933904 – (CVE-2014-9728) VUL-0: CVE-2014-9728 CVE-2014-9729 CVE-2014-9730: kernel: fs: udf: heap overflow in __udf_adinicb_readpage

Bug 933904 (CVE-2014-9728) - VUL-0: CVE-2014-9728 CVE-2014-9729 CVE-2014-9730: kernel: fs: udf: heap overflow in __udf_adinicb_readpage

Summary: VUL-0: CVE-2014-9728 CVE-2014-9729 CVE-2014-9730: kernel: fs: udf: heap overf...

Status:	RESOLVED FIXED

Alias:	CVE-2014-9728

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2015-07-21
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/117313/
Whiteboard:	maint:released:sle10-sp3:62209
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-06-08 09:09 UTC by Marcus Meissner
Modified:	2016-02-08 14:54 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-06-08 09:09:52 UTC

via oss-sec

http://seclists.org/oss-sec/2015/q2/625

Note three CVEs / fixes in one bug:

> Linux kernel built with the UDF file system(CONFIG_UDF_FS) support is
> vulnerable to a crash. It could occur while reading from a corrupted/malicious
> udf file system image.

> An unprivileged user could use this flaw to crash the kernel resulting in DoS.

> Upstream fixes:
    ---------------
       -> https://git.kernel.org/linus/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58
       -> https://git.kernel.org/linus/e237ec37ec154564f8690c5bd1795339955eeef9
       -> https://git.kernel.org/linus/a1d47b262952a45aae62bd49cfaf33dd76c11a2c


We feel that this is best covered by three CVE IDs, although not with
a one-to-one mapping. The "length can be too long" problems addressed
in all three commits are assigned CVE-2014-9728.
e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 is also about a separate
data-structure consistency issue (the "iinfo->i_lenAlloc !=
inode->i_size" issue): this is assigned CVE-2014-9729. Finally,
e237ec37ec154564f8690c5bd1795339955eeef9 is also about a separate
state-identification issue ("properly ignore component length for
component types that do not use it"): this is assigned CVE-2014-9730.

- -- 
CVE assignment team, MITRE CVE Numbering Authority

Comment 1 Swamp Workflow Management 2015-06-08 22:00:49 UTC

bugbot adjusting priority

Comment 2 Jan Kara 2015-06-16 15:27:16 UTC

SLE12 has the fixes from stable, SLE11-SP3, SLE11-SP1-LTSS, SLES10-SP4-LTSS, openSUSE-13.1, openSUSE-13.2 have the patches directly. Just updated references.

All done from my side. Reassigning to security team for further handling.

Comment 3 Michal Hocko 2015-06-16 15:48:29 UTC

updated references in SLE11-SP3-TD as well and added to SLE11-SP1-TD as this branch didn't have those patches at all.

Comment 4 Swamp Workflow Management 2015-07-10 14:10:34 UTC

SUSE-SU-2015:1224-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 915517,919007,922583,923908,927355,929525,929647,930786,933429,933896,933904,933907,935705,936831
CVE References: 
Sources used:
SUSE Linux Enterprise Server 11-SP3-TERADATA (src):    kernel-source-3.0.101-57.TDC.2, kernel-syms-3.0.101-57.TDC.2

Comment 6 Swamp Workflow Management 2015-07-14 09:04:47 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-07-21.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62208

Comment 9 Swamp Workflow Management 2015-07-31 08:21:40 UTC

SUSE-SU-2015:1324-1: An update that solves 11 vulnerabilities and has 63 fixes is now available.

Category: security (important)
Bug References: 854817,854824,858727,866911,867362,895814,903279,907092,908491,915183,917630,918618,921430,924071,924526,926369,926953,927455,927697,927786,928131,929475,929696,929879,929974,930092,930399,930579,930599,930972,931124,931403,931538,931620,931860,931988,932348,932793,932897,932898,932899,932900,932967,933117,933429,933637,933896,933904,933907,934160,935083,935085,935088,935174,935542,935881,935918,936012,936423,936445,936446,936502,936556,936831,936875,937032,937087,937609,937612,937613,937616,938022,938023,938024
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-1805,CVE-2015-3212,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-5364,CVE-2015-5366
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    kernel-default-3.12.44-52.10.1
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.44-52.10.3, kernel-obs-build-3.12.44-52.10.1
SUSE Linux Enterprise Server 12 (src):    kernel-default-3.12.44-52.10.1, kernel-source-3.12.44-52.10.1, kernel-syms-3.12.44-52.10.1, kernel-xen-3.12.44-52.10.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.44-52.10.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_6-1-2.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-default-3.12.44-52.10.1, kernel-source-3.12.44-52.10.1, kernel-syms-3.12.44-52.10.1, kernel-xen-3.12.44-52.10.1

Comment 10 Swamp Workflow Management 2015-09-22 08:19:28 UTC

SUSE-SU-2015:1592-1: An update that solves 14 vulnerabilities and has 45 fixes is now available.

Category: security (important)
Bug References: 851068,867362,873385,883380,886785,894936,915517,917830,919463,920110,920250,920733,921430,923245,924701,925705,925881,925903,926240,926953,927355,927786,929142,929143,930092,930761,930934,931538,932348,932458,933429,933896,933904,933907,933936,934742,934944,935053,935572,935705,935866,935906,936077,936423,936637,936831,936875,936925,937032,937402,937444,937503,937641,937855,939910,939994,940338,940398,942350
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0777,CVE-2015-1420,CVE-2015-1805,CVE-2015-2150,CVE-2015-2830,CVE-2015-4167,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP3 (src):    kernel-rt-3.0.101.rt130-0.33.40.1, kernel-rt_trace-3.0.101.rt130-0.33.40.1, kernel-source-rt-3.0.101.rt130-0.33.40.1, kernel-syms-rt-3.0.101.rt130-0.33.40.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-rt-3.0.101.rt130-0.33.40.1, kernel-rt_trace-3.0.101.rt130-0.33.40.1

Comment 11 Swamp Workflow Management 2015-10-05 15:20:53 UTC

SUSE-SU-2015:1678-1: An update that solves 15 vulnerabilities and has 67 fixes is now available.

Category: security (moderate)
Bug References: 777565,867362,873385,883380,884333,886785,891116,894936,915517,917830,917968,919463,920016,920110,920250,920733,921430,923002,923245,923431,924701,925705,925881,925903,926240,926953,927355,928988,929076,929142,929143,930092,930934,931620,932350,932458,932882,933429,933721,933896,933904,933907,933936,934944,935053,935055,935572,935705,935866,935906,936077,936095,936118,936423,936637,936831,936875,936921,936925,937032,937256,937402,937444,937503,937641,937855,938485,939910,939994,940338,940398,940925,940966,942204,942305,942350,942367,942404,942605,942688,942938,943477
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0777,CVE-2015-1420,CVE-2015-1805,CVE-2015-2150,CVE-2015-2830,CVE-2015-4167,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6252
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-65.3
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-ec2-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-source-3.0.101-65.1, kernel-syms-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-source-3.0.101-65.1, kernel-syms-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-ec2-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1

Comment 12 Marcus Meissner 2016-01-22 08:12:16 UTC

released

Comment 13 Swamp Workflow Management 2016-02-01 15:19:25 UTC

openSUSE-SU-2016:0301-1: An update that solves 57 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 814440,851610,869564,873385,906545,907818,909077,909477,911326,912202,915517,915577,917830,918333,919007,919018,919463,919596,921313,921949,922583,922936,922944,926238,926240,927780,927786,928130,929525,930399,931988,932348,933896,933904,933907,933934,935542,935705,936502,936831,937032,937033,937969,938706,940338,944296,945825,947155,949936,950998,951194,951440,951627,952384,952579,952976,953052,953527,954138,954404,955224,955354,955422,956708,956934,957988,957990,958504,958510,958886,958951,959190,959399,959568,960839,961509,961739,962075
CVE References: CVE-2014-2568,CVE-2014-8133,CVE-2014-8989,CVE-2014-9090,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2014-9715,CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0272,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-2925,CVE-2015-3212,CVE-2015-3339,CVE-2015-3636,CVE-2015-4001,CVE-2015-4002,CVE-2015-4003,CVE-2015-4004,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-4700,CVE-2015-5157,CVE-2015-5283,CVE-2015-5307,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6937,CVE-2015-7550,CVE-2015-7799,CVE-2015-7833,CVE-2015-7872,CVE-2015-7885,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2016-0728
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.22.2, crash-7.0.2-2.22.2, hdjmod-1.28-16.22.2, ipset-6.21.1-2.26.2, iscsitarget-1.4.20.3-13.22.2, kernel-debug-3.11.10-32.1, kernel-default-3.11.10-32.1, kernel-desktop-3.11.10-32.1, kernel-docs-3.11.10-32.3, kernel-ec2-3.11.10-32.1, kernel-pae-3.11.10-32.1, kernel-source-3.11.10-32.1, kernel-syms-3.11.10-32.1, kernel-trace-3.11.10-32.1, kernel-vanilla-3.11.10-32.1, kernel-xen-3.11.10-32.1, ndiswrapper-1.58-22.1, pcfclock-0.44-258.22.1, vhba-kmp-20130607-2.23.1, virtualbox-4.2.36-2.55.1, xen-4.3.4_10-56.1, xtables-addons-2.3-2.22.1