diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2016-06-28 08:34:54 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2016-06-28 08:34:54 +0000 |
commit | 5995bb05fadb43acd248258147490c1c08ae951a (patch) | |
tree | 434a620c1e69976405abcdc237a569473d83544a /retired/CVE-2016-3134 | |
parent | 98bb4c4104a3c0885f9feab828bf5cb178ec1fa1 (diff) |
Retire several CVEs
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4499 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2016-3134')
-rw-r--r-- | retired/CVE-2016-3134 | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/retired/CVE-2016-3134 b/retired/CVE-2016-3134 new file mode 100644 index 00000000..381ac247 --- /dev/null +++ b/retired/CVE-2016-3134 @@ -0,0 +1,19 @@ +Description: netfilter IPT_SO_SET_REPLACE memory corruption +References: + https://code.google.com/p/google-security-research/issues/detail?id=758 + https://patchwork.ozlabs.org/patch/595575/ + https://patchwork.ozlabs.org/patch/599721/ + http://marc.info/?l=netfilter-devel&m=145757134822741&w=2 + https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=bdf533de6968e9686df777dc178486f600c6e617 + https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91 +Notes: + carnil> Can be triggered by an unprivileged user on PF_INET sockets when + carnil> unprivileged user namespaces are available (CONFIG_USER_NS=y) + bwh> The upstream fixes (in davem/net.git) are the last two listed above +Bugs: +upstream: released (4.6-rc2) [bdf533de6968e9686df777dc178486f600c6e617, 6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91] +3.16-upstream-stable: released (3.16.35) [netfilter-x_tables-validate-e-target_offset-early.patch, netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob.patch] +3.2-upstream-stable: released (3.2.80) [netfilter-x_tables-validate-e-target_offset-early.patch, netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob.patch] +sid: released (4.5.1-1) [bugfix/all/netfilter-x_tables-validate-e-target_offset-early.patch, bugfix/all/netfilter-x_tables-make-sure-e-next_offset-covers-re.patch] +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/netfilter-x_tables-validate-e-target_offset-early.patch, bugfix/all/netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob.patch] +3.2-wheezy-security: released (3.2.81-1) |