diff options
author | Ben Hutchings <benh@debian.org> | 2015-02-24 00:21:46 +0000 |
---|---|---|
committer | Ben Hutchings <benh@debian.org> | 2015-02-24 00:21:46 +0000 |
commit | 47ad07b4e1490ba4bed785439fdeab458baafb6d (patch) | |
tree | 369e8c9faff3006c4d24b2644e1039a148afa340 /retired | |
parent | eb7f895348214dcc56d2ad7dd9be20dcd1cf07bb (diff) |
Retire CVE-2013-7421/CVE-2014-9644 and CVE-2014-8559
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3698 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2013-7421 | 13 | ||||
-rw-r--r-- | retired/CVE-2014-8559 | 20 | ||||
-rw-r--r-- | retired/CVE-2014-9644 | 13 |
3 files changed, 46 insertions, 0 deletions
diff --git a/retired/CVE-2013-7421 b/retired/CVE-2013-7421 new file mode 100644 index 00000000..682dd209 --- /dev/null +++ b/retired/CVE-2013-7421 @@ -0,0 +1,13 @@ +Description: crypto api unprivileged arbitrary module load +References: +Notes: + jmm> The thread at http://www.openwall.com/lists/oss-security/2015/01/24/4 + jmm> provides some hairsplitting, but essentially CVE-2013-7421 and CVE-2014-9644 are identical +Bugs: +upstream: released (3.19-rc6) [5d26a105b5a73e5635eae0629b42fa0a90e07b7b, 4943ba16bbc2db05115707b3ff7b4874e9e3c560, 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf] +2.6.32-upstream-stable: N/A "Introduced in 2.6.38" +sid: released (3.16.7-ckt4-2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch] +3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch] +2.6.32-squeeze-security: N/A "Introduced in 2.6.38" +3.16-upstream-stable: released (3.16.7-ckt6) +3.2-upstream-stable: released (3.2.67) [crypto-prefix-module-autoloading-with-crypto.patch, crypto-include-crypto-module-prefix-in-template.patch, crypto-add-missing-crypto-module-aliases.patch] diff --git a/retired/CVE-2014-8559 b/retired/CVE-2014-8559 new file mode 100644 index 00000000..e7577e75 --- /dev/null +++ b/retired/CVE-2014-8559 @@ -0,0 +1,20 @@ +Description: dead lock in dcache +References: + https://lkml.org/lkml/2014/10/25/171 + https://lkml.org/lkml/2014/10/25/179 + https://lkml.org/lkml/2014/10/25/180 + https://lkml.org/lkml/2014/10/26/101 + https://lkml.org/lkml/2014/10/26/116 + https://lkml.org/lkml/2014/10/26/129 +Notes: + According to https://lkml.org/lkml/2014/10/25/179 this was introduced + by "fs: dcache avoid starvation in dcache multi-step operations", i.e. + commit 58db63d08679 in 2.6.38-rc1. +Bugs: +upstream: released (3.19-rc1) [946e51f2bf37f1656916eb75bd0742ba33983c28, ca5358ef75fc69fee5322a38a340f5739d997c10] +2.6.32-upstream-stable: N/A +sid: released (3.16.7-ckt4-1) +3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/move-d_rcu-from-overlapping-d_child-to-overlapping-d_alias.patch, bugfix/all/deal-with-deadlock-in-d_walk.patch, bugfix/all/dcache-fix-locking-bugs-in-backported-deal-with-deadlock-in-d_walk.patch] +2.6.32-squeeze-security: N/A +3.16-upstream-stable: released (3.16.7-ckt4) +3.2-upstream-stable: released (3.2.66) [move-d_rcu-from-overlapping-d_child-to-overlapping-d_alias.patch, deal-with-deadlock-in-d_walk.patch] diff --git a/retired/CVE-2014-9644 b/retired/CVE-2014-9644 new file mode 100644 index 00000000..682dd209 --- /dev/null +++ b/retired/CVE-2014-9644 @@ -0,0 +1,13 @@ +Description: crypto api unprivileged arbitrary module load +References: +Notes: + jmm> The thread at http://www.openwall.com/lists/oss-security/2015/01/24/4 + jmm> provides some hairsplitting, but essentially CVE-2013-7421 and CVE-2014-9644 are identical +Bugs: +upstream: released (3.19-rc6) [5d26a105b5a73e5635eae0629b42fa0a90e07b7b, 4943ba16bbc2db05115707b3ff7b4874e9e3c560, 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf] +2.6.32-upstream-stable: N/A "Introduced in 2.6.38" +sid: released (3.16.7-ckt4-2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch] +3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch] +2.6.32-squeeze-security: N/A "Introduced in 2.6.38" +3.16-upstream-stable: released (3.16.7-ckt6) +3.2-upstream-stable: released (3.2.67) [crypto-prefix-module-autoloading-with-crypto.patch, crypto-include-crypto-module-prefix-in-template.patch, crypto-add-missing-crypto-module-aliases.patch] |