Add DSA text for all remaining issues fixed in 4.9.110-3+deb9u5

1 files changed, 52 insertions, 12 deletions

diff --git a/dsa-texts/4.9.110-3+deb9u5 b/dsa-texts/4.9.110-3+deb9u5
index ab689bc3..0516b9dc 100644
--- a/dsa-texts/4.9.110-3+deb9u5
+++ b/dsa-texts/4.9.110-3+deb9u5
@@ -31,11 +31,20 @@ CVE-2018-7755
 
 CVE-2018-9363
 
-    Description
+    It was discovered that the Bluetooth HIDP implementation did not
+    correctly check the length of received report messages. A paired
+    HIDP device could use this to cause a buffer overflow, leading to
+    denial of service (memory corruption or crash) or potentially
+    remote code execution.
 
 CVE-2018-9516
 
-    Description
+    It was discovered that the HID events interface in debugfs did not
+    correctly limit the length of copies to user buffers.  A local
+    user with access to these files could use this to cause a
+    denial of service (memory corruption or crash) or possibly for
+    privilege escalation.  However, by default debugfs is only
+    accessible by the root user.
 
 CVE-2018-10902
 
@@ -46,19 +55,31 @@ CVE-2018-10902
 
 CVE-2018-10938
 
-    Description
+    Yves Younan from Cisco reported that the Cipso IPv4 module did not
+    correctly check the length of IPv4 options. On custom kernels with
+    CONFIG_NETLABEL enabled, a remote attacker could use this to cause
+    a denial of service (hang).
 
 CVE-2018-13099
 
-    Description
+    Wen Xu from SSLab at Gatech reported a use-after-free bug in the
+    F2FS implementation. An attacker able to mount a crafted F2FS
+    volume could use this to cause a denial of service (crash or
+    memory corruption) or possibly for privilege escalation.
 
 CVE-2018-14609
 
-    Description
+    Wen Xu from SSLab at Gatech reported a potential null pointer
+    dereference in the F2FS implementation. An attacker able to mount
+    a crafted F2FS volume could use this to cause a denial of service
+    (crash).
 
 CVE-2018-14617
 
-    Description
+    Wen Xu from SSLab at Gatech reported a potential null pointer
+    dereference in the HFS+ implementation. An attacker able to mount
+    a crafted HFS+ volume could use this to cause a denial of service
+    (crash).
 
 CVE-2018-14633
 
@@ -70,27 +91,46 @@ CVE-2018-14633
 
 CVE-2018-14678
 
-    Description
+    M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the
+    kernel exit code used on amd64 systems running as Xen PV guests.
+    A local user could use this to cause a denial of service (crash).
 
 CVE-2018-14734
 
-    Description
+    A use-after-free bug was discovered in the InfiniBand
+    communication manager. A local user could use this to cause a
+    denial of service (crash or memory corruption) or possible for
+    privilege escalation.
 
 CVE-2018-15572
 
-    Description
+    Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and
+    Nael Abu-Ghazaleh, from University of California, Riverside,
+    reported a variant of Spectre variant 2, dubbed SpectreRSB. A
+    local user may be able to use this to read sensitive information
+    from processes owned by other users.
 
 CVE-2018-15594
 
-    Description
+    Nadav Amit reported that some indirect function calls used in
+    paravirtualised guests were vulnerable to Spectre variant 2.  A
+    local user may be able to use this to read sensitive information
+    from the kernel.
 
 CVE-2018-16276
 
-    Description
+    Jann Horn discovered that the yurex driver did not correctly limit
+    the length of copies to user buffers.  A local user with access to
+    a yurex device node could use this to cause a denial of service
+    (memory corruption or crash) or possibly for privilege escalation.
 
 CVE-2018-16658
 
-    Description
+    It was discovered that the cdrom driver does not correctly
+    validate the parameter to the CDROM_DRIVE_STATUS ioctl.  A user
+    with access to a cdrom device could use this to read sensitive
+    information from the kernel or to cause a denial of service
+    (crash).
 
 CVE-2018-17182