diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2020-06-07 20:36:01 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2020-06-07 20:36:01 +0100 |
commit | 507fd36689b5200e5d01ff5e1cda5f038ece3531 (patch) | |
tree | 90d0b4e53165978e3bcffafaffeb4b5f9a4b27bf | |
parent | 260da640e862361cc6c78d244ca1676c2ffc5138 (diff) |
dsa-texts: Fill in more issue descriptions
-rw-r--r-- | dsa-texts/3.16.84-1 | 25 | ||||
-rw-r--r-- | dsa-texts/4.19.118-2+deb10u1 | 14 | ||||
-rw-r--r-- | dsa-texts/4.9.210-1+deb9u1 | 14 |
3 files changed, 48 insertions, 5 deletions
diff --git a/dsa-texts/3.16.84-1 b/dsa-texts/3.16.84-1 index b6546180..b0a8124b 100644 --- a/dsa-texts/3.16.84-1 +++ b/dsa-texts/3.16.84-1 @@ -69,15 +69,34 @@ CVE-2019-20636 CVE-2020-0009 - Description + Jann Horn reported that the Android ashmem driver did not prevent + read-only files from being memory-mapped and then remapped as + read-write. However, Android drivers are not enabled in Debian + kernel configurations. CVE-2020-0543 - Description + Researchers at VU Amsterdam discovered that on some Intel x86 + systems supporting the RDRAND and RDSEED instructions, speculative + execution may use part of a random value that was previously + generated for use on another core. Depending on how these + instructions are used by applications, a local user or VM guest + could use this to obtain sensitive information including + cryptographic keys from other users or VMs. + + This vulnerability can be mitigated by a microcode update, either + as part of system firmware (BIOS) or through the intel-microcode + package in Debian's non-free archive section. This kernel update + only provides reporting of the vulnerability and the option to + disable the mitigation if it is not needed. CVE-2020-1749 - Description + Xiumei Mu reported that some network protocols that can run on top + of IPv6 would bypass the Transformation (XFRM) layer used by + IPsec, IPcomp/IPcomp6, IPIP, and IPv6 Mobility. This could result + in disclosure of information over the network, since it would not + be encrypted or routed according to the system policy. CVE-2020-2732 diff --git a/dsa-texts/4.19.118-2+deb10u1 b/dsa-texts/4.19.118-2+deb10u1 index 50514e0b..cd5590ef 100644 --- a/dsa-texts/4.19.118-2+deb10u1 +++ b/dsa-texts/4.19.118-2+deb10u1 @@ -29,7 +29,19 @@ CVE-2019-19462 CVE-2020-0543 - Description + Researchers at VU Amsterdam discovered that on some Intel x86 + systems supporting the RDRAND and RDSEED instructions, speculative + execution may use part of a random value that was previously + generated for use on another core. Depending on how these + instructions are used by applications, a local user or VM guest + could use this to obtain sensitive information including + cryptographic keys from other users or VMs. + + This vulnerability can be mitigated by a microcode update, either + as part of system firmware (BIOS) or through the intel-microcode + package in Debian's non-free archive section. This kernel update + only provides reporting of the vulnerability and the option to + disable the mitigation if it is not needed. CVE-2020-10711 diff --git a/dsa-texts/4.9.210-1+deb9u1 b/dsa-texts/4.9.210-1+deb9u1 index a6c90658..3bb1e48f 100644 --- a/dsa-texts/4.9.210-1+deb9u1 +++ b/dsa-texts/4.9.210-1+deb9u1 @@ -68,7 +68,19 @@ CVE-2019-20811 CVE-2020-0543 - Description + Researchers at VU Amsterdam discovered that on some Intel x86 + systems supporting the RDRAND and RDSEED instructions, speculative + execution may use part of a random value that was previously + generated for use on another core. Depending on how these + instructions are used by applications, a local user or VM guest + could use this to obtain sensitive information including + cryptographic keys from other users or VMs. + + This vulnerability can be mitigated by a microcode update, either + as part of system firmware (BIOS) or through the intel-microcode + package in Debian's non-free archive section. This kernel update + only provides reporting of the vulnerability and the option to + disable the mitigation if it is not needed. CVE-2020-2732 |