diff options
author | Ben Hutchings <benh@debian.org> | 2017-12-22 22:40:44 +0000 |
---|---|---|
committer | Ben Hutchings <benh@debian.org> | 2017-12-22 22:40:44 +0000 |
commit | e09f65df9f6064cf27d5a589af08aa5da734845b (patch) | |
tree | 0b197349b963a9075ec223d2d652c4301b2bdfbc | |
parent | 15268f132b28791fbc5086a355fd8f47f915d10f (diff) |
Paste issue descriptions from DLA-1200-1
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5817 e094ebfe-e918-0410-adfb-c712417f3574
-rw-r--r-- | dsa-texts/4.9.65-3+deb9u1 | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/dsa-texts/4.9.65-3+deb9u1 b/dsa-texts/4.9.65-3+deb9u1 index d2c194af..8bd3be70 100644 --- a/dsa-texts/4.9.65-3+deb9u1 +++ b/dsa-texts/4.9.65-3+deb9u1 @@ -10,6 +10,15 @@ leaks. CVE-2017-8824 + Mohamed Ghannam discovered that the DCCP implementation did not + correctly manage resources when a socket is disconnected and + reconnected, potentially leading to a use-after-free. A local + user could use this for denial of service (crash or data + corruption) or possibly for privilege escalation. On systems that + do not already have the dccp module loaded, this can be mitigated + by disabling it: + echo >> /etc/modprobe.d/disable-dccp.conf install dccp false + CVE-2017-16538 CVE-2017-16644 @@ -36,6 +45,11 @@ CVE-2017-17807 CVE-2017-1000407 + Andrew Honig reported that the KVM implementation for Intel + processors allowed direct access to host I/O port 0x80, which + is not generally safe. On some systems this allows a guest + VM to cause a denial of service (crash) of the host. + CVE-2017-1000410 For the stable distribution (stretch), these problems have been fixed |