Public bug reported: [Impact]
There are a number of recent squashfs hardening fixes in the upstream kernel. They don't have CVE number assigned but it would be good to backport the fixes to harden our kernel against malicious squashfs images. They would harden Ubuntu kernels against potentially malicious snaps. The changes are: * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01cfb7937a9af2abb1136c7e89fbf3fd92952956 * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/id=d512584780d3e6a7cacb2f482834849453d444a1 * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cdbb65c4c7ead680ebe54f4f0d486e2847a500ea * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71755ee5350b63fb1f283de8561cdb61b47f4d1d * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3f94cb99a854fa381fe7fadd97c4f61633717a5 [Test Case] Unfortunately, we don't have access to the reproducers and I'm unaware of any regression tests for the squashfs kernel driver. It is very important that we don't regress snap usage in Ubuntu. In previous squashfs/snap testing, we've noticed that large snaps, such as chromium and libreoffice, do a good job of exercising the squashfs code. It should be sufficient if we make sure those snaps continue to install and work correctly. $ sudo snap install chromium $ sudo snap install libreoffice $ chromium < ensure you can browse to various websites > $ libreoffice < ensure you can create, save, open documents > [ Regression Potential ] Fairly low. The patches are intended to catch corrupted and/or malicious squashfs images. They should not affect well formed squashfs images. These patches are already present in the Cosmic (and Disco) kernel with no known bug reports despite a considerable number of Cosmic users exercising these changes via snaps. ** Affects: linux (Ubuntu) Importance: Medium Assignee: Paolo Pisati (p-pisati) Status: Fix Released ** Affects: linux (Ubuntu Xenial) Importance: Medium Assignee: Paolo Pisati (p-pisati) Status: In Progress ** Affects: linux (Ubuntu Bionic) Importance: Medium Assignee: Paolo Pisati (p-pisati) Status: In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1816756 Title: squashfs hardening To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1816756/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
