diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2018-10-10 15:47:53 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2018-10-10 15:47:53 +0200 |
commit | 57b924820eb68766ff307bf9efd9f1d318dd0a34 (patch) | |
tree | 161f76920f61edbe4b748cb3e9317d731ba9a726 /retired | |
parent | 640652abe2d9a7d6c4c9c1bc307ec9b3b9f49993 (diff) |
Retire some issues
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2017-1000 | 16 | ||||
-rw-r--r-- | retired/CVE-2017-18208 | 14 | ||||
-rw-r--r-- | retired/CVE-2017-18255 | 13 | ||||
-rw-r--r-- | retired/CVE-2018-10021 | 16 | ||||
-rw-r--r-- | retired/CVE-2018-10087 | 15 | ||||
-rw-r--r-- | retired/CVE-2018-10124 | 15 |
6 files changed, 89 insertions, 0 deletions
diff --git a/retired/CVE-2017-1000 b/retired/CVE-2017-1000 new file mode 100644 index 000000000..55af51953 --- /dev/null +++ b/retired/CVE-2017-1000 @@ -0,0 +1,16 @@ +Description: +References: + https://source.android.com/security/bulletin/pixel/2018-07-01 +Notes: + carnil> This is a duplication of CVE-2017-1000112. + carnil> Will ask MITRE for proper rejection. + carnil> It is actually possibly not a duplicate assignment but just a truncation + carnil> of the CVE id in the 2018-07-01 advisory. + carnil> Submitted the issue to the Android team. +Bugs: +upstream: released (4.13-rc5) [85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa] +4.9-upstream-stable: released (4.9.43) [33dc6a6a85f1d6ce71e7056d009b8a5fcbf10f70] +3.16-upstream-stable: released (3.16.47) [08676246d893e3a42a541a2ef1291f2ea62c5b06] +sid: released (4.12.6-1) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch] +4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch] +3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch] diff --git a/retired/CVE-2017-18208 b/retired/CVE-2017-18208 new file mode 100644 index 000000000..86add4c8a --- /dev/null +++ b/retired/CVE-2017-18208 @@ -0,0 +1,14 @@ +Description: mm/madvise.c: fix madvise() infinite loop under special circumstances +References: +Notes: + bwh> This only affects XIP or DAX files. We never enabled XIP, and DAX + bwh> has only been available since 4.0. +Bugs: +upstream: released (4.15-rc2) [6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91] +4.9-upstream-stable: released (4.9.67) [ba32d7dce43f14ef1a1cb0540959431526cf7fe0] +3.16-upstream-stable: released (3.16.57) [302212255813b55c0daeb8f15bcf25ff542e36cf] +3.2-upstream-stable: released (3.2.102) [3d886ff142e713000aec6bf6f82944eb03dab28c] +sid: released (4.14.7-1) +4.9-stretch-security: released (4.9.80-1) +3.16-jessie-security: ignored "Only affects ARM with XIP enabled" +3.2-wheezy-security: ignored "Only affects ARM with XIP enabled" diff --git a/retired/CVE-2017-18255 b/retired/CVE-2017-18255 new file mode 100644 index 000000000..80e5e3fe8 --- /dev/null +++ b/retired/CVE-2017-18255 @@ -0,0 +1,13 @@ +Description: DoS in perf_cpu_time_max_percent_handler +References: +Notes: + bwh> root is supposed to be able to deny service any way they want... +Bugs: +upstream: released (4.11-rc1) [1572e45a924f254d9570093abde46430c3172e3d] +4.9-upstream-stable: released (4.9.99) [0f8a75e90963019cef486565f2b088bb570a7ddb] +3.16-upstream-stable: ignored "not a security issue" +3.2-upstream-stable: ignored "not a security issue" +sid: released (4.11.6-1) +4.9-stretch-security: released (4.9.107-1) +3.16-jessie-security: ignored "not a security issue" +3.2-wheezy-security: ignored "not a security issue" diff --git a/retired/CVE-2018-10021 b/retired/CVE-2018-10021 new file mode 100644 index 000000000..7b66a887a --- /dev/null +++ b/retired/CVE-2018-10021 @@ -0,0 +1,16 @@ +Description: scsi: libsas: defer ata device eh commands to libata +References: + https://bugzilla.suse.com/show_bug.cgi?id=1089281#c1 +Notes: + carnil> Negligable security impact, failure can only occur for physically + carnil> proximate attackers who unplug SAS Host Bus Adapter cables. + bwh> The vulnerable code was added in Linux 3.4. +Bugs: +upstream: released (4.16-rc7) [318aaf34f1179b39fa9c30fa0f3288b645beee39] +4.9-upstream-stable: released (4.9.103) [e420d98384760f55ffac9951b9b5cccbf2edd752] +3.16-upstream-stable: released (3.16.58) [scsi-libsas-defer-ata-device-eh-commands-to-libata.patch] +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.15.17-1) [bugfix/all/scsi-libsas-defer-ata-device-eh-commands-to-libata.patch] +4.9-stretch-security: released (4.9.107-1) +3.16-jessie-security: released (3.16.59-1) +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2018-10087 b/retired/CVE-2018-10087 new file mode 100644 index 000000000..b30812142 --- /dev/null +++ b/retired/CVE-2018-10087 @@ -0,0 +1,15 @@ +Description: kernel/exit.c: avoid undefined behaviour when calling wait4() +References: + https://news.ycombinator.com/item?id=2972021 + http://lkml.kernel.org/r/1497264618-20212-1-git-send-email-zhongjiang@huawei.com +Notes: + bwh> This looks very unlikely to have any security impact in reality. +Bugs: +upstream: released (4.13-rc1) [dd83c161fbcc5d8be637ab159c0de015cbff5ba4] +4.9-upstream-stable: released (4.9.101) [04103c29b6cc1ffcf9efe167a07e882be68f8367] +3.16-upstream-stable: ignored "Minor issue" +3.2-upstream-stable: ignored "Minor issue" +sid: released (4.13.4-1) +4.9-stretch-security: released (4.9.107-1) +3.16-jessie-security: ignored "Minor issue" +3.2-wheezy-security: ignored "Minor issue" diff --git a/retired/CVE-2018-10124 b/retired/CVE-2018-10124 new file mode 100644 index 000000000..c6c34c7be --- /dev/null +++ b/retired/CVE-2018-10124 @@ -0,0 +1,15 @@ +Description: kernel/signal.c: avoid undefined behaviour in kill_something_info +References: + https://news.ycombinator.com/item?id=2972021 + http://lkml.kernel.org/r/1496670008-59084-1-git-send-email-zhongjiang@huawei.com +Notes: + bwh> This looks very unlikely to have any security impact in reality. +Bugs: +upstream: released (4.13-rc1) [4ea77014af0d6205b05503d1c7aac6eace11d473] +4.9-upstream-stable: released (4.9.104) [ec1975ac988686eba0f105f87ed0b587da43d384] +3.16-upstream-stable: ignored "Minor issue" +3.2-upstream-stable: ignored "Minor issue" +sid: released (4.13.4-1) +4.9-stretch-security: released (4.9.107-1) +3.16-jessie-security: ignored "Minor issue" +3.2-wheezy-security: ignored "Minor issue" |