USN-2910-1 Linux kernel vulnerability


Severity

High

Vendor

Ubuntu

Versions Affected
  • Ubuntu 14.04
Description

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576)

halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575)

It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550)

郭永刚 discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543)

Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569)

David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575)

It was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785)

The Cloud Foundry project released a BOSH stemcell version 3146.9 that has the patched version of the Linux kernel.

Pivotal is releasing an updated version of Pivotal Cloud Foundry Suite which references this patched BOSH stemcell.

Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • All versions of Cloud Foundry BOSH stemcells prior to 3146.5 are vulnerable.
  • Pivotal Cloud Foundry Elastic Runtime pre-1.5.16 versions and 1.6.x versions prior to 1.6.17.
  • Pivotal Ops Manager pre-1.5.15 versions and 1.6.x versions prior to 1.6.11.
  • Pivotal MySQL pre-1.6.8 versions and 1.7.x versions prior to 1.7.5.
  • Pivotal Redis pre-1.4.20 versions and 1.5.x versions prior to 1.5.9.
  • Pivotal Gemfire SSC pre-1.1.0.7 versions and pre-1.1.10.0 versions.
  • Pivotal RabbitMQ pre-1.5.7 versions.
  • Pivotal Ops Metrics pre-1.4.14 versions and pre-1.6.8 versions.
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with BOSH stemcells 3146.9.
  • Pivotal recommends that customers upgrade to the 1.5.16 or later 1.5.x versions or the 1.6.17 or later versions of Pivotal Cloud Foundry Elastic Runtime.
  • 1.5.15 or later 1.5.x versions or the 1.6.8 or later versions of Pivotal Ops Manager.
  • 1.6.6 or later 1.6.x versions or the 1.7.3 or later versions of Pivotal MySQL.
  • 1.1.10.0 or later versions of Pivotal Gemfire SSC.
  • 1.4.20 or later 1.4.x versions and 1.5.9 or later versions of Pivotal Redis.
  • 1.5.7 or later versions of RabbitMQ.
  • The 1.4.14 or later 1.4.x versions or the 1.6.8 or later versions of Pivotal Ops Metrics.
Credit

halfdog, 郭永刚, Dmitry Vyukov, David Miller

References