diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2017-02-27 07:34:54 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2017-02-27 07:34:54 +0000 |
commit | 168752cc6fc4e21854fc4fa450139ed872c81f6d (patch) | |
tree | 4a4358d5f07316d5aaa10afed6380cb026940e56 /retired/CVE-2017-2618 | |
parent | 79e0fa160a992e5f828209260a0cb6d506251c3f (diff) |
Retire some CVEs fixed everywhere
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5025 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2017-2618')
-rw-r--r-- | retired/CVE-2017-2618 | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/retired/CVE-2017-2618 b/retired/CVE-2017-2618 new file mode 100644 index 00000000..0e61321b --- /dev/null +++ b/retired/CVE-2017-2618 @@ -0,0 +1,20 @@ +Description: selinux: fix off-by-one in setprocattr +References: +Notes: + carnil> Possibly introduced in 3.5-rc1 with d6ea83ec6864e9297fa8b00ec3dae183413a90e3 + bwh> The off-by-one error was introduced in Linux 2.6.12 (just before + bwh> the switch to git), as a (very minor) information leak. The above + bwh> commit increased the security impact - writing exactly "\n" can + bwh> result in a buffer under-read and oops, which is what this CVE + bwh> describes. Later, commit bb646cdb12e7 "proc_pid_attr_write(): + bwh> switch to memdup_user()" reduced the buffer size so there is also + bwh> a buffer over-read. However, I think that has no additional impact + bwh> since even SLOB pads heap allocations to at least 2 bytes. +Bugs: +upstream: released (4.10-rc8) [0c461cb727d146c9ef2d3e86214f498b78b7d125] +4.9-upstream-stable: released (4.9.10) [6cbaf7b94373743deb42fd410173aab81f8945fe] +3.16-upstream-stable: released (3.16.41) [selinux-fix-off-by-one-in-setprocattr.patch] +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.9.10-1) +3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/selinux-fix-off-by-one-in-setprocattr.patch] +3.2-wheezy-security: N/A "Vulnerable code not present" |