Bug 933896 (CVE-2014-9731) - VUL-1: CVE-2014-9731: kernel: fs: udf: information leakage when reading symlink
Summary: VUL-1: CVE-2014-9731: kernel: fs: udf: information leakage when reading symlink
Status: RESOLVED FIXED
Alias: CVE-2014-9731
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Deadline: 2015-07-21
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/117312/
Whiteboard: maint:released:sle10-sp3:62209
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-08 08:22 UTC by Marcus Meissner
Modified: 2016-02-08 15:02 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-06-08 08:22:14 UTC 
via oss-sec

    Linux kernel built with the UDF file system(CONFIG_UDF_FS) support is
    vulnerable to an information leakage issue. It could occur while reading
    symlink information from corrupted/malicious udf file system image.

    An unprivileged user could use this flaw to leak kernel memory bytes.

    Upstream fix:
    -------------
       -> https://git.kernel.org/linus/0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14


This seems to be about constructing a new string without checking
whether there is space for the characters as well as the '\0' at the
end. Use CVE-2014-9731.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1228220
http://seclists.org/oss-sec/2015/q2/626
Comment 1 Swamp Workflow Management 2015-06-08 22:00:27 UTC 
bugbot adjusting priority
Comment 2 Jan Kara 2015-06-16 10:40:12 UTC 
SLE12 has got the fix from stable kernel (3.12.38) - added the CVE reference.
openSUSE-13.2 and 13.1, SLE11-SP3, SLE11-SP4, SLE11-SP1-LTSS, SLES10_SP4_LTSS already have the fix directly - added reference.

All is done from my side so reassigning to security team for further handling.
Comment 3 Michal Hocko 2015-06-16 12:00:48 UTC 
(In reply to Jan Kara from comment #2)
> SLE12 has got the fix from stable kernel (3.12.38) - added the CVE reference.
> openSUSE-13.2 and 13.1, SLE11-SP3, SLE11-SP4, SLE11-SP1-LTSS,
> SLES10_SP4_LTSS already have the fix directly - added reference.

Same done in SLE11-SP3-TD and added patch to SLE11-SP1-TD because I didn't have it there previously.
Comment 4 Swamp Workflow Management 2015-07-10 14:10:23 UTC 
SUSE-SU-2015:1224-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 915517,919007,922583,923908,927355,929525,929647,930786,933429,933896,933904,933907,935705,936831
CVE References: 
Sources used:
SUSE Linux Enterprise Server 11-SP3-TERADATA (src):    kernel-source-3.0.101-57.TDC.2, kernel-syms-3.0.101-57.TDC.2
Comment 6 Swamp Workflow Management 2015-07-14 09:04:58 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-07-21.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62208
Comment 7 Swamp Workflow Management 2015-07-31 08:21:28 UTC 
SUSE-SU-2015:1324-1: An update that solves 11 vulnerabilities and has 63 fixes is now available.

Category: security (important)
Bug References: 854817,854824,858727,866911,867362,895814,903279,907092,908491,915183,917630,918618,921430,924071,924526,926369,926953,927455,927697,927786,928131,929475,929696,929879,929974,930092,930399,930579,930599,930972,931124,931403,931538,931620,931860,931988,932348,932793,932897,932898,932899,932900,932967,933117,933429,933637,933896,933904,933907,934160,935083,935085,935088,935174,935542,935881,935918,936012,936423,936445,936446,936502,936556,936831,936875,937032,937087,937609,937612,937613,937616,938022,938023,938024
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-1805,CVE-2015-3212,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-5364,CVE-2015-5366
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    kernel-default-3.12.44-52.10.1
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.44-52.10.3, kernel-obs-build-3.12.44-52.10.1
SUSE Linux Enterprise Server 12 (src):    kernel-default-3.12.44-52.10.1, kernel-source-3.12.44-52.10.1, kernel-syms-3.12.44-52.10.1, kernel-xen-3.12.44-52.10.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.44-52.10.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_6-1-2.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-default-3.12.44-52.10.1, kernel-source-3.12.44-52.10.1, kernel-syms-3.12.44-52.10.1, kernel-xen-3.12.44-52.10.1
Comment 8 Swamp Workflow Management 2015-09-22 08:19:16 UTC 
SUSE-SU-2015:1592-1: An update that solves 14 vulnerabilities and has 45 fixes is now available.

Category: security (important)
Bug References: 851068,867362,873385,883380,886785,894936,915517,917830,919463,920110,920250,920733,921430,923245,924701,925705,925881,925903,926240,926953,927355,927786,929142,929143,930092,930761,930934,931538,932348,932458,933429,933896,933904,933907,933936,934742,934944,935053,935572,935705,935866,935906,936077,936423,936637,936831,936875,936925,937032,937402,937444,937503,937641,937855,939910,939994,940338,940398,942350
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0777,CVE-2015-1420,CVE-2015-1805,CVE-2015-2150,CVE-2015-2830,CVE-2015-4167,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP3 (src):    kernel-rt-3.0.101.rt130-0.33.40.1, kernel-rt_trace-3.0.101.rt130-0.33.40.1, kernel-source-rt-3.0.101.rt130-0.33.40.1, kernel-syms-rt-3.0.101.rt130-0.33.40.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-rt-3.0.101.rt130-0.33.40.1, kernel-rt_trace-3.0.101.rt130-0.33.40.1
Comment 9 Swamp Workflow Management 2015-10-05 15:20:41 UTC 
SUSE-SU-2015:1678-1: An update that solves 15 vulnerabilities and has 67 fixes is now available.

Category: security (moderate)
Bug References: 777565,867362,873385,883380,884333,886785,891116,894936,915517,917830,917968,919463,920016,920110,920250,920733,921430,923002,923245,923431,924701,925705,925881,925903,926240,926953,927355,928988,929076,929142,929143,930092,930934,931620,932350,932458,932882,933429,933721,933896,933904,933907,933936,934944,935053,935055,935572,935705,935866,935906,936077,936095,936118,936423,936637,936831,936875,936921,936925,937032,937256,937402,937444,937503,937641,937855,938485,939910,939994,940338,940398,940925,940966,942204,942305,942350,942367,942404,942605,942688,942938,943477
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0777,CVE-2015-1420,CVE-2015-1805,CVE-2015-2150,CVE-2015-2830,CVE-2015-4167,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6252
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-65.3
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-ec2-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-source-3.0.101-65.1, kernel-syms-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-source-3.0.101-65.1, kernel-syms-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-ec2-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
Comment 10 Marcus Meissner 2016-01-22 08:12:24 UTC 
released
Comment 11 Swamp Workflow Management 2016-02-01 15:19:14 UTC 
openSUSE-SU-2016:0301-1: An update that solves 57 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 814440,851610,869564,873385,906545,907818,909077,909477,911326,912202,915517,915577,917830,918333,919007,919018,919463,919596,921313,921949,922583,922936,922944,926238,926240,927780,927786,928130,929525,930399,931988,932348,933896,933904,933907,933934,935542,935705,936502,936831,937032,937033,937969,938706,940338,944296,945825,947155,949936,950998,951194,951440,951627,952384,952579,952976,953052,953527,954138,954404,955224,955354,955422,956708,956934,957988,957990,958504,958510,958886,958951,959190,959399,959568,960839,961509,961739,962075
CVE References: CVE-2014-2568,CVE-2014-8133,CVE-2014-8989,CVE-2014-9090,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2014-9715,CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0272,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-2925,CVE-2015-3212,CVE-2015-3339,CVE-2015-3636,CVE-2015-4001,CVE-2015-4002,CVE-2015-4003,CVE-2015-4004,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-4700,CVE-2015-5157,CVE-2015-5283,CVE-2015-5307,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6937,CVE-2015-7550,CVE-2015-7799,CVE-2015-7833,CVE-2015-7872,CVE-2015-7885,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2016-0728
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.22.2, crash-7.0.2-2.22.2, hdjmod-1.28-16.22.2, ipset-6.21.1-2.26.2, iscsitarget-1.4.20.3-13.22.2, kernel-debug-3.11.10-32.1, kernel-default-3.11.10-32.1, kernel-desktop-3.11.10-32.1, kernel-docs-3.11.10-32.3, kernel-ec2-3.11.10-32.1, kernel-pae-3.11.10-32.1, kernel-source-3.11.10-32.1, kernel-syms-3.11.10-32.1, kernel-trace-3.11.10-32.1, kernel-vanilla-3.11.10-32.1, kernel-xen-3.11.10-32.1, ndiswrapper-1.58-22.1, pcfclock-0.44-258.22.1, vhba-kmp-20130607-2.23.1, virtualbox-4.2.36-2.55.1, xen-4.3.4_10-56.1, xtables-addons-2.3-2.22.1