diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2019-09-26 21:24:41 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2019-09-26 21:24:41 +0200 |
commit | 4a1ec8a605e7b520d9d9386068c181bef1dbce16 (patch) | |
tree | be791c8ab84493e3e3ef5a183eac06e5e92ef351 /retired | |
parent | 08b161a66936c0baae175db892aa978ac5cebb8a (diff) |
Retire several CVEs
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2019-14835 | 16 | ||||
-rw-r--r-- | retired/CVE-2019-15117 | 14 | ||||
-rw-r--r-- | retired/CVE-2019-15118 | 16 | ||||
-rw-r--r-- | retired/CVE-2019-15538 | 16 |
4 files changed, 62 insertions, 0 deletions
diff --git a/retired/CVE-2019-14835 b/retired/CVE-2019-14835 new file mode 100644 index 000000000..3ade6ed31 --- /dev/null +++ b/retired/CVE-2019-14835 @@ -0,0 +1,16 @@ +Description: vhost: make sure log_num < in_num +References: + https://www.openwall.com/lists/oss-security/2019/09/17/1 + https://blade.tencent.com/en/advisories/v-ghost/ +Notes: + carnil> commit fixes 3a4d5c94e959 ("vhost_net: a kernel-level virtio + carnil> server") present in all supported releases. +Bugs: +upstream: released (5.3) [060423bfdee3f8bc6e2c1bac97de24d5415e2bc4] +4.19-upstream-stable: released (4.19.73) [ba03ee62aed0b0ee2eadfeb4a2fecc7d7eb47871] +4.9-upstream-stable: released (4.9.193) [8d8276867b5ac539f1d6e166a028b51c8b1ceda8] +3.16-upstream-stable: released (3.16.74) [8041c3ee83638f34d4c6b52f432601ad12ea4850] +sid: released (5.2.17-1) +4.19-buster-security: released (4.19.67-2+deb10u1) [bugfix/all/vhost-make-sure-log_num-in_num.patch] +4.9-stretch-security: released (4.9.189-3+deb9u1) [bugfix/all/vhost-make-sure-log_num-in_num.patch] +3.16-jessie-security: released (3.16.74-1) diff --git a/retired/CVE-2019-15117 b/retired/CVE-2019-15117 new file mode 100644 index 000000000..3dc277222 --- /dev/null +++ b/retired/CVE-2019-15117 @@ -0,0 +1,14 @@ +Description: ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit +References: + https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=daac07156b330b18eb5071aec4b3ddca1c377f2c + https://lore.kernel.org/lkml/20190814023625.21683-1-benquike@gmail.com/ +Notes: +Bugs: +upstream: released (5.3-rc5) [daac07156b330b18eb5071aec4b3ddca1c377f2c] +4.19-upstream-stable: released (4.19.68) [58b9f19ee438990f6406e61943d0bc7c875a0921] +4.9-upstream-stable: released (4.9.191) [53856af73d8577a4017b9762d7406f47df192bed] +3.16-upstream-stable: released (3.16.74) [b5807684982f4dd978a2a5496514ecc3132bce91] +sid: released (5.2.17-1) +4.19-buster-security: released (4.19.67-2+deb10u1) [bugfix/all/ALSA-usb-audio-Fix-an-OOB-bug-in-parse_audio_mixer_unit.patch] +4.9-stretch-security: released (4.9.189-3+deb9u1) [bugfix/all/ALSA-usb-audio-Fix-an-OOB-bug-in-parse_audio_mixer_u.patch] +3.16-jessie-security: released (3.16.74-1) diff --git a/retired/CVE-2019-15118 b/retired/CVE-2019-15118 new file mode 100644 index 000000000..cf763bcc7 --- /dev/null +++ b/retired/CVE-2019-15118 @@ -0,0 +1,16 @@ +Description: ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term +References: + https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 + https://lore.kernel.org/lkml/20190815043554.16623-1-benquike@gmail.com/ +Notes: + bwh> This is actually a stack overflow (unbounded recursion), not a + bwh> stack buffer overflow. +Bugs: +upstream: released (5.3-rc5) [19bce474c45be69a284ecee660aa12d8f1e88f18] +4.19-upstream-stable: released (4.19.68) [46f9a1bc60a4c15a14a6504168cee1c2e0bf3ab4] +4.9-upstream-stable: released (4.9.191) [2bac3a35488148f066d355ebfe44a872aa9a7546] +3.16-upstream-stable: released (3.16.74) [d6e2b6dd35b6f83fd0166745d8ca65f191a3a468] +sid: released (5.2.17-1) +4.19-buster-security: released (4.19.67-2+deb10u1) [bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-check_input_term.patch] +4.9-stretch-security: released (4.9.189-3+deb9u1) [bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-ch.patch] +3.16-jessie-security: released (3.16.74-1) diff --git a/retired/CVE-2019-15538 b/retired/CVE-2019-15538 new file mode 100644 index 000000000..e5227b9ae --- /dev/null +++ b/retired/CVE-2019-15538 @@ -0,0 +1,16 @@ +Description: xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT +References: + https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=xfs-5.3-fixes-6&id=1fb254aa983bf190cfd685d40c64a480a9bafaee + https://lore.kernel.org/linux-xfs/20190823035528.GH1037422@magnolia/ +Notes: + carnil> Introduced in 253f4911f297 ("xfs: better xfs_trans_alloc + carnil> interface") in 4.7-rc1. +Bugs: +upstream: released (5.3-rc6) [1fb254aa983bf190cfd685d40c64a480a9bafaee] +4.19-upstream-stable: released (4.19.69) [11f85d4d77afb8f1cb1989f1565b26df21280118] +4.9-upstream-stable: released (4.9.191) [4862942c590646fe46e33ce4a6d35da4d8ee188e] +3.16-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.2.17-1) +4.19-buster-security: released (4.19.67-2) +4.9-stretch-security: released (4.9.189-2) +3.16-jessie-security: N/A "Vulnerable code introduced later" |