Date: Tue, 19 May 2020 22:17:42 +0200 From: Solar Designer <solar@...nwall.com> To: owl-users@...ts.openwall.com Subject: Owl kernel update Hi, In a recent discussion with Adam Zabrocki around LKRG and which exploits it prevents, he happened to reference a blog post series from late 2018 on exploiting CVE-2017-11176, and I realized that we didn't patch this vulnerability in Owl kernels. Oops. While Owl isn't actively supported anymore and hasn't been for some years, I am likely to get the really critical fixes like this in. So here goes, in Owl-current only for now: 2020/05/19 Package: kernel SECURITY FIX Severity: high, local, active Merged the most relevant fixes from RHEL5's -436, including for the following local vulnerabilities: use-after-free in sys_mq_notify() allowing for a local root compromise and container escape by any user (CVE-2017-11176), divide-by-zero in __tcp_select_window() allowing for a local DoS (CVE-2017-14106), use-after-free in ALSA allowing for a local root compromise by a host user in group "audio" if the vulnerable kernel module is loaded (CVE-2017-15265). Also fixed is an inconsistency in modify_ldt(2)'s memory (de)allocation, which got introduced along with KPTI in our update to -431 and is known as Red Hat's "bug 1584622" and might have had local security impact. References: https://access.redhat.com/errata/RHSA-2018:3822 https://access.redhat.com/errata/RHSA-2018:2172 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11176 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14106 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15265 https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part1.html I'll likely get this into 3.1-stable soon as well. On a related note, Sergio contributed an update of e2fsprogs into Owl-current earlier this year. While I don't see much need for this one update on its own (without us revitalizing Owl), I also saw no reason to reject it, so we have: 2020/02/04 Package: e2fsprogs SECURITY FIX Severity: none to high, indirect, passive Updated to 1.45.5. Since the version of e2fsprogs that we had packaged previously, multiple vulnerabilities with attack vectors via malicious filesystem images have been found and fixed in e2fsprogs components. Those vulnerabilities don't pose a risk to typical systems that do not use untrusted filesystem images, but are high impact on those that do. References: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247 Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.