diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2018-10-10 15:42:34 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2018-10-10 15:42:34 +0200 |
commit | 640652abe2d9a7d6c4c9c1bc307ec9b3b9f49993 (patch) | |
tree | 7f81e702764bafdebcd2b6836dd5cba0ba7a4803 /retired/CVE-2018-5390 | |
parent | 15b06e74c765fae2073919fd9486e64ad9b8b05e (diff) |
retire some issues
Diffstat (limited to 'retired/CVE-2018-5390')
-rw-r--r-- | retired/CVE-2018-5390 | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2018-5390 b/retired/CVE-2018-5390 new file mode 100644 index 00000000..ef26c5ee --- /dev/null +++ b/retired/CVE-2018-5390 @@ -0,0 +1,16 @@ +Description: Linux Kernel TCP implementation vulnerable to Denial of Service +References: + https://www.kb.cert.org/vuls/id/962459 + https://twitter.com/grsecurity/status/1021536610855333888 + https://patchwork.ozlabs.org/cover/947860/ + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e +Notes: + carnil> Adressed in 4.14.59, 4.9.116, 4.17.11 + carnil> There is a second issue which is not fixed here. +Bugs: +upstream: released (4.18-rc7) [72cd43ba64fc172a443410ce01645895850844c8, f4a3313d8e2ca9fd8d8f45e40a2903ba782607e7, 3d4bf93ac12003f9b8e1e2de37fe27983deebdcf, 8541b21e781a22dce52a74fef0b9bed00404a1cd, 58152ecbbcc6a0ce7fddd5bf5f6ee535834ece0c] +4.9-upstream-stable: released (4.9.116) [2d08921c8da26bdce3d8848ef6f32068f594d7d4, fdf258ed5dd85b57cf0e0e66500be98d38d42d02, a878681484a0992ee3dfbd7826439951f9f82a69, 94623c7463f3424776408df2733012c42b52395a] +3.16-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (4.17.14-1) +4.9-stretch-security: released (4.9.110-3+deb9u1) [bugfix/all/tcp-free-batches-of-packets-in-tcp_prune_ofo_queue.patch, bugfix/all/tcp-avoid-collapses-in-tcp_prune_queue-if-possible.patch, bugfix/all/tcp-detect-malicious-patterns-in-tcp_collapse_ofo_qu.patch, bugfix/all/tcp-call-tcp_drop-from-tcp_data_queue_ofo.patch] +3.16-jessie-security: N/A "Vulnerable code introduced later" |