diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2019-02-11 18:32:04 +0000 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2019-02-11 18:33:12 +0000 |
commit | b32ac4da57bf986bac035265840455b6466eba8e (patch) | |
tree | e015f174f428f3738b48047a15c911f1be377762 /retired/CVE-2017-5967 | |
parent | fd6c28efeba055ab4bacc948f08fefee9b8c714d (diff) |
Bring CVE-2017-5967 out of retirement
Due to my confusion between the two timer-related files in procfs,
this is still unfixed in jessie and stretch.
Diffstat (limited to 'retired/CVE-2017-5967')
-rw-r--r-- | retired/CVE-2017-5967 | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/retired/CVE-2017-5967 b/retired/CVE-2017-5967 deleted file mode 100644 index 4dd1814b..00000000 --- a/retired/CVE-2017-5967 +++ /dev/null @@ -1,17 +0,0 @@ -Description: The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. -References: - https://bugzilla.kernel.org/show_bug.cgi?id=193921 -Notes: - bwh> The upstream "fix" for this is to remove the feature, as it is - bwh> redundant with tracing. I don't think that change is - bwh> acceptable for stable branches, other than possibly 4.9. We - bwh> could instead prevent processes outside the initial pid - bwh> namespace from opening the file. -Bugs: -upstream: released (4.11-rc1) [dfb4357da6ddbdf57d583ba64361c9d792b0e0b1] -4.9-upstream-stable: needed -3.16-upstream-stable: ignored "Upstream fix is not suitable for backporting" -3.2-upstream-stable: ignored "Upstream fix is not suitable for backporting" -sid: released (4.9.13-1) [debian/time-mark-timer_stats-as-broken.patch] -3.16-jessie-security: released (3.16.43-1) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch] -3.2-wheezy-security: released (3.2.88-1) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch] |