diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2018-09-30 23:39:02 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2018-09-30 23:39:38 +0100 |
commit | 4f77e7116f8f00ef0517f77ba016abef1f492434 (patch) | |
tree | 4c26a68e3a687df202b6f41881b44d218e3b177e /dsa-texts/4.9.110-3+deb9u5 | |
parent | 4a8d4c8359fbe217f0f56a933f923118f473080d (diff) |
Add DSA text for all remaining issues fixed in 4.9.110-3+deb9u5
Diffstat (limited to 'dsa-texts/4.9.110-3+deb9u5')
-rw-r--r-- | dsa-texts/4.9.110-3+deb9u5 | 64 |
1 files changed, 52 insertions, 12 deletions
diff --git a/dsa-texts/4.9.110-3+deb9u5 b/dsa-texts/4.9.110-3+deb9u5 index ab689bc3..0516b9dc 100644 --- a/dsa-texts/4.9.110-3+deb9u5 +++ b/dsa-texts/4.9.110-3+deb9u5 @@ -31,11 +31,20 @@ CVE-2018-7755 CVE-2018-9363 - Description + It was discovered that the Bluetooth HIDP implementation did not + correctly check the length of received report messages. A paired + HIDP device could use this to cause a buffer overflow, leading to + denial of service (memory corruption or crash) or potentially + remote code execution. CVE-2018-9516 - Description + It was discovered that the HID events interface in debugfs did not + correctly limit the length of copies to user buffers. A local + user with access to these files could use this to cause a + denial of service (memory corruption or crash) or possibly for + privilege escalation. However, by default debugfs is only + accessible by the root user. CVE-2018-10902 @@ -46,19 +55,31 @@ CVE-2018-10902 CVE-2018-10938 - Description + Yves Younan from Cisco reported that the Cipso IPv4 module did not + correctly check the length of IPv4 options. On custom kernels with + CONFIG_NETLABEL enabled, a remote attacker could use this to cause + a denial of service (hang). CVE-2018-13099 - Description + Wen Xu from SSLab at Gatech reported a use-after-free bug in the + F2FS implementation. An attacker able to mount a crafted F2FS + volume could use this to cause a denial of service (crash or + memory corruption) or possibly for privilege escalation. CVE-2018-14609 - Description + Wen Xu from SSLab at Gatech reported a potential null pointer + dereference in the F2FS implementation. An attacker able to mount + a crafted F2FS volume could use this to cause a denial of service + (crash). CVE-2018-14617 - Description + Wen Xu from SSLab at Gatech reported a potential null pointer + dereference in the HFS+ implementation. An attacker able to mount + a crafted HFS+ volume could use this to cause a denial of service + (crash). CVE-2018-14633 @@ -70,27 +91,46 @@ CVE-2018-14633 CVE-2018-14678 - Description + M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the + kernel exit code used on amd64 systems running as Xen PV guests. + A local user could use this to cause a denial of service (crash). CVE-2018-14734 - Description + A use-after-free bug was discovered in the InfiniBand + communication manager. A local user could use this to cause a + denial of service (crash or memory corruption) or possible for + privilege escalation. CVE-2018-15572 - Description + Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and + Nael Abu-Ghazaleh, from University of California, Riverside, + reported a variant of Spectre variant 2, dubbed SpectreRSB. A + local user may be able to use this to read sensitive information + from processes owned by other users. CVE-2018-15594 - Description + Nadav Amit reported that some indirect function calls used in + paravirtualised guests were vulnerable to Spectre variant 2. A + local user may be able to use this to read sensitive information + from the kernel. CVE-2018-16276 - Description + Jann Horn discovered that the yurex driver did not correctly limit + the length of copies to user buffers. A local user with access to + a yurex device node could use this to cause a denial of service + (memory corruption or crash) or possibly for privilege escalation. CVE-2018-16658 - Description + It was discovered that the cdrom driver does not correctly + validate the parameter to the CDROM_DRIVE_STATUS ioctl. A user + with access to a cdrom device could use this to read sensitive + information from the kernel or to cause a denial of service + (crash). CVE-2018-17182 |