Retire several CVEs

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5347 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 15 insertions, 0 deletions

diff --git a/retired/CVE-2017-7184 b/retired/CVE-2017-7184
new file mode 100644
index 00000000..8e29f474
--- /dev/null
+++ b/retired/CVE-2017-7184
@@ -0,0 +1,15 @@
+Description: Missing range checks in xfrm_user allow heap buffer overflow and privilege escalation
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7184
+Notes:
+ bwh> xfrm_user is only accessible with CAP_NET_ADMIN capability (in any
+ bwh> user namespace).  So this is not exploitable by unprivileged users
+ bwh> in a default Debian configuration.
+Bugs:
+upstream: released (4.11-rc5) [677e806da4d916052585301785d847c3b3e6186a, f843ee6dd019bcece3e74e76ad9df0155655d0df]
+4.9-upstream-stable: released (4.9.20) [64a5465799ee40e3d54d9da3037934cd4b7b502f, 79191ea36dc9be10a9c9b03d6b341ed2d2f76045]
+3.16-upstream-stable: released (3.16.44) [811f5600db1a0a9c4f1abad5017e09f43d7088f3, fda265baa45b630675359db3699bb68350c4b907]
+3.2-upstream-stable: released (3.2.89) [04dba730e9d4798184b4769f74ef14c20f8c6f9a, 4d09fd3505c59374e599a29918ca40059be3d554]
+sid: released (4.9.18-1) [bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch, bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch]
+3.16-jessie-security: released (3.16.43-1) [bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch, bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch]
+3.2-wheezy-security: released (3.2.88-1) [bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch, bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch]