diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2018-09-14 04:37:36 +0100 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2018-09-14 04:38:26 +0100 |
| commit | f122de2fd898220a0f690dccc26a7f11e505b569 (patch) | |
| tree | e79669afde6601d3ae974bc53c7cf2af0c5404b0 | |
| parent | 493256c30750353aba58e10c5af3148c6cdd3641 (diff) | |
Add status and notes for various issues
| -rw-r--r-- | active/CVE-2016-10723 | 11 | ||||
| -rw-r--r-- | active/CVE-2017-0630 | 4 | ||||
| -rw-r--r-- | active/CVE-2018-1128 | 15 | ||||
| -rw-r--r-- | active/CVE-2018-1129 | 10 | ||||
| -rw-r--r-- | active/CVE-2018-12896 | 8 | ||||
| -rw-r--r-- | active/CVE-2018-3693 | 21 | ||||
| -rw-r--r-- | active/CVE-2018-5953 | 12 | ||||
| -rw-r--r-- | active/CVE-2018-5995 | 12 | ||||
| -rw-r--r-- | active/CVE-2018-7754 | 14 | ||||
| -rw-r--r-- | active/CVE-2018-9516 | 6 | ||||
| -rw-r--r-- | active/CVE-2018-9517 | 8 |
11 files changed, 71 insertions, 50 deletions
diff --git a/active/CVE-2016-10723 b/active/CVE-2016-10723 index d001ca3a..94a51cb4 100644 --- a/active/CVE-2016-10723 +++ b/active/CVE-2016-10723 @@ -5,16 +5,17 @@ References: https://www.spinics.net/lists/linux-mm/msg117896.html https://www.spinics.net/lists/linux-mm/msg117960.html Notes: - bwh> Since this issue dates back to 2016 I assume it affects at least - bwh> 4.9 onward. We should test 3.16 with the reproducer in - bwh> msg117960.html. carnil> Commit 9bfe5ded054b ("mm, oom: remove sleep from under oom_lock") carnil> is a mitigation for CVE-2016-10723. carnil> https://lore.kernel.org/lkml/cb2d635c-c14d-c2cc-868a-d4c447364f0d@i-love.sakura.ne.jp/ + bwh> On 3.16 the OOM killer usually kills the reproducer fairly quickly, + bwh> but not always. It still spams the kernel log and in some cases + bwh> it seemed to cause a filesystem error causing / to go read-only. + bwh> I assume 4.9 is also affected. Bugs: upstream: needed 4.9-upstream-stable: needed -3.16-upstream-stable: +3.16-upstream-stable: needed sid: needed 4.9-stretch-security: needed -3.16-jessie-security: +3.16-jessie-security: needed diff --git a/active/CVE-2017-0630 b/active/CVE-2017-0630 index c5defccb..05283846 100644 --- a/active/CVE-2017-0630 +++ b/active/CVE-2017-0630 @@ -7,7 +7,7 @@ Notes: Bugs: upstream: needed 4.9-upstream-stable: needed -3.16-upstream-stable: +3.16-upstream-stable: needed sid: needed 4.9-stretch-security: needed -3.16-jessie-security: +3.16-jessie-security: needed diff --git a/active/CVE-2018-1128 b/active/CVE-2018-1128 index 1fd1c569..64dea293 100644 --- a/active/CVE-2018-1128 +++ b/active/CVE-2018-1128 @@ -2,10 +2,15 @@ Description: libceph: add authorizer challenge References: http://tracker.ceph.com/issues/24836 Notes: + bwh> If I understand this rightly, this is a vulnerability in the Ceph + bwh> server, not the in-kernel client. But the fix is an incompatible + bwh> protocol change, and that's why the client needs to be updated too. + bwh> I don't think this is practical for 3.16 as the protocol change + bwh> seems to depend on message signatures which were added in 3.19. Bugs: upstream: released (4.19-rc1) [6daca13d2e72bedaaacfc08f873114c9307d5aea] -4.9-upstream-stable: -3.16-upstream-stable: -sid: -4.9-stretch-security: -3.16-jessie-security: +4.9-upstream-stable: needed +3.16-upstream-stable: ignored "Protocol change is too difficult" +sid: needed +4.9-stretch-security: needed +3.16-jessie-security: ignored "Protocol change is too difficult" diff --git a/active/CVE-2018-1129 b/active/CVE-2018-1129 index 7cfa3f7e..e22ab87c 100644 --- a/active/CVE-2018-1129 +++ b/active/CVE-2018-1129 @@ -4,8 +4,8 @@ References: Notes: Bugs: upstream: released (4.19-rc1) [cc255c76c70f7a87d97939621eae04b600d9f4a1] -4.9-upstream-stable: -3.16-upstream-stable: -sid: -4.9-stretch-security: -3.16-jessie-security: +4.9-upstream-stable: needed +3.16-upstream-stable: N/A "Message signatures not implemented" +sid: needed +4.9-stretch-security: needed +3.16-jessie-security: N/A "Message signatures not implemented" diff --git a/active/CVE-2018-12896 b/active/CVE-2018-12896 index 5ed1dea5..88a01a1f 100644 --- a/active/CVE-2018-12896 +++ b/active/CVE-2018-12896 @@ -6,8 +6,8 @@ References: Notes: Bugs: upstream: released (4.19-rc1) [78c9c4dfbf8c04883941445a195276bb4bb92c76] -4.9-upstream-stable: -3.16-upstream-stable: +4.9-upstream-stable: needed +3.16-upstream-stable: needed sid: needed -4.9-stretch-security: -3.16-jessie-security: +4.9-stretch-security: needed +3.16-jessie-security: needed diff --git a/active/CVE-2018-3693 b/active/CVE-2018-3693 index fc93e13b..6476ac62 100644 --- a/active/CVE-2018-3693 +++ b/active/CVE-2018-3693 @@ -1,4 +1,4 @@ -Description: speculative bounds check bypass store +Description: speculative bounds check bypass store (Spectre v1.1) References: https://01.org/security/advisories/intel-oss-10002 https://access.redhat.com/solutions/3523601 @@ -6,11 +6,16 @@ References: https://people.csail.mit.edu/vlk/spectre11.pdf Notes: carnil> 3b78ce4a34b761c7fe13520de822984019ff1a8f (4.17-rc7) merges - canril> the speculative store buffer bypass fixes (for x86 side). + carnil> the speculative store buffer bypass fixes (for x86 side). + bwh> The above merge only addresses only SSB (CVE-2018-3639). + bwh> This issue (CVE-2018-3693) is closely related to Spectre v1 + bwh> (CVE-2017-5753) and is being mitigated in a similar way, using + bwh> array_index_nospec(). The same as with Spectre v1, this will + bwh> be an ongoing process. Bugs: -upstream: -4.9-upstream-stable: -3.16-upstream-stable: -sid: -4.9-stretch-security: -3.16-jessie-security: +upstream: needed +4.9-upstream-stable: needed +3.16-upstream-stable: needed +sid: needed +4.9-stretch-security: needed +3.16-jessie-security: needed diff --git a/active/CVE-2018-5953 b/active/CVE-2018-5953 index 11ba143a..8f2c943d 100644 --- a/active/CVE-2018-5953 +++ b/active/CVE-2018-5953 @@ -2,10 +2,14 @@ Description: information disclosure References: https://github.com/johnsonwangqize/cve-linux/blob/master/%20CVE-2018-5953.md Notes: + bwh> The upstream fix was to obscure formatted pointer values by + bwh> default. This carries a high risk of regression so I don't + bwh> think it should be backported. A more targetted fix should + bwh> be possible. Bugs: upstream: released (4.15-rc2) [ad67b74d2469d9b82aaa572d76474c95bc484d57] -4.9-upstream-stable: -3.16-upstream-stable: +4.9-upstream-stable: needed +3.16-upstream-stable: needed sid: released (4.15.4-1) -4.9-stretch-security: -3.16-jessie-security: +4.9-stretch-security: ignored "kernel log restricted to root by default" +3.16-jessie-security: needed diff --git a/active/CVE-2018-5995 b/active/CVE-2018-5995 index a2ee6258..e5ee9669 100644 --- a/active/CVE-2018-5995 +++ b/active/CVE-2018-5995 @@ -2,10 +2,14 @@ Description: local information disclosure References: https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md Notes: + bwh> The upstream fix was to obscure formatted pointer values by + bwh> default. This carries a high risk of regression so I don't + bwh> think it should be backported. A more targetted fix should + bwh> be possible. Bugs: upstream: released (4.15-rc2) [ad67b74d2469d9b82aaa572d76474c95bc484d57] -4.9-upstream-stable: -3.16-upstream-stable: +4.9-upstream-stable: needed +3.16-upstream-stable: needed sid: released (4.15.4-1) -4.9-stretch-security: -3.16-jessie-security: +4.9-stretch-security: ignored "kernel log restricted to root by default" +3.16-jessie-security: needed diff --git a/active/CVE-2018-7754 b/active/CVE-2018-7754 index 2f1416df..a6d4a4ca 100644 --- a/active/CVE-2018-7754 +++ b/active/CVE-2018-7754 @@ -5,10 +5,12 @@ References: Notes: carnil> Likely as other reports from "ADLab of VenusTech" not reported to carnil> upstream? + bwh> The upstream fix was to obscure logged pointer values by + bwh> default. Bugs: -upstream: -4.9-upstream-stable: -3.16-upstream-stable: -sid: -4.9-stretch-security: -3.16-jessie-security: +upstream: released (4.15-rc2) [ad67b74d2469d9b82aaa572d76474c95bc484d57] +4.9-upstream-stable: ignored "debugfs restricted to root by default" +3.16-upstream-stable: ignored "debugfs restricted to root by default" +sid: released (4.15.4-1) +4.9-stretch-security: ignored "debugfs restricted to root by default" +3.16-jessie-security: ignored "debugfs restricted to root by default" diff --git a/active/CVE-2018-9516 b/active/CVE-2018-9516 index f27b6943..b84352cb 100644 --- a/active/CVE-2018-9516 +++ b/active/CVE-2018-9516 @@ -5,7 +5,7 @@ Notes: Bugs: upstream: released (v4.18-rc5) [717adfdaf14704fd3ec7fa2c04520c0723247eac] 4.9-upstream-stable: released (4.9.112) [4a30c12542290f1def08b9ef0d677c024c500589] -3.16-upstream-stable: +3.16-upstream-stable: needed sid: released (4.17.6-1) -4.9-stretch-security: -3.16-jessie-security: +4.9-stretch-security: needed +3.16-jessie-security: needed diff --git a/active/CVE-2018-9517 b/active/CVE-2018-9517 index bdbe85bb..2b253034 100644 --- a/active/CVE-2018-9517 +++ b/active/CVE-2018-9517 @@ -4,8 +4,8 @@ References: Notes: Bugs: upstream: released (v4.14-rc1) [f026bc29a8e093edfbb2a77700454b285c97e8ad] -4.9-upstream-stable: -3.16-upstream-stable: +4.9-upstream-stable: needed +3.16-upstream-stable: released (3.16.51) [0b3ca265e81f5e1d9f7f66ad416cbabecca914cf] sid: released (4.14.2-1) -4.9-stretch-security: -3.16-jessie-security: +4.9-stretch-security: needed +3.16-jessie-security: released (3.16.51-1) |