Security fixes for 4.4.x

Security fixes for 4.4.x

[Moritz Muehlenhoff]

Hi,
I checked for missing security fixes as of 4.4.12. Can you please
merge the following? (didn't check other stable kernels):

CVE-2015-7833: [media] usbvision fix overflow of interfaces array
588afcc1c0e45358159090d95bf7b246fb67565f
(second part of that was already merged in 4.4.8)

CVE-2016-2847: pipe: limit the per-user amount of pages allocated in pipes
759c01142a5d0f364a462346168a56de28a80f52
(the patch mentions CVE-2013-4312, but a different CVE ID was assigned later)

CVE-2016-0758: KEYS: Fix ASN.1 indefinite length object parsing
23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa

CVE-2016-4578: ALSA: timer: Fix leak in events via snd_timer_user_ccallback
               ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6, e4ec8cc8039a7063e24204299b462bd1383184a5

CVE-2016-4569: ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
cec8f96e49d9be372fdb0c3836dcf31ec71e457e

Cheers,
Moritz

Re: Security fixes for 4.4.x

[Greg KH]

On Thu, Jun 02, 2016 at 10:49:09AM +0200, Moritz Muehlenhoff wrote:
> Hi,
> I checked for missing security fixes as of 4.4.12. Can you please
> merge the following? (didn't check other stable kernels):
> 
> CVE-2015-7833: [media] usbvision fix overflow of interfaces array
> 588afcc1c0e45358159090d95bf7b246fb67565f
> (second part of that was already merged in 4.4.8)

Are you sure about this one?  I thought there was discussions about if
this was correct or not...

> CVE-2016-2847: pipe: limit the per-user amount of pages allocated in pipes
> 759c01142a5d0f364a462346168a56de28a80f52
> (the patch mentions CVE-2013-4312, but a different CVE ID was assigned later)

Have you tested this?

> CVE-2016-0758: KEYS: Fix ASN.1 indefinite length object parsing
> 23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa

Is this a real issue?  If so, can you cc: the patch authors and ask them
if they want this in a stable kernel?

Same goes for all of these patches that are not originally tagged with a
stable mark, I need the acks from the maintainers.

> 
> CVE-2016-4578: ALSA: timer: Fix leak in events via snd_timer_user_ccallback
>                ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
> 9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6, e4ec8cc8039a7063e24204299b462bd1383184a5
> 
> CVE-2016-4569: ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
> cec8f96e49d9be372fdb0c3836dcf31ec71e457e

There might have been a reason these were not tagged with stable marks,
have you tested to see if they are relevant?

thanks,

greg k-h

Re: Security fixes for 4.4.x

[Moritz Muehlenhoff]

Hi,

On Thu, Jun 02, 2016 at 09:27:16AM -0700, Greg KH wrote:
> On Thu, Jun 02, 2016 at 10:49:09AM +0200, Moritz Muehlenhoff wrote:
> > Hi,
> > I checked for missing security fixes as of 4.4.12. Can you please
> > merge the following? (didn't check other stable kernels):
> > 
> > CVE-2015-7833: [media] usbvision fix overflow of interfaces array
> > 588afcc1c0e45358159090d95bf7b246fb67565f
> > (second part of that was already merged in 4.4.8)
> 
> Are you sure about this one?  I thought there was discussions about if
> this was correct or not...
> 
> > CVE-2016-2847: pipe: limit the per-user amount of pages allocated in pipes
> > 759c01142a5d0f364a462346168a56de28a80f52
> > (the patch mentions CVE-2013-4312, but a different CVE ID was assigned later)
> 
> Have you tested this?

588afcc1c0e45358159090d95bf7b246fb67565f has been cherrypicked into the
Debian sid kernel since December and 759c01142a5d0f364a462346168a56de28a80f52
since February without problems.

> > CVE-2016-0758: KEYS: Fix ASN.1 indefinite length object parsing
> > 23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa
> 
> Is this a real issue?  If so, can you cc: the patch authors and ask them
> if they want this in a stable kernel?

Sure, will followup for the other patches in separate mail.

Cheers,
        Moritz

Re: Security fixes for 4.4.x

[Greg KH]

On Fri, Jun 03, 2016 at 04:09:34PM +0200, Moritz Muehlenhoff wrote:
> Hi,
> 
> On Thu, Jun 02, 2016 at 09:27:16AM -0700, Greg KH wrote:
> > On Thu, Jun 02, 2016 at 10:49:09AM +0200, Moritz Muehlenhoff wrote:
> > > Hi,
> > > I checked for missing security fixes as of 4.4.12. Can you please
> > > merge the following? (didn't check other stable kernels):
> > > 
> > > CVE-2015-7833: [media] usbvision fix overflow of interfaces array
> > > 588afcc1c0e45358159090d95bf7b246fb67565f
> > > (second part of that was already merged in 4.4.8)
> > 
> > Are you sure about this one?  I thought there was discussions about if
> > this was correct or not...
> > 
> > > CVE-2016-2847: pipe: limit the per-user amount of pages allocated in pipes
> > > 759c01142a5d0f364a462346168a56de28a80f52
> > > (the patch mentions CVE-2013-4312, but a different CVE ID was assigned later)
> > 
> > Have you tested this?
> 
> 588afcc1c0e45358159090d95bf7b246fb67565f has been cherrypicked into the
> Debian sid kernel since December and 759c01142a5d0f364a462346168a56de28a80f52
> since February without problems.

Ok, thanks for letting me know, I've queued these up now.

> > > CVE-2016-0758: KEYS: Fix ASN.1 indefinite length object parsing
> > > 23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa
> > 
> > Is this a real issue?  If so, can you cc: the patch authors and ask them
> > if they want this in a stable kernel?
> 
> Sure, will followup for the other patches in separate mail.

Wonderful, thanks for doing this.

greg k-h