diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2017-12-10 05:37:16 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2017-12-10 05:37:16 +0000 |
commit | 4f4de25a7b32551359a35554b6d277215d24a486 (patch) | |
tree | 4d13a00969ab2d336ea72b4ae6593860466349b9 /retired/CVE-2017-15299 | |
parent | 36da718870f5f51019d735ff35b4d9bf6e5e69ed (diff) |
Retire CVEs fixed everywhere
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5780 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2017-15299')
-rw-r--r-- | retired/CVE-2017-15299 | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/retired/CVE-2017-15299 b/retired/CVE-2017-15299 new file mode 100644 index 00000000..2079e507 --- /dev/null +++ b/retired/CVE-2017-15299 @@ -0,0 +1,23 @@ +Description: Incorrect updates of uninstantiated keys crash the kernel +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1498016 + https://marc.info/?t=150654188100001&r=1&w=2 + https://marc.info/?t=150783958600011&r=1&w=2 +Notes: + carnil> The bug is not restricted to CONFIG_ENCRYPTED_KEYS=y + carnil> only, but the impact is different. As noted in the commit + carnil> message: "In the case of the "user" and "logon" key types + carnil> this causes a memory leak, at best. Maybe even worse, the + carnil> ->update() methods of the "encrypted" and "trusted" key types + carnil> actually just dereference a NULL pointer when passed an + carnil> uninstantiated key. + carnil> For 4.13.x fixed in 4.13.10 with 24a33a0c96f3e976c18e4321ca09f71cb835a9b5 +Bugs: +upstream: released (4.14-rc6) [60ff5b2f547af3828aebafd54daded44cfb0807a] +4.9-upstream-stable: released (4.9.59) [da0c7503c0b886784bf8bcb279c7d71c1e50c438] +3.16-upstream-stable: released (3.16.50) [24832178de3ab7b6fb42f2730d8d675e3d30adb2] +3.2-upstream-stable: released (3.2.95) [57f94e88bb255bf7b7d267c999aefbe4557307c1] +sid: released (4.13.10-1) +4.9-stretch-security: released (4.9.65-1) +3.16-jessie-security: released (3.16.51-1) +3.2-wheezy-security: released (3.2.96-1) |