summaryrefslogtreecommitdiffstats
path: root/retired
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2019-09-26 21:24:41 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2019-09-26 21:24:41 +0200
commit4a1ec8a605e7b520d9d9386068c181bef1dbce16 (patch)
treebe791c8ab84493e3e3ef5a183eac06e5e92ef351 /retired
parent08b161a66936c0baae175db892aa978ac5cebb8a (diff)
Retire several CVEs
Diffstat (limited to 'retired')
-rw-r--r--retired/CVE-2019-1483516
-rw-r--r--retired/CVE-2019-1511714
-rw-r--r--retired/CVE-2019-1511816
-rw-r--r--retired/CVE-2019-1553816
4 files changed, 62 insertions, 0 deletions
diff --git a/retired/CVE-2019-14835 b/retired/CVE-2019-14835
new file mode 100644
index 000000000..3ade6ed31
--- /dev/null
+++ b/retired/CVE-2019-14835
@@ -0,0 +1,16 @@
+Description: vhost: make sure log_num < in_num
+References:
+ https://www.openwall.com/lists/oss-security/2019/09/17/1
+ https://blade.tencent.com/en/advisories/v-ghost/
+Notes:
+ carnil> commit fixes 3a4d5c94e959 ("vhost_net: a kernel-level virtio
+ carnil> server") present in all supported releases.
+Bugs:
+upstream: released (5.3) [060423bfdee3f8bc6e2c1bac97de24d5415e2bc4]
+4.19-upstream-stable: released (4.19.73) [ba03ee62aed0b0ee2eadfeb4a2fecc7d7eb47871]
+4.9-upstream-stable: released (4.9.193) [8d8276867b5ac539f1d6e166a028b51c8b1ceda8]
+3.16-upstream-stable: released (3.16.74) [8041c3ee83638f34d4c6b52f432601ad12ea4850]
+sid: released (5.2.17-1)
+4.19-buster-security: released (4.19.67-2+deb10u1) [bugfix/all/vhost-make-sure-log_num-in_num.patch]
+4.9-stretch-security: released (4.9.189-3+deb9u1) [bugfix/all/vhost-make-sure-log_num-in_num.patch]
+3.16-jessie-security: released (3.16.74-1)
diff --git a/retired/CVE-2019-15117 b/retired/CVE-2019-15117
new file mode 100644
index 000000000..3dc277222
--- /dev/null
+++ b/retired/CVE-2019-15117
@@ -0,0 +1,14 @@
+Description: ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=daac07156b330b18eb5071aec4b3ddca1c377f2c
+ https://lore.kernel.org/lkml/20190814023625.21683-1-benquike@gmail.com/
+Notes:
+Bugs:
+upstream: released (5.3-rc5) [daac07156b330b18eb5071aec4b3ddca1c377f2c]
+4.19-upstream-stable: released (4.19.68) [58b9f19ee438990f6406e61943d0bc7c875a0921]
+4.9-upstream-stable: released (4.9.191) [53856af73d8577a4017b9762d7406f47df192bed]
+3.16-upstream-stable: released (3.16.74) [b5807684982f4dd978a2a5496514ecc3132bce91]
+sid: released (5.2.17-1)
+4.19-buster-security: released (4.19.67-2+deb10u1) [bugfix/all/ALSA-usb-audio-Fix-an-OOB-bug-in-parse_audio_mixer_unit.patch]
+4.9-stretch-security: released (4.9.189-3+deb9u1) [bugfix/all/ALSA-usb-audio-Fix-an-OOB-bug-in-parse_audio_mixer_u.patch]
+3.16-jessie-security: released (3.16.74-1)
diff --git a/retired/CVE-2019-15118 b/retired/CVE-2019-15118
new file mode 100644
index 000000000..cf763bcc7
--- /dev/null
+++ b/retired/CVE-2019-15118
@@ -0,0 +1,16 @@
+Description: ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18
+ https://lore.kernel.org/lkml/20190815043554.16623-1-benquike@gmail.com/
+Notes:
+ bwh> This is actually a stack overflow (unbounded recursion), not a
+ bwh> stack buffer overflow.
+Bugs:
+upstream: released (5.3-rc5) [19bce474c45be69a284ecee660aa12d8f1e88f18]
+4.19-upstream-stable: released (4.19.68) [46f9a1bc60a4c15a14a6504168cee1c2e0bf3ab4]
+4.9-upstream-stable: released (4.9.191) [2bac3a35488148f066d355ebfe44a872aa9a7546]
+3.16-upstream-stable: released (3.16.74) [d6e2b6dd35b6f83fd0166745d8ca65f191a3a468]
+sid: released (5.2.17-1)
+4.19-buster-security: released (4.19.67-2+deb10u1) [bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-check_input_term.patch]
+4.9-stretch-security: released (4.9.189-3+deb9u1) [bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-ch.patch]
+3.16-jessie-security: released (3.16.74-1)
diff --git a/retired/CVE-2019-15538 b/retired/CVE-2019-15538
new file mode 100644
index 000000000..e5227b9ae
--- /dev/null
+++ b/retired/CVE-2019-15538
@@ -0,0 +1,16 @@
+Description: xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
+References:
+ https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=xfs-5.3-fixes-6&id=1fb254aa983bf190cfd685d40c64a480a9bafaee
+ https://lore.kernel.org/linux-xfs/20190823035528.GH1037422@magnolia/
+Notes:
+ carnil> Introduced in 253f4911f297 ("xfs: better xfs_trans_alloc
+ carnil> interface") in 4.7-rc1.
+Bugs:
+upstream: released (5.3-rc6) [1fb254aa983bf190cfd685d40c64a480a9bafaee]
+4.19-upstream-stable: released (4.19.69) [11f85d4d77afb8f1cb1989f1565b26df21280118]
+4.9-upstream-stable: released (4.9.191) [4862942c590646fe46e33ce4a6d35da4d8ee188e]
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.2.17-1)
+4.19-buster-security: released (4.19.67-2)
+4.9-stretch-security: released (4.9.189-2)
+3.16-jessie-security: N/A "Vulnerable code introduced later"

© 2014-2024 Faster IT GmbH | imprint | privacy policy