diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2017-05-06 12:48:08 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2017-05-06 12:48:08 +0000 |
commit | c2cebaf26d320e937c6936932f4301e1f9eb5888 (patch) | |
tree | 3c5dd8de5c9958290b672fa16bc93a63aec7e9a1 /retired/CVE-2017-5967 | |
parent | ca3705be4bddd668c035e38f875a38790d2ea5d3 (diff) |
Retire two more CVEs (either released or ignored upstream)
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5269 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2017-5967')
-rw-r--r-- | retired/CVE-2017-5967 | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/retired/CVE-2017-5967 b/retired/CVE-2017-5967 new file mode 100644 index 00000000..4dd1814b --- /dev/null +++ b/retired/CVE-2017-5967 @@ -0,0 +1,17 @@ +Description: The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. +References: + https://bugzilla.kernel.org/show_bug.cgi?id=193921 +Notes: + bwh> The upstream "fix" for this is to remove the feature, as it is + bwh> redundant with tracing. I don't think that change is + bwh> acceptable for stable branches, other than possibly 4.9. We + bwh> could instead prevent processes outside the initial pid + bwh> namespace from opening the file. +Bugs: +upstream: released (4.11-rc1) [dfb4357da6ddbdf57d583ba64361c9d792b0e0b1] +4.9-upstream-stable: needed +3.16-upstream-stable: ignored "Upstream fix is not suitable for backporting" +3.2-upstream-stable: ignored "Upstream fix is not suitable for backporting" +sid: released (4.9.13-1) [debian/time-mark-timer_stats-as-broken.patch] +3.16-jessie-security: released (3.16.43-1) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch] +3.2-wheezy-security: released (3.2.88-1) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch] |