Re: [Tails-dev] Upgrading the Linux kernel for 1.0?

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Upgrading the Linux kernel for 1.0?
anonym wrote (02 Apr 2014 14:50:51 GMT) :
> Looking at the Debian changelog for the Linux kernel it seems only these
> changes have CVE:s:


Thanks!

I've had a look (details below) and my conclusion is that... I'm
unsure if it's worth taking the risk of introducing regressions in
1.0. Other opinions?

> * nfqueue: Orphan frags in nfqnl_zcopy() and handle errors
> (CVE-2014-2568)


Info leak triggered from the LAN.

> * cifs: ensure that uncached writes handle unmapped areas correctly
> (CVE-2014-0069)


I don't care much about cifs in Tails.

> * kvm: x86: fix emulator buffer overflow (CVE-2014-0049)


Only affects KVM hosts, so n/a.

> * net: fix for a race condition in the inet frag code (CVE-2014-0100)


use-after-free => DoS and "possibly [...] unspecified other impact"
Over ICMP, so generally exploitable only on the LAN.
Requires high CPU load on the attacked system.
This one seems worth fixing.

> * net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
> (CVE-2014-0101)


I don't care much about sctp in Tails.

> * KEYS: Make the keyring cycle detector ignore other keyrings of the
> same name (CVE-2014-0102)


Local users can trigger oops. No big deal.

> * skbuff: skb_segment: orphan frags before copying (CVE-2014-0131)


Info leak triggered from the LAN.

> * ipv6: don't set DST_NOCOUNT for remotely added routes (CVE-2014-2309)


n/a, we block external IPv6.

> Another good resource is
> <http://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/Linux-Linux-Kernel.html>
> where we can see CVE:s not fixed in any Debian kernel yet as well.


FWIW, I was not able to use this web site to give me any
Debian-specific information. The Debian security tracker feels more
useful to me:
https://security-tracker.debian.org/tracker/source-package/linux

Cheers!
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc