Diff for "KernelTeam/Newsletter/2017-05-31"

2017-05-31

Differences between revisions 5 and 11 (spanning 6 versions)

IconsPage/iconCircle48.png

Ubuntu Kernel Main

Kernel Debugging

IconsPage/IconBug.png

Bug Triage

Kernel Development

Frequently Asked Questions

Contents

Tues May 31, 2017

Tues May 31, 2017

Introduction

This newsletter is to provide a status update from the Ubuntu Kernel Team. There will also be highlights provided for any interesting subjects the team may be working on.

If you would like to reach the kernel team. You can find us at the #ubuntu-kernel channel on FreeNode. Alternatively you can mail the Ubuntu Kernel Team mailing list at: kernel-team@lists.ubuntu.com

Highlights

Prepared 4.10.17 and 4.4.69 upstream stable for zesty/xenial
Latest FWTS release:
- http://smackerelofopinion.blogspot.co.uk/2017/05/what-is-new-in-fwts-170500.html
Blog about fwts frontend - The easy to use text based fwts user interface
- http://smackerelofopinion.blogspot.co.uk/2017/05/firmware-test-suite-text-based-front-end.html
bcc snap version 0.3.0-20170530-1905-aa4543f has been released.
Finished 4.11 configuration review
Update artful/4.11 to 4.11.3
Update unstable/4.12 to 4.12-rc3
The following kernels were promoted to -proposed for testing:
- Zesty 4.10.0-22.24
- Xenial 4.4.0-79.100
- Yakkety 4.8.0-54.57
- linux-lts-trusty 3.13.0-119.166~precise1
- linux-lts-xenial 4.4.0-79.100~14.04.1
- linux-hwe 4.8.0-54.57~16.04.1
- linux-hwe-edge 4.10.0-22.24~16.04.1
- linux-raspi2 4.10.0-1006.8
- linux-raspi2 4.8.0-1038.41
- linux-raspi2 4.4.0-1055.62
- linux-snapdragon 4.4.0-1058.62
The following CVEs are in the Livepatch pipeline:
- CVE-2016-8405 - An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process.
- CVE-2016-8632 - The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.
- CVE-2016-9604 - Keyrings whose name begin with a '.' are special internal keyrings and so userspace isn't allowed to create keyrings by this name to prevent shadowing. However, the patch that added the guard didn't fix KEYCTL_JOIN_SESSION_KEYRING. Not only can that create dot-named keyrings, it can also subscribe to them as a session keyring if they grant SEARCH permission to the user.
  - This, for example, allows a root process to set .builtin_trusted_keys as its session keyring, at which point it has full access because now the possessor permissions are added. This permits root to add extra public keys, thereby bypassing module verification.
- CVE-2017-2584 - arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
- CVE-2017-6353 - net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.
- CVE-2017-7472 - The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.

Devel Kernel Announcements

We're working on getting 4.11 in the archive. It is available in the c-k-t ppa for testing.

Stable Kernel Announcements

Current cycle: 12-May through 03-Jun
====================================================================
         12-May   Last day for kernel commits for this cycle
15-May - 20-May   Kernel prep week.
21-May - 02-Jun   Bug verification & Regression testing..
         05-Jun   Release to -updates.

Kernel Versions
====================================================================
         precise  3.2.0-126.169
          trusty  3.13.0-119.166
           vivid  3.19.0-84.92
          xenial  4.4.0-78.99
         yakkety  4.8.0-53.56

linux-lts-trusty  3.13.0-117.164~precise1
 linux-lts-vivid  3.19.0-80.88~14.04.1
linux-lts-xenial  4.4.0-78.99~14.04.1


Next cycle: 02-Jun through 24-Jun
====================================================================
         02-Jun   Last day for kernel commits for this cycle
05-Jun - 10-Jun   Kernel prep week.
11-Jun - 23-Jun   Bug verification & Regression testing..
         26-Jun   Release to -updates.

Status: CVE's

The current CVE status can be reviewed at the following link:
http://people.canonical.com/~kernel/cve/pkg/ALL-linux.html

KernelTeam/Newsletter/2017-05-31 (last edited 2017-06-02 14:44:04 by jsalisbury)

-  ⇤ ← Revision 5 as of 2017-05-31 14:24:13 → 
  Size: 2370
  Editor: jsalisbury
  Comment:
+   ← Revision 11 as of 2017-06-02 14:44:04 → ⇥
  Size: 5280
  Editor: jsalisbury
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 20:
+ * bcc snap version 0.3.0-20170530-1905-aa4543f has been released.
-Line 24:
+Line 25:
+ * The following kernels were promoted to -proposed for testing:

  * Zesty 4.10.0-22.24
  * Xenial 4.4.0-79.100
  * Yakkety 4.8.0-54.57

  * linux-lts-trusty 3.13.0-119.166~precise1
  * linux-lts-xenial 4.4.0-79.100~14.04.1
  * linux-hwe 4.8.0-54.57~16.04.1
  * linux-hwe-edge 4.10.0-22.24~16.04.1
  * linux-raspi2 4.10.0-1006.8
  * linux-raspi2 4.8.0-1038.41
  * linux-raspi2 4.4.0-1055.62
  * linux-snapdragon 4.4.0-1058.62

 * The following CVEs are in the Livepatch pipeline:

  * CVE-2016-8405 - An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process.

  * CVE-2016-8632 - The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.

  * CVE-2016-9604 - Keyrings whose name begin with a '.' are special internal keyrings and so userspace isn't allowed to create keyrings by this name to prevent shadowing. However, the patch that added the guard didn't fix KEYCTL_JOIN_SESSION_KEYRING. Not only can that create dot-named keyrings, it can also subscribe to them as a session keyring if they grant SEARCH permission to the user.

              *This, for example, allows a root process to set .builtin_trusted_keys as its session keyring, at which point it has full access because now the possessor permissions are added. This permits root to add extra public keys, thereby bypassing module verification.

  * CVE-2017-2584 - arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.

  * CVE-2017-6353 - net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.

  * CVE-2017-7472 - The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
-Line 27:
+Line 60:
+We're working on getting 4.11 in the archive. It is available in the c-k-t ppa for testing.
-Line 34:
+Line 67:
-Current cycle: 21-Apr through 13-May
====================================================================
         21-Apr   Last day for kernel commits for this cycle
24-Apr - 29-Apr   Kernel prep week.
30-Apr - 12-May   Bug verification & Regression testing..
         15-May   Release to -updates.

Kernel Versions
====================================================================
         precise  3.2.0-126.169
          trusty  3.13.0-117.164
           vivid  3.19.0-84.92
          xenial  4.4.0-75.96
         yakkety  4.8.0-49.52

linux-lts-trusty  3.13.0-117.164~precise1
 linux-lts-vivid  3.19.0-84.92~14.04.1
linux-lts-xenial  4.4.0-75.96~14.04.1


Next cycle: 12-May through 03-Jun
+Current cycle: 12-May through 03-Jun
-Line 60:
+Line 73:
+Kernel Versions
====================================================================
         precise  3.2.0-126.169
          trusty  3.13.0-119.166
           vivid  3.19.0-84.92
          xenial  4.4.0-78.99
         yakkety  4.8.0-53.56

linux-lts-trusty  3.13.0-117.164~precise1
 linux-lts-vivid  3.19.0-80.88~14.04.1
linux-lts-xenial  4.4.0-78.99~14.04.1


Next cycle: 02-Jun through 24-Jun
====================================================================
         02-Jun   Last day for kernel commits for this cycle
05-Jun - 10-Jun   Kernel prep week.
11-Jun - 23-Jun   Bug verification & Regression testing..
         26-Jun   Release to -updates.

Ubuntu Wiki