Add initial draft for linux DSA for CVE-2018-8897 and CVE-2018-1087

1 files changed, 29 insertions, 0 deletions

diff --git a/dsa-texts/4.9.88-1+deb9u1 b/dsa-texts/4.9.88-1+deb9u1
new file mode 100644
index 00000000..36589c8d
--- /dev/null
+++ b/dsa-texts/4.9.88-1+deb9u1
@@ -0,0 +1,29 @@
+Package        : linux
+CVE ID         : CVE-2018-1087 CVE-2018-8897
+
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation or denial of service.
+
+CVE-2018-1087
+
+    Andy Lutomirski discovered that KVM the implementation did not
+    properly handle #DB exceptions while deferred by MOV SS/POP SS,
+    allowing an unprivileged KVM guest user to crash the guest or
+    potentially escalate their privileges in the guest.
+
+CVE-2018-8897
+
+    Nick Peterson of Everdox Tech LLC discovered that #DB exceptions
+    that are deferred by MOV SS or POP SS are not properly handled,
+    allowing an unprivileged user to crash the kernel and cause a denial
+    of service.
+
+For the oldstable distribution (jessie), these problems have been fixed
+in 3.16.56-1+deb8u1. This update includes various fixes for regressions
+from 3.16.56-1 as released in DSA-4187-1 (Cf. #897427, #898067 and
+#898100).
+
+For the stable distribution (stretch), these problems have been fixed in
+4.9.88-1+deb9u1. The fix for CVE-2018-1108 applied in DSA-4188-1 was
+temporarily reverted due to various regression, cf. #897599.