retire more issues

author: Moritz Muehlenhoff <jmm@debian.org> 2018-10-10 16:08:10 +0200
committer: Moritz Muehlenhoff <jmm@debian.org> 2018-10-10 16:08:10 +0200
commit: e58840f1b07272348f16568187550f5c219ee2eb (patch)
tree: b971c0cfbc0ac9ff0560015a7861cbb6560c73ae /retired/CVE-2018-14634
parent: 57b924820eb68766ff307bf9efd9f1d318dd0a34 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/retired/CVE-2018-14634 b/retired/CVE-2018-14634
new file mode 100644
index 00000000..82c3b977
--- /dev/null
+++ b/retired/CVE-2018-14634
@@ -0,0 +1,15 @@
+Description: Integer overflow in Linux's create_elf_tables()
+References:
+ https://www.openwall.com/lists/oss-security/2018/09/25/4
+Notes:
+ carnil> Kernels with commit b6a2fea39318 ("mm: variable length argument
+ carnil> support"), but without commit da029c11e6b1 ("exec: Limit arg
+ carnil> stack to at most 75% of _STK_LIM") are exploitable.
+ carnil> For sid branch fixed in 4.12.6, as the fix landed in 4.12.3
+Bugs:
+upstream: released (4.13-rc1) [da029c11e6b12f321f36dac8771e833b65cec962]
+4.9-upstream-stable: released (4.9.39) [f31c4f65dd09319ba21cf825fa36daf0c1ddf958]
+3.16-upstream-stable: released (3.16.59) [exec-limit-arg-stack-to-at-most-75-of-_stk_lim.patch]
+sid: released (4.12.6-1)
+4.9-stretch-security: released (4.9.47-1)
+3.16-jessie-security: released (3.16.59-1)
author	Moritz Muehlenhoff <jmm@debian.org>	2018-10-10 16:08:10 +0200
committer	Moritz Muehlenhoff <jmm@debian.org>	2018-10-10 16:08:10 +0200
commit	e58840f1b07272348f16568187550f5c219ee2eb (patch)
tree	b971c0cfbc0ac9ff0560015a7861cbb6560c73ae /retired/CVE-2018-14634
parent	57b924820eb68766ff307bf9efd9f1d318dd0a34 (diff)