pick up the change directly from respective SLE
> branches.

No problem at all. Cherry-picked from respective branches to SLES10-SP3-TD, SLE11-SP1-TD and SLE11-SP3-TD
Comment 11 Swamp Workflow Management 2015-07-10 14:10:47 UTC 
SUSE-SU-2015:1224-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 915517,919007,922583,923908,927355,929525,929647,930786,933429,933896,933904,933907,935705,936831
CVE References: 
Sources used:
SUSE Linux Enterprise Server 11-SP3-TERADATA (src):    kernel-source-3.0.101-57.TDC.2, kernel-syms-3.0.101-57.TDC.2
Comment 13 Swamp Workflow Management 2015-07-14 09:05:09 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-07-21.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62208
Comment 16 Swamp Workflow Management 2015-07-31 08:21:55 UTC 
SUSE-SU-2015:1324-1: An update that solves 11 vulnerabilities and has 63 fixes is now available.

Category: security (important)
Bug References: 854817,854824,858727,866911,867362,895814,903279,907092,908491,915183,917630,918618,921430,924071,924526,926369,926953,927455,927697,927786,928131,929475,929696,929879,929974,930092,930399,930579,930599,930972,931124,931403,931538,931620,931860,931988,932348,932793,932897,932898,932899,932900,932967,933117,933429,933637,933896,933904,933907,934160,935083,935085,935088,935174,935542,935881,935918,936012,936423,936445,936446,936502,936556,936831,936875,937032,937087,937609,937612,937613,937616,938022,938023,938024
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-1805,CVE-2015-3212,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-5364,CVE-2015-5366
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    kernel-default-3.12.44-52.10.1
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.44-52.10.3, kernel-obs-build-3.12.44-52.10.1
SUSE Linux Enterprise Server 12 (src):    kernel-default-3.12.44-52.10.1, kernel-source-3.12.44-52.10.1, kernel-syms-3.12.44-52.10.1, kernel-xen-3.12.44-52.10.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.44-52.10.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_6-1-2.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-default-3.12.44-52.10.1, kernel-source-3.12.44-52.10.1, kernel-syms-3.12.44-52.10.1, kernel-xen-3.12.44-52.10.1
Comment 17 Swamp Workflow Management 2015-09-22 08:19:39 UTC 
SUSE-SU-2015:1592-1: An update that solves 14 vulnerabilities and has 45 fixes is now available.

Category: security (important)
Bug References: 851068,867362,873385,883380,886785,894936,915517,917830,919463,920110,920250,920733,921430,923245,924701,925705,925881,925903,926240,926953,927355,927786,929142,929143,930092,930761,930934,931538,932348,932458,933429,933896,933904,933907,933936,934742,934944,935053,935572,935705,935866,935906,936077,936423,936637,936831,936875,936925,937032,937402,937444,937503,937641,937855,939910,939994,940338,940398,942350
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0777,CVE-2015-1420,CVE-2015-1805,CVE-2015-2150,CVE-2015-2830,CVE-2015-4167,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP3 (src):    kernel-rt-3.0.101.rt130-0.33.40.1, kernel-rt_trace-3.0.101.rt130-0.33.40.1, kernel-source-rt-3.0.101.rt130-0.33.40.1, kernel-syms-rt-3.0.101.rt130-0.33.40.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-rt-3.0.101.rt130-0.33.40.1, kernel-rt_trace-3.0.101.rt130-0.33.40.1
Comment 18 Swamp Workflow Management 2015-10-05 15:21:04 UTC 
SUSE-SU-2015:1678-1: An update that solves 15 vulnerabilities and has 67 fixes is now available.

Category: security (moderate)
Bug References: 777565,867362,873385,883380,884333,886785,891116,894936,915517,917830,917968,919463,920016,920110,920250,920733,921430,923002,923245,923431,924701,925705,925881,925903,926240,926953,927355,928988,929076,929142,929143,930092,930934,931620,932350,932458,932882,933429,933721,933896,933904,933907,933936,934944,935053,935055,935572,935705,935866,935906,936077,936095,936118,936423,936637,936831,936875,936921,936925,937032,937256,937402,937444,937503,937641,937855,938485,939910,939994,940338,940398,940925,940966,942204,942305,942350,942367,942404,942605,942688,942938,943477
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0777,CVE-2015-1420,CVE-2015-1805,CVE-2015-2150,CVE-2015-2830,CVE-2015-4167,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6252
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-65.3
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-ec2-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-source-3.0.101-65.1, kernel-syms-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-source-3.0.101-65.1, kernel-syms-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-ec2-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
Comment 19 Marcus Meissner 2016-01-22 08:12:01 UTC 
released, although i did not see 11-sp3
Comment 21 Swamp Workflow Management 2016-02-01 15:19:37 UTC 
openSUSE-SU-2016:0301-1: An update that solves 57 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 814440,851610,869564,873385,906545,907818,909077,909477,911326,912202,915517,915577,917830,918333,919007,919018,919463,919596,921313,921949,922583,922936,922944,926238,926240,927780,927786,928130,929525,930399,931988,932348,933896,933904,933907,933934,935542,935705,936502,936831,937032,937033,937969,938706,940338,944296,945825,947155,949936,950998,951194,951440,951627,952384,952579,952976,953052,953527,954138,954404,955224,955354,955422,956708,956934,957988,957990,958504,958510,958886,958951,959190,959399,959568,960839,961509,961739,962075
CVE References: CVE-2014-2568,CVE-2014-8133,CVE-2014-8989,CVE-2014-9090,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2014-9715,CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0272,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-2925,CVE-2015-3212,CVE-2015-3339,CVE-2015-3636,CVE-2015-4001,CVE-2015-4002,CVE-2015-4003,CVE-2015-4004,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-4700,CVE-2015-5157,CVE-2015-5283,CVE-2015-5307,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6937,CVE-2015-7550,CVE-2015-7799,CVE-2015-7833,CVE-2015-7872,CVE-2015-7885,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2016-0728
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.22.2, crash-7.0.2-2.22.2, hdjmod-1.28-16.22.2, ipset-6.21.1-2.26.2, iscsitarget-1.4.20.3-13.22.2, kernel-debug-3.11.10-32.1, kernel-default-3.11.10-32.1, kernel-desktop-3.11.10-32.1, kernel-docs-3.11.10-32.3, kernel-ec2-3.11.10-32.1, kernel-pae-3.11.10-32.1, kernel-source-3.11.10-32.1, kernel-syms-3.11.10-32.1, kernel-trace-3.11.10-32.1, kernel-vanilla-3.11.10-32.1, kernel-xen-3.11.10-32.1, ndiswrapper-1.58-22.1, pcfclock-0.44-258.22.1, vhba-kmp-20130607-2.23.1, virtualbox-4.2.36-2.55.1, xen-4.3.4_10-56.1, xtables-addons-2.3-2.22.1
First Last Prev Next    This bug is not in your last search results.