Paste issue descriptions from DLA-1200-1

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5817 e094ebfe-e918-0410-adfb-c712417f3574
author: Ben Hutchings <benh@debian.org> 2017-12-22 22:40:44 +0000
committer: Ben Hutchings <benh@debian.org> 2017-12-22 22:40:44 +0000
commit: e09f65df9f6064cf27d5a589af08aa5da734845b (patch)
tree: 0b197349b963a9075ec223d2d652c4301b2bdfbc /dsa-texts/4.9.65-3+deb9u1
parent: 15268f132b28791fbc5086a355fd8f47f915d10f (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/dsa-texts/4.9.65-3+deb9u1 b/dsa-texts/4.9.65-3+deb9u1
index d2c194af..8bd3be70 100644
--- a/dsa-texts/4.9.65-3+deb9u1
+++ b/dsa-texts/4.9.65-3+deb9u1
@@ -10,6 +10,15 @@ leaks.
 
 CVE-2017-8824
 
+    Mohamed Ghannam discovered that the DCCP implementation did not
+    correctly manage resources when a socket is disconnected and
+    reconnected, potentially leading to a use-after-free.  A local
+    user could use this for denial of service (crash or data
+    corruption) or possibly for privilege escalation.  On systems that
+    do not already have the dccp module loaded, this can be mitigated
+    by disabling it:
+    echo >> /etc/modprobe.d/disable-dccp.conf install dccp false
+
 CVE-2017-16538
 
 CVE-2017-16644
@@ -36,6 +45,11 @@ CVE-2017-17807
 
 CVE-2017-1000407
 
+    Andrew Honig reported that the KVM implementation for Intel
+    processors allowed direct access to host I/O port 0x80, which
+    is not generally safe.  On some systems this allows a guest
+    VM to cause a denial of service (crash) of the host.
+
 CVE-2017-1000410
 
 For the stable distribution (stretch), these problems have been fixed
author	Ben Hutchings <benh@debian.org>	2017-12-22 22:40:44 +0000
committer	Ben Hutchings <benh@debian.org>	2017-12-22 22:40:44 +0000
commit	e09f65df9f6064cf27d5a589af08aa5da734845b (patch)
tree	0b197349b963a9075ec223d2d652c4301b2bdfbc /dsa-texts/4.9.65-3+deb9u1
parent	15268f132b28791fbc5086a355fd8f47f915d10f (diff)